Removed Security Shield (I think) still detecting another virus [Close

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Removed Security Shield (I think) still detecting another virus [Close

#1 Madelynn

Group: Member
Posts: 15
Joined: 22-April 12

Posted 22 April 2012 - 02:12 PM

I had that annoying Security Shield virus and removed it, since Malewarebytes and Eset scan don't detect it now and the pop-up seems gone after I ran Combofix.

Still Microsoft Security Essentials detected and "removed" this today: Rogue:win32/winwebsec

Here is the OTL file:

OTL logfile created on: 4/22/2012 3:04:20 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\march2\april 2012 1\april 3
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 7.89 Gb Available Physical Memory | 65.77% Memory free
23.98 Gb Paging File | 19.35 Gb Available in Paging File | 80.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1260.61 Gb Free Space | 67.96% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/22 15:03:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\march2\april 2012 1\april 3\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/18 01:16:56 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/12/29 09:07:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/14 04:09:15 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/13 13:40:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 03:07:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/13 03:06:59 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/13 03:06:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/13 03:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/13 03:06:50 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/03/18 01:16:55 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 12:41:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/02/16 12:40:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 12:18:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/16 01:58:01 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/02/16 01:57:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/16 01:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/16 01:57:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/16 01:57:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/16 01:57:50 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/16 01:57:49 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/15 04:53:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 04:11:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:11:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 04:11:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 04:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 04:11:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/01/08 09:43:53 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2012/01/08 09:43:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/14 04:09:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/13 21:04:08 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/29 09:07:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EDA8FA1E-2D67-497A-A3BD-C22850C3975C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 01:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/04/17 15:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/04/17 03:08:57 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/03/01 02:49:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/03/18 01:16:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/19 10:08:38 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/19 10:08:38 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/19 10:08:38 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/19 10:08:38 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/18 07:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB42CC01-1514-42B3-83F5-38FDAD6D4393}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 14:42:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FBD6AAA-73DB-444C-9A62-53D17B0DD9B1}
[2012/04/22 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{85FCF172-6222-4DBC-9B60-0E3A0D6475CA}
[2012/04/21 22:30:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6394F3C1-138E-4A6B-A585-C71250825836}
[2012/04/21 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{77365260-4CD3-43FA-ADE3-C1FF3BEEBA3E}
[2012/04/21 13:33:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/21 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/04/21 11:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/04/21 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/21 10:59:38 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/21 10:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/21 03:07:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4BD2D52C-0F70-4A81-9222-EB9C6497F6FE}
[2012/04/21 03:07:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DC4C17DE-5299-432F-BD4B-1A14862192C9}
[2012/04/20 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3958E5C6-DE01-4BD5-B9BF-32C2E830365F}
[2012/04/20 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8548C563-9873-4445-B9F4-C34F05D4FD35}
[2012/04/20 06:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/04/20 06:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/20 06:51:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/20 06:51:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/20 01:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DDE725AE-DCED-4162-9D2D-5E56BDDE6487}
[2012/04/20 01:56:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A3FE128E-D1B3-44D5-B79C-5157606A966B}
[2012/04/19 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\SniperV2 Demo
[2012/04/19 13:56:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D266C78B-2161-4EA0-98A5-E288DC751DDE}
[2012/04/19 13:56:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D94E1EA6-8F63-4511-877C-7F949E4665F1}
[2012/04/19 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F8C031DA-3C92-4E87-B1E7-071B364D70EF}
[2012/04/19 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{53D4E1A5-CBB0-41CF-A9F6-E19A88C3ED46}
[2012/04/18 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FC189DC-F621-4A40-B9CB-ACB0F36733FE}
[2012/04/18 12:39:06 | 000,000,000 | ---D | C] -- C:\Crash
[2012/04/18 12:39:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{42B5955D-2BEB-404F-B025-7EEE7FB768C2}
[2012/04/17 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7485C4FC-5ACC-4268-B4E1-4E16A30A55AA}
[2012/04/17 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0D6D9764-CBF4-49D8-A922-D830C4D1DA1F}
[2012/04/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 04:53:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FECD218-E161-4B04-A24D-4DDDFC86C420}
[2012/04/17 04:53:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4ED4DC11-AFF1-4029-850D-61D7C143668F}
[2012/04/17 03:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/17 03:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/16 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A7B6BEC5-CEBC-454F-838A-13DC521FE6F0}
[2012/04/16 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0E8A3742-6442-4056-BDC7-779B8E4329F2}
[2012/04/16 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{FB5510D1-E9BF-4B79-87AE-C0530ED756B2}
[2012/04/16 04:51:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF505ECE-7D94-4235-9334-228E6821C42A}
[2012/04/15 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BAF6BECA-8E61-467F-AFB6-4434B7381D2B}
[2012/04/15 16:51:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E5479FF3-2EA4-41F7-A11F-3DD41454A480}
[2012/04/15 16:46:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/15 16:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/15 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6AA8E558-46CC-4A97-82FC-C633CBD62953}
[2012/04/15 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CC199DD1-3DEA-4E90-8E30-47BB3ECD4458}
[2012/04/14 13:49:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{70C7721F-65DD-4075-920F-2F8484614737}
[2012/04/14 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D70087F6-D62B-4459-8D71-B9BED7350D17}
[2012/04/13 13:49:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{32AE185E-B6F1-4BC8-A064-0A12E1F0B00D}
[2012/04/13 13:49:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{071FC467-39C1-47A0-B430-13839F3CB1C0}
[2012/04/13 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CA9470D1-B016-49B7-BB8F-E9E17FC31085}
[2012/04/13 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{44C288EF-288C-49D7-BA34-C8D1EC05B604}
[2012/04/13 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2B963FF4-C7C5-4F5C-BC25-CC8B49394B44}
[2012/04/13 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E2D6DFFF-319A-4B7D-A63F-FB593636A15A}
[2012/04/12 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CBC59C71-0ED4-4162-812D-19F897AD6FDF}
[2012/04/12 02:48:16 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F770489B-D93F-4788-AD02-56F258FFA246}
[2012/04/11 14:47:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{02E0F143-29D1-4EBD-9161-71B3DE7E08FE}
[2012/04/11 02:47:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3BA51A53-D07D-4EEA-9871-03F8A347EC75}
[2012/04/10 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7A92C0B8-47DC-475A-BC30-F31EA930AB6E}
[2012/04/10 02:46:22 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{88ED662D-74ED-4A88-9271-429057228A9A}
[2012/04/09 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{637E9BEE-6ED6-4FD5-A3B0-9D8E01E60322}
[2012/04/09 02:45:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BE919000-2C29-4011-B0E6-2C6617CAFDB1}
[2012/04/08 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{AC636BAD-03A6-4A10-BC41-679EBB841071}
[2012/04/08 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}
[2012/04/08 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\PassMark
[2012/04/08 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\PassMark
[2012/04/08 02:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/04/07 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/04/07 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/04/07 14:38:13 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{78BAA4FF-3C40-44BE-8391-D7F023A1B406}
[2012/04/07 02:37:38 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7AF03681-0BEE-4710-B9B2-4BEABD114C64}
[2012/04/06 14:37:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{81733989-5601-4CAC-8AC5-5CBC19752984}
[2012/04/06 01:44:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1CA304E1-3276-4CAA-805D-B5B8112FC404}
[2012/04/05 13:43:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A33ECBC2-A9BA-4011-98FD-ECFA5A9D2C69}
[2012/04/05 01:43:08 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{99E3CC9B-3DC4-41C2-B374-68B1DA340E18}
[2012/04/04 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\Disney Interactive Studios
[2012/04/04 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2012/04/04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\Tron Evolution
[2012/04/04 13:42:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B160E357-2475-45FE-9557-94A8CECC01D5}
[2012/04/04 01:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{530325A4-F016-42C4-B4EB-FB1EE643B119}
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\eligium_v0_92_10_13_en
[2012/04/03 15:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/03 13:41:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{07127AFB-689C-415D-974E-89E448B3D82D}
[2012/04/03 01:40:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DA921364-14EA-4DA8-997C-B4DA29486A60}
[2012/04/02 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader
[2012/04/02 13:39:51 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E4BB2F96-FA5C-477A-9AF3-4306A078D646}
[2012/04/02 01:39:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23241C70-E296-4BB2-83BA-9EA11EEC17EC}
[2012/04/01 13:38:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{C6B62895-8689-45F3-A334-88250B8AAAC8}
[2012/04/01 00:45:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D309A9F-A046-4147-B644-029207C8FA5F}
[2012/03/31 12:45:17 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8A016D90-89B8-4932-92C5-A3D21EB7A896}
[2012/03/31 00:44:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D1F21B2E-305D-4198-BAE2-C9632F0C3CA3}
[2012/03/30 22:49:21 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2012/03/30 22:49:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Deployment
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Apps
[2012/03/30 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5AF23515-EE92-4894-8A90-0BA88DE17028}
[2012/03/30 00:43:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{82A84C08-4EA1-4249-A36B-9B7A672E050A}
[2012/03/29 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Red 5 Studios
[2012/03/29 12:42:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0FF7FB5-791D-42FA-AC54-B1B839059085}
[2012/03/29 00:42:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF82C6A1-EC94-4A3C-AECF-3FB6048B660E}
[2012/03/28 12:41:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2F30CE64-1B1A-410C-83D5-C3DCB0C1115A}
[2012/03/28 12:40:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7B9333E3-9A69-4D28-8698-439B6EF3E0CE}
[2012/03/28 00:39:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D7AD5C9A-699E-4C96-A1A6-0F0EB5339AA8}
[2012/03/28 00:39:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6ABF52B9-9EDD-4D23-85FB-2DB3CD6F283A}
[2012/03/27 12:39:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{01D1D4F7-9635-4E45-B08A-195B988F55CD}
[2012/03/27 12:38:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7F91C17E-02A8-4043-BB02-B165E06CA2D9}
[2012/03/27 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B994D8C7-055C-4C34-9027-B33F3646A6BA}
[2012/03/27 00:37:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23D8415F-F431-4B69-ACC3-DDCEECF7A41D}
[2012/03/26 12:37:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{972BE4CC-9BD7-4949-9F58-D2EC3916C1F3}
[2012/03/26 12:36:50 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{25DD9193-333D-40DD-A5B8-5476749DB585}
[2012/03/25 22:30:51 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A3D2E1F8-205D-497E-9D04-0EC345DD8518}
[2012/03/25 22:30:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6BA98E94-D3F4-4856-9DBD-97214ABF9F57}
[2012/03/25 10:30:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E4B388A9-9595-4B5F-86FE-8F09AF0D156B}
[2012/03/25 10:29:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E63E3D0E-4462-433C-A439-7F2BD48A0E4F}
[2012/03/24 14:42:34 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{20A2E2B2-431E-4AEC-9C88-4B3C134B6222}
[2012/03/24 14:42:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{06F3D600-AFA5-49FE-BBF0-136DFBD5AD86}
[2012/03/24 02:41:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D781B2F1-5BB9-41A2-BE55-0CE652E88574}
[2012/03/24 02:41:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7BBF56C9-A839-4FD4-8412-21FAE3A1FCFC}
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 14:50:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 14:50:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 14:46:32 | 000,796,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/22 14:46:32 | 000,671,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/22 14:46:32 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/22 14:41:34 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 14:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/22 14:40:48 | 1066,582,014 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 04:55:53 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/22 04:55:53 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/22 04:55:53 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/22 04:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 04:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/21 13:29:10 | 000,000,625 | ---- | M] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 12:45:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | M] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/20 02:29:45 | 000,029,959 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/04/20 02:29:40 | 000,001,955 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/04/20 02:28:47 | 817,814,296 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/13 14:24:49 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 13:42:59 | 000,002,288 | ---- | M] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | M] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 18:15:45 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 18:23:57 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/03/30 22:49:15 | 000,000,326 | ---- | M] () -- C:\Users\Lightning\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 13:29:10 | 000,000,625 | ---- | C] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 11:27:37 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | C] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/21 10:26:27 | 000,381,952 | ---- | C] () -- C:\Users\Lightning\AppData\Local\pxlyirzc.exe
[2012/04/20 06:52:29 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/04/20 06:51:57 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/09 13:42:59 | 000,002,288 | ---- | C] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | C] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/02 18:23:57 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk
[2012/04/02 18:23:57 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/04/01 13:36:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 22:49:15 | 000,000,326 | ---- | C] () -- C:\Users\Lightning\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
[2012/03/06 06:46:05 | 000,029,959 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/03/05 00:13:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/17 01:32:32 | 000,000,132 | ---- | C] () -- C:\Users\Lightning\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/15 15:39:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/02 23:37:46 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/02/02 23:37:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/02/02 23:37:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/01/08 02:47:18 | 000,001,955 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/01/01 05:49:12 | 000,007,606 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2011/12/29 09:07:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\Users\Lightning\AppData\Local\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\ProgramData\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/12 22:43:29 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/07 22:42:00 | 002,089,984 | ---- | C] () -- C:\Windows\libmem.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/30 00:27:15 | 000,269,712 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/30 00:27:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/10 23:41:48 | 000,000,097 | ---- | C] () -- C:\Users\Lightning\AppData\Local\fusioncache.dat
[2010/12/10 23:40:00 | 000,789,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 23:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 17:39:34 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/12/07 16:28:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/07 16:16:02 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/07 16:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/05 17:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/07/07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/07/07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2011/09/23 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Amazon
[2012/02/16 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012/01/20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BigHugeEngine
[2012/04/17 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/01/24 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DarknessIIDemo
[2012/02/29 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DAZ 3D
[2012/01/25 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DriverFinder
[2012/04/03 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2011/10/28 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\GetRightToGo
[2012/04/16 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\imollo
[2012/01/01 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\iStonsoft
[2012/01/01 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\libimobiledevice
[2012/04/07 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2011/11/03 22:04:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\OnLive App
[2011/10/25 05:59:26 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Origin
[2010/12/11 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Razer
[2012/01/26 02:46:34 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\RegGenie
[2011/12/26 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SecondLife
[2011/12/28 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SystemRequirementsLab
[2012/04/21 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/01/18 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Thunderbird
[2011/12/10 02:34:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Trine2
[2011/12/29 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Ubisoft
[2012/03/29 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\uTorrent
[2010/12/11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Windows Live Writer
[2012/03/10 21:32:03 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

