sirref.pl rkt help [Closed] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

sirref.pl rkt help [Closed]

#1 bpearce2001

  • Group: Member
  • Posts: 8
  • Joined: 13-October 11

Posted 27 May 2012 - 11:47 AM

I'm working on my granddaughter's laptop. Here for the summer with a badly infected computer. I have run malwarebytes and then ran avast and the avast boot time scan. There are three infections that the boot time scan finds over and over, says it successfully deletes them, but when running the scan again, it finds the same three issues every time. The computer has no connectivity right now. Below are my scan reports which include avast boot time scan, OTL, aswMBR, and FSS (Farbar Service Scanner):

AVAST SCANS ******************************************************************************************************

05/26/2012 10:05
Scan of all local drives

File C:\$Recycle.Bin\S-1-5-21-4165156167-663610051-1803192392-1000\$RBLMPE8.exe|>data\{27FA210E-9F51-4E63-9C88-BAC9CC71A75A}\7\RegDef2012.exe is infected by Win32:PUP-gen [PUP], Deleted
File C:\$Recycle.Bin\S-1-5-21-4165156167-663610051-1803192392-1000\$RV2HXY6.exe|>data\{27FA210E-9F51-4E63-9C88-BAC9CC71A75A}\7\RegDef2012.exe is infected by Win32:PUP-gen [PUP], Deleted
File C:\Program Files\RealArcade\Installer\commonResources\GameHouse\gamehouse_\custom.rga|>Splash\GameHouse_1024x1024_black.jpg Error 42126 {RAR archive is corrupted.}
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\15967bcb-230e64b9|>datas\Jocker.class is infected by Java:Agent-UX [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\15967bcb-230e64b9|>datas\Joz7.class is infected by Java:Agent-WS [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\15967bcb-230e64b9|>datas\SquarePants.class is infected by Java:Agent-XB [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\15967bcb-230e64b9|>datas\wall$1.class is infected by Java:Agent-AGZ [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\15967bcb-230e64b9|>datas\wall$zordo.class is infected by Java:Agent-WT [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\15967bcb-230e64b9|>datas\wall.class is infected by Java:Agent-WY [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\15967bcb-230e64b9|>datas\Zom.class is infected by Java:Agent-YB [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\15967bcb-230e64b9|>datas\Zonkeys.class is infected by Java:Agent-WV [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5810b19e-4a759c1b|>ta\ta.class is infected by Java:CVE-2012-0507-CT [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5810b19e-4a759c1b|>ta\tb.class is infected by Java:CVE-2012-0507-BT [Expl], Deleted
File C:\Users\Lexy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5810b19e-4a759c1b|>ta\L.class is infected by Java:Downloader-BL [Expl], Deleted
File C:\Windows\System32\drivers\afd.sys|>[Embedded_I#03e2b] is infected by Win32:Sirefef-PL [Rtk], Deleted
File C:\Windows\System32\drivers\afd.sys|>[Embedded_I#056b3] is infected by Win32:Sirefef-JQ [Trj], Repair: Error 42060 {The file was not repaired.}, Deleted
File C:\Windows\System32\drivers\afd.sys is infected by Win32:Sirefef-PL [Rtk], Deleted
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys|>[Embedded_I#03e2b] is infected by Win32:Sirefef-PL [Rtk], Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0x80000006 {No More Files}, Deleted
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys|>[Embedded_I#056b3] is infected by Win32:Sirefef-JQ [Trj], Deleted
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys is infected by Win32:Sirefef-PL [Rtk], Deleted
File C:\Windows.old\Documents and Settings\Alexis\My Documents\Downloads\advisorinstaller.exe|>Wise0130.bin Error 42145 {Installer archive is corrupted.}
Number of searched folders: 41781
Number of tested files: 1049887
Number of infected files: 19

----------------------------------------
05/26/2012 12:19
Scan of all local drives

File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys is infected by Win32:Sirefef-PL [Rtk], Deleted
Number of searched folders: 41783
Number of tested files: 273720
Number of infected files: 1

----------------------------------------
05/26/2012 16:35
Scan of all local drives

File C:\Program Files\RealArcade\Installer\commonResources\GameHouse\gamehouse_\custom.rga|>Splash\GameHouse_1024x1024_black.jpg Error 42126 {RAR archive is corrupted.}
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys|>[Embedded_I#03e2b] is infected by Win32:Sirefef-PL [Rtk], Deleted
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys|>[Embedded_I#056b3] is infected by Win32:Sirefef-JQ [Trj], Deleted
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys is infected by Win32:Sirefef-PL [Rtk], Deleted
File C:\Windows.old\Documents and Settings\Alexis\My Documents\Downloads\advisorinstaller.exe|>Wise0130.bin Error 42145 {Installer archive is corrupted.}
Number of searched folders: 41788
Number of tested files: 1048909
Number of infected files: 3

----------------------------------------
05/26/2012 18:25
Scan of all local drives

File C:\Program Files\RealArcade\Installer\commonResources\GameHouse\gamehouse_\custom.rga|>Splash\GameHouse_1024x1024_black.jpg Error 42126 {RAR archive is corrupted.}
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys|>[Embedded_I#03e2b] is infected by Win32:Sirefef-PL [Rtk], Deleted
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys|>[Embedded_I#056b3] is infected by Win32:Sirefef-JQ [Trj], Deleted
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys is infected by Win32:Sirefef-PL [Rtk], Deleted
File C:\Windows.old\Documents and Settings\Alexis\My Documents\Downloads\advisorinstaller.exe|>Wise0130.bin Error 42145 {Installer archive is corrupted.}
Number of searched folders: 41789
Number of tested files: 1048917
Number of infected files: 3

----------------------------------------
05/27/2012 09:05
Scan of all local drives

File C:\Program Files\RealArcade\Installer\commonResources\GameHouse\gamehouse_\custom.rga|>Splash\GameHouse_1024x1024_black.jpg Error 42126 {RAR archive is corrupted.}
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys|>[Embedded_I#03e2b] is infected by Win32:Sirefef-PL [Rtk], Deleted
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys|>[Embedded_I#056b3] is infected by Win32:Sirefef-JQ [Trj], Deleted
File C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys is infected by Win32:Sirefef-PL [Rtk], Deleted
File C:\Windows.old\Documents and Settings\Alexis\My Documents\Downloads\advisorinstaller.exe|>Wise0130.bin Error 42145 {Installer archive is corrupted.}
Number of searched folders: 41792
Number of tested files: 1048927
Number of infected files: 3

**********************************************************************************************************************************************

LAST MALEWAREBYTES SCAN (Original scan found 8 instances of infections which were all "successfully deleted")*********************************


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Lexy :: LEXY-LPTP [administrator]

5/27/2012 11:00:26 AM
mbam-log-2012-05-27 (11-00-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269098
Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL SCAN*************************************************************************************************

OTL logfile created on: 5/27/2012 11:22:10 AM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Lexy\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 66.86% Memory free
4.98 Gb Paging File | 4.17 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 431.31 Gb Total Space | 357.75 Gb Free Space | 82.95% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.45 Gb Total Space | 2.17 Gb Free Space | 29.07% Space Free | Partition Type: FAT32

Computer Name: LEXY-LPTP | User Name: Lexy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/27 10:52:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lexy\Desktop\OTL.exe
PRC - [2012/05/21 10:59:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/05/21 10:59:40 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/15 03:34:28 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011/11/15 03:33:28 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2011/06/06 14:23:18 | 005,429,624 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2011/06/06 14:23:18 | 001,460,088 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/10/30 20:