#2 Madelynn

Group: Member
Posts: 15
Joined: 22-April 12

Posted 23 April 2012 - 02:21 PM

If anyone can help with this please let me know.

#3 godawgs

Group: Malware Removal
Posts: 2,765
Joined: 10-January 11

Posted 25 April 2012 - 11:40 AM

Hello Madelynn,

. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
All tools must be run from an account with Administrator privileges.
If I instruct you to download a specific tool which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, so you can check off each step as you complete it.
Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

Since the OTL scan you posted is a few days old we need to get some new logs so we can have a look see.
The first thing you need to do is delete your copy of OTL from the februray 2012\march 2012\batwoman newest\march2\april 2012 1\april 3 folder on the desktop. You need to download a fresh copy and save it directly to the desktop.

Step-1.

Posted Image

OTL

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

Posted Image

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the

box in OTL. To do that:

Highlight everything inside the code box, right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Open OTL on the desktop. To do that:

Double click on the OTL icon to run it. Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section click the radio button beside Use Safelist
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted. The scan won't take long.
When the scan completes, it will open OTL.Txt on the desktop. A file named Extras.txt will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of these files and paste them into your reply. To do that:
- On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
- Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
  Repeat for the Extras.txt file

Step-2.

Run aswMBR

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.

Step-3.

In your original post you said that you ran ComboFix. Please look in the root folder C:\ for the Combofix.txt file and post it in your next reply.
If it isn't in the C:\ folder, do a search for Combofix.txt to find it.

Step-4.

Things For Your Next Post:
1. The new OTL.txt log
2. The Extras.txt log
3. The aswMBR log
4. The Combofix.txt log

#4 Madelynn

Group: Member
Posts: 15
Joined: 22-April 12

Posted 25 April 2012 - 09:17 PM

OTL logfile created on: 4/25/2012 8:58:45 PM - Run 2
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 6.65 Gb Available Physical Memory | 55.46% Memory free
23.98 Gb Paging File | 17.96 Gb Available in Paging File | 74.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1258.48 Gb Free Space | 67.84% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
PRC - [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/20 20:25:35 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/29 09:34:42 | 003,402,376 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/03/06 14:59:00 | 002,527,520 | ---- | M] (BioWare) -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/12/29 09:07:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/09/22 23:07:45 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 20:34:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/20 20:25:34 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/04/20 20:25:34 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/04/20 20:25:34 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/04/20 20:25:34 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/04/20 20:25:34 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/04/14 04:09:15 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/13 13:40:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 03:07:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/13 03:06:59 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/13 03:06:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/13 03:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/13 03:06:50 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/03/29 09:34:08 | 018,604,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2012/03/29 09:34:06 | 009,440,256 | ---- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2012/03/29 09:34:06 | 003,564,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
MOD - [2012/03/29 09:34:06 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2012/03/29 09:34:06 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2012/03/29 09:34:04 | 002,694,144 | ---- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2012/03/29 09:34:02 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2012/03/29 09:34:00 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2012/03/29 09:34:00 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2012/03/29 09:34:00 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2012/03/29 09:34:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2012/03/06 15:01:00 | 019,658,080 | ---- | M] () -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\libcef.dll
MOD - [2012/03/06 14:59:00 | 001,099,632 | ---- | M] () -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\avcodec-53.dll
MOD - [2012/03/06 14:59:00 | 000,190,832 | ---- | M] () -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\avformat-53.dll
MOD - [2012/03/06 14:59:00 | 000,123,248 | ---- | M] () -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\avutil-51.dll
MOD - [2012/02/16 12:41:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/02/16 12:40:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 12:18:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/16 01:58:01 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/02/16 01:57:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/16 01:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/16 01:57:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/16 01:57:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/16 01:57:50 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/16 01:57:49 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/15 04:53:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 04:11:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:11:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 04:11:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 04:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 04:11:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/01/08 09:43:53 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2012/01/08 09:43:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/25 20:34:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 20:25:35 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/14 04:09:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/29 09:07:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes,DefaultScope = {EDA8FA1E-2D67-497A-A3BD-C22850C3975C}
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/...q={searchTerms}
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/04/25 20:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/04/24 15:20:41 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/03/01 02:49:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/04/25 20:34:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/25 20:34:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 20:34:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 20:34:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 20:34:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 20:34:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/18 07:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1010\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB42CC01-1514-42B3-83F5-38FDAD6D4393}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 20:57:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/25 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/25 20:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/25 14:47:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{49E1FB36-3EEC-4E0A-A1F5-467D8BA07CC0}
[2012/04/25 14:46:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D5666700-1DE0-4BF3-94B9-48502FAB2B1A}
[2012/04/25 02:46:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{263C5AFA-8894-4246-A97E-413C5B09B942}
[2012/04/25 02:46:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B7FDA577-41A6-4008-941A-F041B79B7FE4}
[2012/04/24 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F1687665-4C70-4379-9156-E105AA74D2B9}
[2012/04/24 14:45:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{346AF7A2-7CD3-4AC7-8CCA-5128E1F99485}
[2012/04/24 02:44:50 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D69662E-B9F0-4453-A3A7-197A42A72BCF}
[2012/04/24 02:44:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CAF93171-E6FD-49AE-8500-1982F9A448C8}
[2012/04/23 14:44:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F2F34FB5-0B6D-403C-B2E4-9B925A73599D}
[2012/04/23 14:43:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2BD8123F-2BE9-4361-9817-BCA21C6986E8}
[2012/04/23 02:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0659BD5-A2B0-44AF-AA36-F9F72FC32F27}
[2012/04/23 02:43:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A2F10183-BE74-442E-BDF8-5968EF9502A7}
[2012/04/22 14:42:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FBD6AAA-73DB-444C-9A62-53D17B0DD9B1}
[2012/04/22 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{85FCF172-6222-4DBC-9B60-0E3A0D6475CA}
[2012/04/21 22:30:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6394F3C1-138E-4A6B-A585-C71250825836}
[2012/04/21 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{77365260-4CD3-43FA-ADE3-C1FF3BEEBA3E}
[2012/04/21 13:33:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 13:20:21 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/21 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/04/21 11:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/04/21 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/21 10:59:38 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/21 10:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/21 03:07:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4BD2D52C-0F70-4A81-9222-EB9C6497F6FE}
[2012/04/21 03:07:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DC4C17DE-5299-432F-BD4B-1A14862192C9}
[2012/04/20 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3958E5C6-DE01-4BD5-B9BF-32C2E830365F}
[2012/04/20 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8548C563-9873-4445-B9F4-C34F05D4FD35}
[2012/04/20 06:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/04/20 06:52:29 | 006,074,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/04/20 06:52:29 | 003,089,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/04/20 06:52:29 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/04/20 06:52:29 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/04/20 06:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/20 06:51:58 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/04/20 06:51:57 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/04/20 06:51:57 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/04/20 06:51:57 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/04/20 06:51:57 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/04/20 06:51:57 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/04/20 06:51:57 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/04/20 06:51:57 | 009,717,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/04/20 06:51:57 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/04/20 06:51:57 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/04/20 06:51:57 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/04/20 06:51:57 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/04/20 06:51:57 | 002,660,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/04/20 06:51:57 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/04/20 06:51:57 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/04/20 06:51:57 | 001,737,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/04/20 06:51:57 | 001,466,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/04/20 06:51:57 | 000,962,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/04/20 06:51:57 | 000,812,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/04/20 06:51:57 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,260,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/04/20 06:51:57 | 000,215,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/04/20 06:51:57 | 000,188,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/04/20 06:51:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/20 06:51:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/20 06:51:57 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/04/20 01:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DDE725AE-DCED-4162-9D2D-5E56BDDE6487}
[2012/04/20 01:56:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A3FE128E-D1B3-44D5-B79C-5157606A966B}
[2012/04/19 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\SniperV2 Demo
[2012/04/19 13:56:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D266C78B-2161-4EA0-98A5-E288DC751DDE}
[2012/04/19 13:56:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D94E1EA6-8F63-4511-877C-7F949E4665F1}
[2012/04/19 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F8C031DA-3C92-4E87-B1E7-071B364D70EF}
[2012/04/19 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{53D4E1A5-CBB0-41CF-A9F6-E19A88C3ED46}
[2012/04/18 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FC189DC-F621-4A40-B9CB-ACB0F36733FE}
[2012/04/18 12:39:06 | 000,000,000 | ---D | C] -- C:\Crash
[2012/04/18 12:39:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{42B5955D-2BEB-404F-B025-7EEE7FB768C2}
[2012/04/17 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7485C4FC-5ACC-4268-B4E1-4E16A30A55AA}
[2012/04/17 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0D6D9764-CBF4-49D8-A922-D830C4D1DA1F}
[2012/04/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 04:53:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FECD218-E161-4B04-A24D-4DDDFC86C420}
[2012/04/17 04:53:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4ED4DC11-AFF1-4029-850D-61D7C143668F}
[2012/04/17 03:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/17 03:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/16 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A7B6BEC5-CEBC-454F-838A-13DC521FE6F0}
[2012/04/16 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0E8A3742-6442-4056-BDC7-779B8E4329F2}
[2012/04/16 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{FB5510D1-E9BF-4B79-87AE-C0530ED756B2}
[2012/04/16 04:51:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF505ECE-7D94-4235-9334-228E6821C42A}
[2012/04/15 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BAF6BECA-8E61-467F-AFB6-4434B7381D2B}
[2012/04/15 16:51:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E5479FF3-2EA4-41F7-A11F-3DD41454A480}
[2012/04/15 16:46:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/15 16:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/15 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6AA8E558-46CC-4A97-82FC-C633CBD62953}
[2012/04/15 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CC199DD1-3DEA-4E90-8E30-47BB3ECD4458}
[2012/04/14 13:49:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{70C7721F-65DD-4075-920F-2F8484614737}
[2012/04/14 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D70087F6-D62B-4459-8D71-B9BED7350D17}
[2012/04/13 13:49:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{32AE185E-B6F1-4BC8-A064-0A12E1F0B00D}
[2012/04/13 13:49:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{071FC467-39C1-47A0-B430-13839F3CB1C0}
[2012/04/13 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CA9470D1-B016-49B7-BB8F-E9E17FC31085}
[2012/04/13 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{44C288EF-288C-49D7-BA34-C8D1EC05B604}
[2012/04/13 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2B963FF4-C7C5-4F5C-BC25-CC8B49394B44}
[2012/04/13 03:03:19 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/13 03:03:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/13 03:03:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/13 03:00:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 03:00:28 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/13 03:00:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/13 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E2D6DFFF-319A-4B7D-A63F-FB593636A15A}
[2012/04/12 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CBC59C71-0ED4-4162-812D-19F897AD6FDF}
[2012/04/12 13:17:29 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/12 13:17:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 13:17:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 13:17:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 13:17:28 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 13:17:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 13:17:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 02:48:16 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F770489B-D93F-4788-AD02-56F258FFA246}
[2012/04/11 14:47:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{02E0F143-29D1-4EBD-9161-71B3DE7E08FE}
[2012/04/11 02:47:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3BA51A53-D07D-4EEA-9871-03F8A347EC75}
[2012/04/10 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7A92C0B8-47DC-475A-BC30-F31EA930AB6E}
[2012/04/10 02:46:22 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{88ED662D-74ED-4A88-9271-429057228A9A}
[2012/04/09 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{637E9BEE-6ED6-4FD5-A3B0-9D8E01E60322}
[2012/04/09 02:45:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BE919000-2C29-4011-B0E6-2C6617CAFDB1}
[2012/04/08 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{AC636BAD-03A6-4A10-BC41-679EBB841071}
[2012/04/08 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}
[2012/04/08 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\PassMark
[2012/04/08 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\PassMark
[2012/04/08 02:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/04/07 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/04/07 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/04/07 14:38:13 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{78BAA4FF-3C40-44BE-8391-D7F023A1B406}
[2012/04/07 02:37:38 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7AF03681-0BEE-4710-B9B2-4BEABD114C64}
[2012/04/06 14:37:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{81733989-5601-4CAC-8AC5-5CBC19752984}
[2012/04/06 01:44:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1CA304E1-3276-4CAA-805D-B5B8112FC404}
[2012/04/05 16:26:55 | 166,448,312 | ---- | C] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/05 13:43:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A33ECBC2-A9BA-4011-98FD-ECFA5A9D2C69}
[2012/04/05 01:43:08 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{99E3CC9B-3DC4-41C2-B374-68B1DA340E18}
[2012/04/04 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\Disney Interactive Studios
[2012/04/04 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2012/04/04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\Tron Evolution
[2012/04/04 13:42:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B160E357-2475-45FE-9557-94A8CECC01D5}
[2012/04/04 01:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{530325A4-F016-42C4-B4EB-FB1EE643B119}
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\eligium_v0_92_10_13_en
[2012/04/03 15:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/03 13:41:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{07127AFB-689C-415D-974E-89E448B3D82D}
[2012/04/03 01:40:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DA921364-14EA-4DA8-997C-B4DA29486A60}
[2012/04/02 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader
[2012/04/02 13:39:51 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E4BB2F96-FA5C-477A-9AF3-4306A078D646}
[2012/04/02 01:39:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23241C70-E296-4BB2-83BA-9EA11EEC17EC}
[2012/04/01 14:09:03 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 13:38:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{C6B62895-8689-45F3-A334-88250B8AAAC8}
[2012/04/01 13:36:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/01 00:45:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D309A9F-A046-4147-B644-029207C8FA5F}
[2012/03/31 12:45:17 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8A016D90-89B8-4932-92C5-A3D21EB7A896}
[2012/03/31 00:44:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D1F21B2E-305D-4198-BAE2-C9632F0C3CA3}
[2012/03/30 22:49:21 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2012/03/30 22:49:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Deployment
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Apps
[2012/03/30 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5AF23515-EE92-4894-8A90-0BA88DE17028}
[2012/03/30 00:43:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{82A84C08-4EA1-4249-A36B-9B7A672E050A}
[2012/03/29 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Red 5 Studios
[2012/03/29 12:42:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0FF7FB5-791D-42FA-AC54-B1B839059085}
[2012/03/29 00:42:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF82C6A1-EC94-4A3C-AECF-3FB6048B660E}
[2012/03/28 12:41:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2F30CE64-1B1A-410C-83D5-C3DCB0C1115A}
[2012/03/28 12:40:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7B9333E3-9A69-4D28-8698-439B6EF3E0CE}
[2012/03/28 00:39:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D7AD5C9A-699E-4C96-A1A6-0F0EB5339AA8}
[2012/03/28 00:39:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6ABF52B9-9EDD-4D23-85FB-2DB3CD6F283A}
[2012/03/27 12:39:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{01D1D4F7-9635-4E45-B08A-195B988F55CD}
[2012/03/27 12:38:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7F91C17E-02A8-4043-BB02-B165E06CA2D9}
[2012/03/27 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B994D8C7-055C-4C34-9027-B33F3646A6BA}
[2012/03/27 00:37:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23D8415F-F431-4B69-ACC3-DDCEECF7A41D}
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/25 21:01:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lightning\Desktop\aswMBR.exe
[2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/25 20:36:28 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 20:36:28 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 20:33:21 | 000,796,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/25 20:33:21 | 000,671,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/25 20:33:21 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/25 20:31:58 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/25 20:29:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/25 20:29:04 | 1066,582,014 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 17:04:48 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/25 17:04:48 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/25 17:04:48 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/25 16:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/25 16:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/24 15:00:47 | 956,135,704 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/21 13:29:10 | 000,000,625 | ---- | M] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 13:20:15 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/21 13:20:15 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 12:45:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | M] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/20 02:29:45 | 000,029,959 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/04/20 02:29:40 | 000,001,955 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/04/17 03:07:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/14 04:09:16 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 04:09:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 04:09:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 14:24:49 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 13:42:59 | 000,002,288 | ---- | M] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | M] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/05 16:28:04 | 166,448,312 | ---- | M] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 18:15:45 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 18:23:57 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/03/30 22:49:15 | 000,000,326 | ---- | M] () -- C:\Users\Lightning\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 13:29:10 | 000,000,625 | ---- | C] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 11:27:37 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | C] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 06:52:29 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/04/20 06:51:57 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/09 13:42:59 | 000,002,288 | ---- | C] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | C] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/02 18:23:57 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk
[2012/04/02 18:23:57 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/04/01 13:36:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 22:49:15 | 000,000,326 | ---- | C] () -- C:\Users\Lightning\Desktop\Ghost Recon Online (NCSA-Live).appref-ms
[2012/03/06 06:46:05 | 000,029,959 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/03/05 00:13:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/17 01:32:32 | 000,000,132 | ---- | C] () -- C:\Users\Lightning\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/15 15:39:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/02 23:37:46 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/02/02 23:37:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/02/02 23:37:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/01/08 02:47:18 | 000,001,955 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/01/01 05:49:12 | 000,007,606 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2011/12/29 09:07:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\Users\Lightning\AppData\Local\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\ProgramData\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/12 22:43:29 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/07 22:42:00 | 002,089,984 | ---- | C] () -- C:\Windows\libmem.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/30 00:27:15 | 000,269,712 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/30 00:27:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/10 23:41:48 | 000,000,097 | ---- | C] () -- C:\Users\Lightning\AppData\Local\fusioncache.dat
[2010/12/10 23:40:00 | 000,789,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 23:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 17:39:34 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/12/07 16:28:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/07 16:16:02 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/07 16:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/05 17:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/07/07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/07/07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2011/09/23 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Amazon
[2012/02/16 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012/01/20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BigHugeEngine
[2012/04/17 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/01/24 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DarknessIIDemo
[2012/02/29 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DAZ 3D
[2012/01/25 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DriverFinder
[2012/04/03 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2011/10/28 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\GetRightToGo
[2012/04/16 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\imollo
[2012/01/01 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\iStonsoft
[2012/01/01 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\libimobiledevice
[2012/04/07 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2011/11/03 22:04:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\OnLive App
[2011/10/25 05:59:26 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Origin
[2010/12/11 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Razer
[2012/01/26 02:46:34 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\RegGenie
[2011/12/26 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SecondLife
[2011/12/28 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SystemRequirementsLab
[2012/04/21 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/01/18 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Thunderbird
[2011/12/10 02:34:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Trine2
[2011/12/29 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Ubisoft
[2012/03/29 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\uTorrent
[2010/12/11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Windows Live Writer
[2012/03/18 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\virus\AppData\Roaming\Razer
[2012/03/10 21:32:03 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/12/07 17:46:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/07 17:46:27 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Lightning\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Lightning\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/12/07 17:46:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/07 17:46:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/07 17:46:27 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/07 17:46:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Lightning\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Lightning\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/12/07 17:46:27 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/07 17:46:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/07 17:46:27 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/07 17:46:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/07 17:46:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/07 17:46:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lightning\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lightning\AppData\Local\Temp\RarSFX1\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/07 17:46:27 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lightning\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Lightning\AppData\Local\Temp\RarSFX1\winlogon.exe
[2010/12/07 17:46:27 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1D2EE34A-0723-4A5B-8E67-8E0CF4EB658C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{85185EC3-A5BB-4BDB-AFD5-8AEE9EFD7A7F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9C9323D6-B7DC-4CB4-B4E3-985CD60872E8}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DB42CC01-1514-42B3-83F5-38FDAD6D4393}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0B 01 06 01 03 01 01 01 0C 01 0A 01 09 01 08 01 07 01 05 01 04 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 12
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/04/25 20:34:41 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ARRAY0
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 41943040
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,855.00GB
Starting Offset: 8659140608
Hidden sectors: 0

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: LIGHTNING-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 E DVD-ROM 0 B No Media
Volume 2 RECOVERY NTFS Partition 8 GB Healthy System
Volume 3 C OS NTFS Partition 1854 GB Healthy Boot

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

OTL Extras logfile created on: 4/25/2012 8:58:45 PM - Run 2
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 6.65 Gb Available Physical Memory | 55.46% Memory free
23.98 Gb Paging File | 17.96 Gb Available in Paging File | 74.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1258.48 Gb Free Space | 67.84% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{13A3A271-B2AA-486C-9AD5-F272079BB9B5}" = Alienware TactX Keyboard CI 1.00.130
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61C3230C-D69D-44E7-B974-F8BBADB49EE6}" = Motorola Mobile Drivers Installation 5.5.0
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B34CC4C-E7FF-4AC8-B771-1D09612D6430}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AD522D37-B0FD-45A4-8695-6F24DF5336FC}" = Command Center
"{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}" = Alienware TactX™ Mouse CI 1.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"WhoCrashed_is1" = WhoCrashed 3.03

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B5B0A85-D9CE-6184-4AEA-3646BD89F081}" = imollo
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{53902ee7-b37c-4624-b4d9-363537ae55c7}" = Nero 9 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A336D74-E680-4986-96F4-E9CEBC784F56}" = Naga Firmware Updater 1.13
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{962A40CF-9820-42C2-9568-55BE92825239}" = Ultimate DCUO Character Planner
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCB3527-C033-415C-88B6-27173B5E3592}" = Tron: Evolution
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A048F6D6-BECE-D521-9BC9-B8806BFB118C}" = Beatport Downloader
"{A0583EFA-33FD-4DB3-8146-725F7D273660}" = LotRO Plugin Assistant
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age Origins
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E247B53F-F2DA-48ED-A2D0-44EA203E39EB}" = 3132-W-D
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F28CFCC6-A2BE-4E54-957C-3D8A47936CAC}" = SiI31xx HBA Wakeup Utility
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.03.8013
"3DMIDI" = Creative 3DMIDI Player
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALchemy" = Creative ALchemy
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AudioCS" = Creative Audio Control Panel
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"Champions Online" = Champions Online
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.beatport.BeatportDownloader" = Beatport Downloader
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative Diagnostics
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DriverFinder" = DriverFinder
"DTS Connect Pack" = DTS Connect Pack
"EA Installer.-1202606811" = EA Installer
"EA Installer.478080393" = EA Installer
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"HD Tune_is1" = HD Tune 2.55
"Hexagon 2 2.5.1.79" = Hexagon 2
"imollo" = imollo
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}" = Command Center
"iStonsoft iPad to Computer Transfer_is1" = iStonsoft iPad to Computer Transfer build(3.6.0)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"Mozilla Thunderbird 9.0.1 (x86 en-GB)" = Mozilla Thunderbird 9.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"OCCT" = OCCT 4.0.0
"OnLive" = OnLive
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SecondLifeViewer" = SecondLifeViewer (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Star Trek Online" = Star Trek Online
"Steam App 102509" = Kingdoms Of Amalur: Reckoning
"Steam App 200001" = Saints Row The Third Prima Official Strategy Guide
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 203810" = Dear Esther
"Steam App 203970" = Kingdoms of Amalur: Reckoning Demo
"Steam App 20920" = The Witcher 2: Enhanced Edition
"Steam App 210470" = Sniper Elite V2 Demo
"Steam App 211" = Source SDK
"Steam App 22450" = Hunted: The Demon's Forge
"Steam App 23530" = Earth Defense Force: Insect Armageddon
"Steam App 24240" = PAYDAY: The Heist
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32800" = The Lord of the Rings: War in the North
"Steam App 35720" = Trine 2
"Steam App 36630" = Rusty Hearts
"Steam App 39160" = Dungeon Siege III
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 47900" = Dragon Age II
"Steam App 513" = Left 4 Dead Authoring Tools
"Steam App 550" = Left 4 Dead 2
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 55230" = Saints Row: The Third
"Steam App 55370" = Saints Row: The Third - Initiation Station
"Steam App 560" = Left 4 Dead 2 Dedicated Server
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 57400" = Batman: Arkham City™ PC
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 73050" = Magicka - Demo
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"uTorrent" = µTorrent
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc418bf9b18f76aa" = Ghost Recon Online (NCSA-Live)
"NCsoft-CityOfHeroes" = City of Heroes
"SOE-Clone Wars" = Clone Wars
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Test" = DC Universe Online Test
"SOE-Free Realms" = Free Realms
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2012 4:51:08 PM | Computer Name = Lightning-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/23/2012 6:40:52 PM | Computer Name = Lightning-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/23/2012 6:41:45 PM | Computer Name = Lightning-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/23/2012 10:48:31 PM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8dfb78 Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time stamp:
0x4f4e5190 Exception code: 0x80000003 Fault offset: 0x0000e7cb Faulting process id:
0x2310 Faulting application start time: 0x01cd21c321f5aabe Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\system32\nvd3dum.dll Report Id: f9cb64be-8db7-11e1-8dcd-a4badbfd71b9

Error - 4/24/2012 4:15:04 AM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time stamp:
0x4f4e5190 Exception code: 0xc0000005 Fault offset: 0x000243fc Faulting process id:
0x2858 Faulting application start time: 0x01cd21f2561eae1c Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\system32\nvd3dum.dll Report Id: 982193a7-8de5-11e1-8dcd-a4badbfd71b9

Error - 4/24/2012 2:01:06 PM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DCGame.exe, version: 0.0.15735.60501, time
stamp: 0x4f90890f Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time
stamp: 0x4f4e5190 Exception code: 0xc0000005 Fault offset: 0x0015c490 Faulting process
id: 0x1604 Faulting application start time: 0x01cd22442f4c9708 Faulting application
path: C:\Users\Public\Sony Online Entertainment\Installed Games\DC Universe Online
Live\Unreal3\Binaries\Win32\DCGame.exe Faulting module path: C:\Windows\system32\nvd3dum.dll
Report
Id: 76302f4c-8e37-11e1-a651-a4badbfd71b9

Error - 4/24/2012 9:45:40 PM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1c3c Faulting application
start time: 0x01cd226f932c0244 Faulting application path: C:\Program Files (x86)\Electronic
Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe Faulting
module path: unknown Report Id: 5c8d60bf-8e78-11e1-9040-a4badbfd71b9

Error - 4/24/2012 9:45:40 PM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp:
0x4dace5b9 Exception code: 0xc0000005 Fault offset: 0x0003734d Faulting process id:
0x1314 Faulting application start time: 0x01cd226f9183551d Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
Id: 5ca49296-8e78-11e1-9040-a4badbfd71b9

Error - 4/25/2012 12:26:41 AM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time stamp:
0x4f4e5190 Exception code: 0xc0000005 Fault offset: 0x0022817e Faulting process id:
0x22e0 Faulting application start time: 0x01cd22963973de9f Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\system32\nvd3dum.dll Report Id: dad926f7-8e8e-11e1-9040-a4badbfd71b9

Error - 4/25/2012 12:26:41 AM | Computer Name = Lightning-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swtor.exe, version: 1.0.0.0, time stamp:
0x4f8f5866 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp:
0x4dace5b9 Exception code: 0xc0000005 Fault offset: 0x0003734d Faulting process id:
0x23a4 Faulting application start time: 0x01cd229638286e04 Faulting application path:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
Id: dadb9800-8e8e-11e1-9040-a4badbfd71b9

[ Dell Events ]
Error - 12/11/2010 12:11:14 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 1:35:13 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 1:35:13 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 10:02:16 PM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 10:02:16 PM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/21/2011 4:07:34 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/21/2011 4:07:34 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/21/2011 4:16:03 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/21/2011 4:16:03 AM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/22/2011 10:29:18 PM | Computer Name = Lightning-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 3/5/2012 1:16:45 AM | Computer Name = Lightning-PC | Source = Service Control Manager | ID = 7000
Description = The Alienware Fusion Service service failed to start due to the following
error: %%1053

Error - 3/5/2012 1:17:06 AM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/5/2012 4:56:01 AM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/5/2012 5:02:06 AM | Computer Name = Lightning-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 3/5/2012 5:40:55 PM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/6/2012 7:45:04 AM | Computer Name = Lightning-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:41:52 AM on ?3/?6/?2012 was unexpected.

Error - 3/6/2012 7:45:07 AM | Computer Name = Lightning-PC | Source = BugCheck | ID = 1001
Description =

Error - 3/6/2012 7:45:31 AM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/6/2012 8:16:05 AM | Computer Name = Lightning-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:14:52 AM on ?3/?6/?2012 was unexpected.

Error - 3/6/2012 8:16:32 AM | Computer Name = Lightning-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

< End of report >

aswMBR it runs and eventually crashes but i'm able to run it fine up to that point, all apps run but that one sort of times out after it gets about 90% through the scan. Could it be conflicting with MSE? I have no idea how to disable that. That program occasionally detects the java virus i posted above, but the pc itself runs fine.

As for combofix, i removed it and the folder so I don't have the log.

#5 godawgs

Group: Malware Removal
Posts: 2,765
Joined: 10-January 11

Posted 26 April 2012 - 04:30 PM

Hi Madelynn,

You have a Goored infection. That's probably why aswMbr won't run to completion.

There are a couple of other things that you need to be aware of before we start.

Step-1.

PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

So my advice would be download the Removal Tool for PunkBuster to the desktop.

Right-click on pbsvc.exe and select Run as Administrator >> follow the prompts.

You may reinstall Punkbuster when I give the all clear if you wish.

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in black.

Program Uninstalls and Optional Removals

1. Click th Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

uTorrent

3. Click on each program to highlight it and click Uninstall
4. After the program(s) have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Users\Lightning\AppData\Roaming\uTorrent

2. Close Windows Explorer.

Step-2.

Run GooredFix

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/7).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

We need to run and OTL fix.

Step-3.

Posted Image

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:OTL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012/04/25 14:47:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{49E1FB36-3EEC-4E0A-A1F5-467D8BA07CC0}
[2012/04/25 14:46:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D5666700-1DE0-4BF3-94B9-48502FAB2B1A}
[2012/04/25 02:46:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{263C5AFA-8894-4246-A97E-413C5B09B942}
[2012/04/25 02:46:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B7FDA577-41A6-4008-941A-F041B79B7FE4}
[2012/04/24 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F1687665-4C70-4379-9156-E105AA74D2B9}
[2012/04/24 14:45:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{346AF7A2-7CD3-4AC7-8CCA-5128E1F99485}
[2012/04/24 02:44:50 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D69662E-B9F0-4453-A3A7-197A42A72BCF}
[2012/04/24 02:44:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CAF93171-E6FD-49AE-8500-1982F9A448C8}
[2012/04/23 14:44:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F2F34FB5-0B6D-403C-B2E4-9B925A73599D}
[2012/04/23 14:43:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2BD8123F-2BE9-4361-9817-BCA21C6986E8}
[2012/04/23 02:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0659BD5-A2B0-44AF-AA36-F9F72FC32F27}
[2012/04/23 02:43:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A2F10183-BE74-442E-BDF8-5968EF9502A7}
[2012/04/22 14:42:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FBD6AAA-73DB-444C-9A62-53D17B0DD9B1}
[2012/04/22 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{85FCF172-6222-4DBC-9B60-0E3A0D6475CA}
[2012/04/21 22:30:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6394F3C1-138E-4A6B-A585-C71250825836}
[2012/04/21 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{77365260-4CD3-43FA-ADE3-C1FF3BEEBA3E}
[2012/04/21 03:07:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4BD2D52C-0F70-4A81-9222-EB9C6497F6FE}
[2012/04/21 03:07:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DC4C17DE-5299-432F-BD4B-1A14862192C9}
[2012/04/20 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3958E5C6-DE01-4BD5-B9BF-32C2E830365F}
[2012/04/20 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8548C563-9873-4445-B9F4-C34F05D4FD35}
[2012/04/20 01:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DDE725AE-DCED-4162-9D2D-5E56BDDE6487}
[2012/04/20 01:56:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A3FE128E-D1B3-44D5-B79C-5157606A966B}
[2012/04/19 13:56:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D266C78B-2161-4EA0-98A5-E288DC751DDE}
[2012/04/19 13:56:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D94E1EA6-8F63-4511-877C-7F949E4665F1}
[2012/04/19 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F8C031DA-3C92-4E87-B1E7-071B364D70EF}
[2012/04/19 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{53D4E1A5-CBB0-41CF-A9F6-E19A88C3ED46}
[2012/04/18 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FC189DC-F621-4A40-B9CB-ACB0F36733FE}
[2012/04/18 12:39:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{42B5955D-2BEB-404F-B025-7EEE7FB768C2}
[2012/04/17 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7485C4FC-5ACC-4268-B4E1-4E16A30A55AA}
[2012/04/17 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0D6D9764-CBF4-49D8-A922-D830C4D1DA1F}
[2012/04/17 04:53:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FECD218-E161-4B04-A24D-4DDDFC86C420}
[2012/04/17 04:53:07 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4ED4DC11-AFF1-4029-850D-61D7C143668F}
[2012/04/16 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A7B6BEC5-CEBC-454F-838A-13DC521FE6F0}
[2012/04/16 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0E8A3742-6442-4056-BDC7-779B8E4329F2}
[2012/04/16 04:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{FB5510D1-E9BF-4B79-87AE-C0530ED756B2}
[2012/04/16 04:51:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF505ECE-7D94-4235-9334-228E6821C42A}
[2012/04/15 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BAF6BECA-8E61-467F-AFB6-4434B7381D2B}
[2012/04/15 16:51:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E5479FF3-2EA4-41F7-A11F-3DD41454A480}
[2012/04/15 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6AA8E558-46CC-4A97-82FC-C633CBD62953}
[2012/04/15 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CC199DD1-3DEA-4E90-8E30-47BB3ECD4458}
[2012/04/14 13:49:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{70C7721F-65DD-4075-920F-2F8484614737}
[2012/04/14 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D70087F6-D62B-4459-8D71-B9BED7350D17}
[2012/04/13 13:49:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{32AE185E-B6F1-4BC8-A064-0A12E1F0B00D}
[2012/04/13 13:49:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{071FC467-39C1-47A0-B430-13839F3CB1C0}
[2012/04/13 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CA9470D1-B016-49B7-BB8F-E9E17FC31085}
[2012/04/13 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{44C288EF-288C-49D7-BA34-C8D1EC05B604}
[2012/04/13 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2B963FF4-C7C5-4F5C-BC25-CC8B49394B44}
[2012/04/13 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E2D6DFFF-319A-4B7D-A63F-FB593636A15A}
[2012/04/12 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CBC59C71-0ED4-4162-812D-19F897AD6FDF}
[2012/04/12 02:48:16 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F770489B-D93F-4788-AD02-56F258FFA246}
[2012/04/11 14:47:54 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{02E0F143-29D1-4EBD-9161-71B3DE7E08FE}
[2012/04/11 02:47:19 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3BA51A53-D07D-4EEA-9871-03F8A347EC75}
[2012/04/10 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7A92C0B8-47DC-475A-BC30-F31EA930AB6E}
[2012/04/10 02:46:22 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{88ED662D-74ED-4A88-9271-429057228A9A}
[2012/04/09 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{637E9BEE-6ED6-4FD5-A3B0-9D8E01E60322}
[2012/04/09 02:45:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BE919000-2C29-4011-B0E6-2C6617CAFDB1}
[2012/04/08 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{AC636BAD-03A6-4A10-BC41-679EBB841071}
[2012/04/07 14:38:13 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{78BAA4FF-3C40-44BE-8391-D7F023A1B406}
[2012/04/07 02:37:38 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7AF03681-0BEE-4710-B9B2-4BEABD114C64}
[2012/04/06 14:37:27 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{81733989-5601-4CAC-8AC5-5CBC19752984}
[2012/04/06 01:44:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1CA304E1-3276-4CAA-805D-B5B8112FC404}
[2012/04/05 13:43:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A33ECBC2-A9BA-4011-98FD-ECFA5A9D2C69}
[2012/04/05 01:43:08 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{99E3CC9B-3DC4-41C2-B374-68B1DA340E18}
[2012/04/04 13:42:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B160E357-2475-45FE-9557-94A8CECC01D5}
[2012/04/04 01:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{530325A4-F016-42C4-B4EB-FB1EE643B119}
[2012/04/03 13:41:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{07127AFB-689C-415D-974E-89E448B3D82D}
[2012/04/03 01:40:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DA921364-14EA-4DA8-997C-B4DA29486A60}
[2012/04/02 13:39:51 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E4BB2F96-FA5C-477A-9AF3-4306A078D646}
[2012/04/02 01:39:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23241C70-E296-4BB2-83BA-9EA11EEC17EC}
[2012/04/01 13:38:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{C6B62895-8689-45F3-A334-88250B8AAAC8}
[2012/04/01 00:45:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5D309A9F-A046-4147-B644-029207C8FA5F}
[2012/03/31 12:45:17 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8A016D90-89B8-4932-92C5-A3D21EB7A896}
[2012/03/31 00:44:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D1F21B2E-305D-4198-BAE2-C9632F0C3CA3}
[2012/03/30 12:44:06 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5AF23515-EE92-4894-8A90-0BA88DE17028}
[2012/03/30 00:43:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{82A84C08-4EA1-4249-A36B-9B7A672E050A}
[2012/03/29 12:42:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E0FF7FB5-791D-42FA-AC54-B1B839059085}
[2012/03/29 00:42:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DF82C6A1-EC94-4A3C-AECF-3FB6048B660E}
[2012/03/28 12:41:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2F30CE64-1B1A-410C-83D5-C3DCB0C1115A}
[2012/03/28 12:40:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7B9333E3-9A69-4D28-8698-439B6EF3E0CE}
[2012/03/28 00:39:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D7AD5C9A-699E-4C96-A1A6-0F0EB5339AA8}
[2012/03/28 00:39:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6ABF52B9-9EDD-4D23-85FB-2DB3CD6F283A}
[2012/03/27 12:39:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{01D1D4F7-9635-4E45-B08A-195B988F55CD}
[2012/03/27 12:38:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7F91C17E-02A8-4043-BB02-B165E06CA2D9}
[2012/03/27 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B994D8C7-055C-4C34-9027-B33F3646A6BA}
[2012/03/27 00:37:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23D8415F-F431-4B69-ACC3-DDCEECF7A41D}
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\Users\Lightning\AppData\Local\c7807fi7306vk3t5c574556pwdlns6ffy7gf61
[2011/12/29 05:26:41 | 000,012,296 | -HS- | C] () -- C:\ProgramData\c7807fi7306vk3t5c574556pwdlns6ffy7gf61

:FILES
ipconfig /flushdns /c

:COMMANDS
[EMPTYTEMP]
[PURITY]
[CREATERESTOREPOINT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image

on your desktop.
3. Place the mouse pointer inside the

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the

button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the

button. Post the log it produces in your next reply.

Step-4.

You have a file on your desktop named medbc reg.reg Did you put it there? If you did and you know what it is, that's OK. If you didn't put the file there or don't know what it is, I want to have it scanned.
Only do this if you don't know what the file is.

Virustotal File Upload:

To use Virustotal go Here
Posted Image

Click the Choose File button in the middle of the screen. This will open a File Upload window.
In the File name box, type, or copy and paste the following and click Open: NOTE.. Only one file per scan
C:\Users\Lightning\Desktop\medbc reg.reg.
This will put the file in the box on the Virustotal page.
Click the Scan it! button and wait for the reply.
Copy and paste the Virustotal link(s) (URL) in your next reply
Repeat 1 thru 6 for each file listed.

Step-5.

Re-run aswMBR and see if it will run to completion and post the log in your next reply. If it still doesn't run, try changing the name of the file (aswMBR.exe) to winlogon.com and then run it.

Step-6.

Things For Your Next Post:
1. The GooredFix log
2. The OTL Fixes log
3. The new OTL.txt log
4. The results of the Virustotal file upload...if you did it.
5. The aswMBR log

How is the computer running now? Are there any other issues?

#6 Madelynn

Group: Member
Posts: 15
Joined: 22-April 12

Posted 26 April 2012 - 06:57 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:21 on 26/04/2012 (Lightning)
Firefox version 12.0 (en-GB)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:50 29/12/2011]

C:\Users\Lightning\Application Data\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\
{000F1EA4-5E08-4564-A29B-29076F63A37A} [14:13 23/09/2011]
{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [20:20 24/04/2012]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [07:49 01/03/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

-------------------------

after the reboot of OTL, this came up:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Lightning\AppData\Local\{49E1FB36-3EEC-4E0A-A1F5-467D8BA07CC0} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D5666700-1DE0-4BF3-94B9-48502FAB2B1A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{263C5AFA-8894-4246-A97E-413C5B09B942} folder moved successfully.
C:\Users\Lightning\AppData\Local\{B7FDA577-41A6-4008-941A-F041B79B7FE4} folder moved successfully.
C:\Users\Lightning\AppData\Local\{F1687665-4C70-4379-9156-E105AA74D2B9} folder moved successfully.
C:\Users\Lightning\AppData\Local\{346AF7A2-7CD3-4AC7-8CCA-5128E1F99485} folder moved successfully.
C:\Users\Lightning\AppData\Local\{5D69662E-B9F0-4453-A3A7-197A42A72BCF} folder moved successfully.
C:\Users\Lightning\AppData\Local\{CAF93171-E6FD-49AE-8500-1982F9A448C8} folder moved successfully.
C:\Users\Lightning\AppData\Local\{F2F34FB5-0B6D-403C-B2E4-9B925A73599D} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2BD8123F-2BE9-4361-9817-BCA21C6986E8} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E0659BD5-A2B0-44AF-AA36-F9F72FC32F27} folder moved successfully.
C:\Users\Lightning\AppData\Local\{A2F10183-BE74-442E-BDF8-5968EF9502A7} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8FBD6AAA-73DB-444C-9A62-53D17B0DD9B1} folder moved successfully.
C:\Users\Lightning\AppData\Local\{85FCF172-6222-4DBC-9B60-0E3A0D6475CA} folder moved successfully.
C:\Users\Lightning\AppData\Local\{6394F3C1-138E-4A6B-A585-C71250825836} folder moved successfully.
C:\Users\Lightning\AppData\Local\{77365260-4CD3-43FA-ADE3-C1FF3BEEBA3E} folder moved successfully.
C:\Users\Lightning\AppData\Local\{4BD2D52C-0F70-4A81-9222-EB9C6497F6FE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DC4C17DE-5299-432F-BD4B-1A14862192C9} folder moved successfully.
C:\Users\Lightning\AppData\Local\{3958E5C6-DE01-4BD5-B9BF-32C2E830365F} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8548C563-9873-4445-B9F4-C34F05D4FD35} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DDE725AE-DCED-4162-9D2D-5E56BDDE6487} folder moved successfully.
C:\Users\Lightning\AppData\Local\{A3FE128E-D1B3-44D5-B79C-5157606A966B} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D266C78B-2161-4EA0-98A5-E288DC751DDE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D94E1EA6-8F63-4511-877C-7F949E4665F1} folder moved successfully.
C:\Users\Lightning\AppData\Local\{F8C031DA-3C92-4E87-B1E7-071B364D70EF} folder moved successfully.
C:\Users\Lightning\AppData\Local\{53D4E1A5-CBB0-41CF-A9F6-E19A88C3ED46} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8FC189DC-F621-4A40-B9CB-ACB0F36733FE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{42B5955D-2BEB-404F-B025-7EEE7FB768C2} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7485C4FC-5ACC-4268-B4E1-4E16A30A55AA} folder moved successfully.
C:\Users\Lightning\AppData\Local\{0D6D9764-CBF4-49D8-A922-D830C4D1DA1F} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8FECD218-E161-4B04-A24D-4DDDFC86C420} folder moved successfully.
C:\Users\Lightning\AppData\Local\{4ED4DC11-AFF1-4029-850D-61D7C143668F} folder moved successfully.
C:\Users\Lightning\AppData\Local\{A7B6BEC5-CEBC-454F-838A-13DC521FE6F0} folder moved successfully.
C:\Users\Lightning\AppData\Local\{0E8A3742-6442-4056-BDC7-779B8E4329F2} folder moved successfully.
C:\Users\Lightning\AppData\Local\{FB5510D1-E9BF-4B79-87AE-C0530ED756B2} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DF505ECE-7D94-4235-9334-228E6821C42A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{BAF6BECA-8E61-467F-AFB6-4434B7381D2B} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E5479FF3-2EA4-41F7-A11F-3DD41454A480} folder moved successfully.
C:\Users\Lightning\AppData\Local\{6AA8E558-46CC-4A97-82FC-C633CBD62953} folder moved successfully.
C:\Users\Lightning\AppData\Local\{CC199DD1-3DEA-4E90-8E30-47BB3ECD4458} folder moved successfully.
C:\Users\Lightning\AppData\Local\{70C7721F-65DD-4075-920F-2F8484614737} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D70087F6-D62B-4459-8D71-B9BED7350D17} folder moved successfully.
C:\Users\Lightning\AppData\Local\{32AE185E-B6F1-4BC8-A064-0A12E1F0B00D} folder moved successfully.
C:\Users\Lightning\AppData\Local\{071FC467-39C1-47A0-B430-13839F3CB1C0} folder moved successfully.
C:\Users\Lightning\AppData\Local\{CA9470D1-B016-49B7-BB8F-E9E17FC31085} folder moved successfully.
C:\Users\Lightning\AppData\Local\{44C288EF-288C-49D7-BA34-C8D1EC05B604} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2B963FF4-C7C5-4F5C-BC25-CC8B49394B44} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E2D6DFFF-319A-4B7D-A63F-FB593636A15A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{CBC59C71-0ED4-4162-812D-19F897AD6FDF} folder moved successfully.
C:\Users\Lightning\AppData\Local\{F770489B-D93F-4788-AD02-56F258FFA246} folder moved successfully.
C:\Users\Lightning\AppData\Local\{02E0F143-29D1-4EBD-9161-71B3DE7E08FE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{3BA51A53-D07D-4EEA-9871-03F8A347EC75} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7A92C0B8-47DC-475A-BC30-F31EA930AB6E} folder moved successfully.
C:\Users\Lightning\AppData\Local\{88ED662D-74ED-4A88-9271-429057228A9A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{637E9BEE-6ED6-4FD5-A3B0-9D8E01E60322} folder moved successfully.
C:\Users\Lightning\AppData\Local\{BE919000-2C29-4011-B0E6-2C6617CAFDB1} folder moved successfully.
C:\Users\Lightning\AppData\Local\{AC636BAD-03A6-4A10-BC41-679EBB841071} folder moved successfully.
C:\Users\Lightning\AppData\Local\{78BAA4FF-3C40-44BE-8391-D7F023A1B406} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7AF03681-0BEE-4710-B9B2-4BEABD114C64} folder moved successfully.
C:\Users\Lightning\AppData\Local\{81733989-5601-4CAC-8AC5-5CBC19752984} folder moved successfully.
C:\Users\Lightning\AppData\Local\{1CA304E1-3276-4CAA-805D-B5B8112FC404} folder moved successfully.
C:\Users\Lightning\AppData\Local\{A33ECBC2-A9BA-4011-98FD-ECFA5A9D2C69} folder moved successfully.
C:\Users\Lightning\AppData\Local\{99E3CC9B-3DC4-41C2-B374-68B1DA340E18} folder moved successfully.
C:\Users\Lightning\AppData\Local\{B160E357-2475-45FE-9557-94A8CECC01D5} folder moved successfully.
C:\Users\Lightning\AppData\Local\{530325A4-F016-42C4-B4EB-FB1EE643B119} folder moved successfully.
C:\Users\Lightning\AppData\Local\{07127AFB-689C-415D-974E-89E448B3D82D} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DA921364-14EA-4DA8-997C-B4DA29486A60} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E4BB2F96-FA5C-477A-9AF3-4306A078D646} folder moved successfully.
C:\Users\Lightning\AppData\Local\{23241C70-E296-4BB2-83BA-9EA11EEC17EC} folder moved successfully.
C:\Users\Lightning\AppData\Local\{C6B62895-8689-45F3-A334-88250B8AAAC8} folder moved successfully.
C:\Users\Lightning\AppData\Local\{5D309A9F-A046-4147-B644-029207C8FA5F} folder moved successfully.
C:\Users\Lightning\AppData\Local\{8A016D90-89B8-4932-92C5-A3D21EB7A896} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D1F21B2E-305D-4198-BAE2-C9632F0C3CA3} folder moved successfully.
C:\Users\Lightning\AppData\Local\{5AF23515-EE92-4894-8A90-0BA88DE17028} folder moved successfully.
C:\Users\Lightning\AppData\Local\{82A84C08-4EA1-4249-A36B-9B7A672E050A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{E0FF7FB5-791D-42FA-AC54-B1B839059085} folder moved successfully.
C:\Users\Lightning\AppData\Local\{DF82C6A1-EC94-4A3C-AECF-3FB6048B660E} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2F30CE64-1B1A-410C-83D5-C3DCB0C1115A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7B9333E3-9A69-4D28-8698-439B6EF3E0CE} folder moved successfully.
C:\Users\Lightning\AppData\Local\{D7AD5C9A-699E-4C96-A1A6-0F0EB5339AA8} folder moved successfully.
C:\Users\Lightning\AppData\Local\{6ABF52B9-9EDD-4D23-85FB-2DB3CD6F283A} folder moved successfully.
C:\Users\Lightning\AppData\Local\{01D1D4F7-9635-4E45-B08A-195B988F55CD} folder moved successfully.
C:\Users\Lightning\AppData\Local\{7F91C17E-02A8-4043-BB02-B165E06CA2D9} folder moved successfully.
C:\Users\Lightning\AppData\Local\{B994D8C7-055C-4C34-9027-B33F3646A6BA} folder moved successfully.
C:\Users\Lightning\AppData\Local\{23D8415F-F431-4B69-ACC3-DDCEECF7A41D} folder moved successfully.
C:\Users\Lightning\AppData\Local\c7807fi7306vk3t5c574556pwdlns6ffy7gf61 moved successfully.
C:\ProgramData\c7807fi7306vk3t5c574556pwdlns6ffy7gf61 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lightning\Desktop\cmd.bat deleted successfully.
C:\Users\Lightning\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lightning
->Temp folder emptied: 336726514 bytes
->Temporary Internet Files folder emptied: 24106664 bytes
->Java cache emptied: 3020320 bytes
->FireFox cache emptied: 446107875 bytes
->Google Chrome cache emptied: 391840022 bytes
->Flash cache emptied: 173520 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: virus
->Temp folder emptied: 32675 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 436434 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24317251 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 6789898751 bytes

Total Files Cleaned = 7,646.00 mb

OTL by OldTimer - Version 3.2.42.0 log created on 04262012_182949

Files\Folders moved on Reboot...
C:\Users\Lightning\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF1A163A40389C2218.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF3C0188AF6065CB4E.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF50B51338FA8FD6FF.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF5D2B049E0F98AD11.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF628FA550BBA9DAA3.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF644A4CC03B46860E.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF6C0744DCDE7F01CE.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF7452E07876188F5F.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF8E1E8C63EA50AC3B.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFC47605C3C225835D.TMP not found!

Registry entries deleted on Reboot...

---------------------

Ran OTL again after:

OTL logfile created on: 4/26/2012 6:48:38 PM - Run 4
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 10.01 Gb Available Physical Memory | 83.49% Memory free
23.98 Gb Paging File | 21.72 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1266.92 Gb Free Space | 68.30% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/13 13:40:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 03:07:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/13 03:06:59 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/13 03:06:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/13 03:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/13 03:06:50 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/02/16 12:41:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/02/16 12:40:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 12:18:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/16 01:58:01 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/02/16 01:57:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/16 01:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/16 01:57:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/16 01:57:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/16 01:57:50 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/16 01:57:49 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/15 04:53:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 04:11:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:11:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 04:11:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 04:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 04:11:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/01/08 09:43:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/25 20:34:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 20:25:35 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/14 04:09:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EDA8FA1E-2D67-497A-A3BD-C22850C3975C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/04/25 20:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/04/24 15:20:41 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/03/01 02:49:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/04/25 20:34:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/25 20:34:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 20:34:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 20:34:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 20:34:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 20:34:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/18 07:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB42CC01-1514-42B3-83F5-38FDAD6D4393}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 18:29:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 18:21:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\GooredFix Backups
[2012/04/26 18:16:26 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Lightning\Desktop\GooredFix.exe
[2012/04/26 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BD1B86AA-98DF-46AF-9BF6-A0FAA93A0E67}
[2012/04/26 14:48:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2A0979A2-744C-4813-ABD8-DD0A2A48CD62}
[2012/04/26 02:47:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2812B3AE-7773-4209-B25E-E6FFAEDA63FA}
[2012/04/26 02:47:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{46974FAA-8C66-4F60-BB93-7279509F7967}
[2012/04/25 20:57:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/25 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/25 20:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/21 13:33:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 13:20:21 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:21 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/21 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/04/21 11:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/04/21 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/21 10:59:38 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/21 10:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/04/21 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/20 06:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/04/20 06:52:29 | 006,074,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/04/20 06:52:29 | 003,089,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/04/20 06:52:29 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/04/20 06:52:29 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/04/20 06:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/20 06:51:58 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/04/20 06:51:57 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/04/20 06:51:57 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/04/20 06:51:57 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/04/20 06:51:57 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/04/20 06:51:57 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/04/20 06:51:57 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/04/20 06:51:57 | 009,717,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/04/20 06:51:57 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/04/20 06:51:57 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/04/20 06:51:57 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/04/20 06:51:57 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/04/20 06:51:57 | 002,660,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/04/20 06:51:57 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/04/20 06:51:57 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/04/20 06:51:57 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/04/20 06:51:57 | 001,737,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/04/20 06:51:57 | 001,466,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/04/20 06:51:57 | 000,962,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/04/20 06:51:57 | 000,812,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/04/20 06:51:57 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/04/20 06:51:57 | 000,260,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/04/20 06:51:57 | 000,215,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/04/20 06:51:57 | 000,188,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/04/20 06:51:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/20 06:51:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/20 06:51:57 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/04/19 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\SniperV2 Demo
[2012/04/18 12:39:06 | 000,000,000 | ---D | C] -- C:\Crash
[2012/04/17 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/17 03:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/17 03:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/15 16:46:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/15 16:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/13 03:03:19 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/13 03:03:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/13 03:03:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/13 03:00:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 03:00:28 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/13 03:00:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/12 13:17:29 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/12 13:17:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 13:17:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 13:17:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 13:17:28 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 13:17:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 13:17:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/08 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}
[2012/04/08 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\PassMark
[2012/04/08 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\PassMark
[2012/04/08 02:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/04/07 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/04/07 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/04/07 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/04/05 16:26:55 | 166,448,312 | ---- | C] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/04 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\Disney Interactive Studios
[2012/04/04 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2012/04/04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\Tron Evolution
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2012/04/03 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\eligium_v0_92_10_13_en
[2012/04/03 15:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/02 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader
[2012/04/01 14:09:03 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 13:36:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 22:49:21 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Deployment
[2012/03/30 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Apps
[2012/03/29 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Red 5 Studios

========== Files - Modified Within 30 Days ==========

[2012/04/26 18:52:26 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 18:52:26 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 18:50:19 | 000,796,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 18:50:19 | 000,671,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 18:50:19 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 18:46:19 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 18:45:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 18:45:02 | 1066,582,014 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 18:44:12 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/26 18:44:12 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/26 18:44:12 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/04/26 18:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 18:16:26 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Lightning\Desktop\GooredFix.exe
[2012/04/26 18:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/25 21:01:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lightning\Desktop\aswMBR.exe
[2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/04/24 15:00:47 | 956,135,704 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/21 13:29:10 | 000,000,625 | ---- | M] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 13:20:15 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/21 13:20:15 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/04/21 13:20:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/04/21 12:45:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | M] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 15:13:40 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/20 02:29:45 | 000,029,959 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/04/20 02:29:40 | 000,001,955 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/04/17 03:07:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/14 04:09:16 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 04:09:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 04:09:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 14:24:49 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 13:42:59 | 000,002,288 | ---- | M] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | M] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/05 16:28:04 | 166,448,312 | ---- | M] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 18:15:45 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/02 18:23:57 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk

========== Files Created - No Company Name ==========

[2012/04/21 13:29:10 | 000,000,625 | ---- | C] () -- C:\Users\Lightning\Desktop\ComboFix - Shortcut.lnk
[2012/04/21 11:27:37 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 10:59:29 | 000,002,702 | ---- | C] () -- C:\Users\Lightning\Desktop\SDAV_Online_aff_GenericRevenueWire_207[1].exe.lnk
[2012/04/20 06:52:29 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/04/20 06:51:57 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/09 13:42:59 | 000,002,288 | ---- | C] () -- C:\Users\Lightning\Desktop\medbc reg.reg
[2012/04/06 22:49:50 | 000,001,355 | ---- | C] () -- C:\Users\Lightning\Documents\ZATANNA BOW.ucp
[2012/04/02 18:23:57 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk
[2012/04/02 18:23:57 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2012/04/01 13:36:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/06 06:46:05 | 000,029,959 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/03/05 00:13:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/17 01:32:32 | 000,000,132 | ---- | C] () -- C:\Users\Lightning\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/15 15:39:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/02 23:37:46 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/02/02 23:37:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/02/02 23:37:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/01/08 02:47:18 | 000,001,955 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/01/01 05:49:12 | 000,007,606 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2011/12/29 09:07:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/12 22:43:29 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/07 22:42:00 | 002,089,984 | ---- | C] () -- C:\Windows\libmem.dll
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/10 23:41:48 | 000,000,097 | ---- | C] () -- C:\Users\Lightning\AppData\Local\fusioncache.dat
[2010/12/10 23:40:00 | 000,789,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 23:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 17:39:34 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/12/07 16:28:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/07 16:16:02 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/07 16:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/05 17:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/07/07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/07/07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2011/09/23 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Amazon
[2012/02/16 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012/01/20 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\BigHugeEngine
[2012/04/17 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\com.beatport.BeatportDownloader
[2012/01/24 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DarknessIIDemo
[2012/02/29 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DAZ 3D
[2012/01/25 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\DriverFinder
[2012/04/03 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\FOG Downloader
[2011/10/28 00:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\GetRightToGo
[2012/04/16 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\imollo
[2012/01/01 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\iStonsoft
[2012/01/01 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\libimobiledevice
[2012/04/07 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Motorola
[2011/11/03 22:04:07 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\OnLive App
[2011/10/25 05:59:26 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Origin
[2010/12/11 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Razer
[2012/01/26 02:46:34 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\RegGenie
[2011/12/26 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SecondLife
[2011/12/28 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\SystemRequirementsLab
[2012/04/21 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\TestApp
[2012/01/18 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Thunderbird
[2011/12/10 02:34:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Trine2
[2011/12/29 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Ubisoft
[2012/03/29 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\uTorrent
[2010/12/11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Lightning\AppData\Roaming\Windows Live Writer
[2012/03/10 21:32:03 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

-----------

asMBR still stops responding. It got further into the scan this time. The thing is it's not that I can't run it, and it ran for a about 26 minutes exactly, before it just "stops responding" eventually. I even renamed it to see. My computer itself seems fine and runs perfect but maybe you still see something in the logs above.

That one file on my desktop I put there but if I can delete it, let me know.

#7 godawgs

Group: Malware Removal
Posts: 2,765
Joined: 10-January 11

Posted 27 April 2012 - 01:22 PM

Hi Madelynn,

Thanks for the logs and the information.

Quote

My computer itself seems fine and runs perfect but maybe you still see something in the logs above.

The only thing I see in the logs is the Goored infection. And the GooredFix tool didn't see it for some reason so we'll kill it another way.
But we always want to check for rootkit activity and that is what aswMBR does. But aswMBR just doesn't run on some machines. So we'll check that a different way.

Quote

That one file on my desktop I put there but if I can delete it, let me know.

You should be able to delete the file. But if you put it there for a reason you may not want to. You can right-clickon the file and click EDIT (Do Not click Open) and that will tell you what is in the file. If youre not sure what it is you can copy the contents and post them here and we'll have a look..then you can decide.

Let's run another OTL fix.

1.

Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]
[2012/04/26 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BD1B86AA-98DF-46AF-9BF6-A0FAA93A0E67}
[2012/04/26 14:48:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2A0979A2-744C-4813-ABD8-DD0A2A48CD62}
[2012/04/26 02:47:58 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2812B3AE-7773-4209-B25E-E6FFAEDA63FA}
[2012/04/26 02:47:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{46974FAA-8C66-4F60-BB93-7279509F7967}

:COMMANDS
[EMPTYTEMP]

on your desktop.
3. Place the mouse pointer inside the

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the

button. Post the log it produces in your next reply.

2.

Posted Image

TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

3.

Things For Your Next Post:
1. The OTL Fixes log
2. The new OTL.txt log
3. The TDSSKiller log
4. Let me know what you found out about the medbc reg.reg. file

#8 Madelynn

Group: Member
Posts: 15
Joined: 22-April 12

Posted 27 April 2012 - 02:09 PM

First scan:

All processes killed
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ not found.
C:\Users\Lightning\AppData\Local\{BD1B86AA-98DF-46AF-9BF6-A0FAA93A0E67} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2A0979A2-744C-4813-ABD8-DD0A2A48CD62} folder moved successfully.
C:\Users\Lightning\AppData\Local\{2812B3AE-7773-4209-B25E-E6FFAEDA63FA} folder moved successfully.
C:\Users\Lightning\AppData\Local\{46974FAA-8C66-4F60-BB93-7279509F7967} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lightning
->Temp folder emptied: 72009301 bytes
->Temporary Internet Files folder emptied: 1529082 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 253530755 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3537 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: virus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13652 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 312.00 mb

OTL by OldTimer - Version 3.2.42.0 log created on 04272012_144518

Files\Folders moved on Reboot...
C:\Users\Lightning\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF0B85616CE38EF28C.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF4B41D10DD5035D7B.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF694AF2D9ECF6F61F.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF751BD56A40ACAAF7.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DF8035B51952E52F12.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFD35CF1E457B4DE84.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFD70BF3943DEB49C2.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFE84D7862DC543009.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFEDA3E626CBDC940A.TMP not found!
File\Folder C:\Users\Lightning\AppData\Local\Temp\~DFEF8FB76797BA3869.TMP not found!

Registry entries deleted on Reboot...

----------------------

Quick Scan:

OTL logfile created on: 4/27/2012 2:59:45 PM - Run 5
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 7.50 Gb Available Physical Memory | 62.53% Memory free
23.98 Gb Paging File | 18.93 Gb Available in Paging File | 78.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1266.58 Gb Free Space | 68.28% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 20:57:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
PRC - [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 20:34:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/14 04:09:15 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/13 13:40:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/13 13:40:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 13:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 03:07:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/13 03:06:59 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/13 03:06:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/13 03:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/13 03:06:50 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/02/16 12:41:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012/02/16 12:40:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 12:18:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/16 01:58:01 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MOD - [2012/02/16 01:57:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/16 01:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/16 01:57:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/16 01:57:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/16 01:57:50 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
MOD - [2012/02/16 01:57:49 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/15 04:53:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 04:11:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:11:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 04:11:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 04:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 04:11:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2012/01/08 09:43:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/25 20:34:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 20:25:35 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/14 04:09:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 12:39:40 | 000,432,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EDA8FA1E-2D67-497A-A3BD-C22850C3975C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}: C:\Users\Lightning\AppData\Local\{7DCBEF25-8151-11E1-826D-B8AC6F996F26}\ [2012/04/08 03:04:42 | 000,000,000 | ---D | M]

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/04/25 20:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/04/24 15:20:41 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/03/01 02:49:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/04/25 20:34:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/25 20:34:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 20:34:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 20:34:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 20:34:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 20:34:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/18 07:01:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF}

Removed Security Shield (I think) still detecting another virus [Close - Geeks to Go Forums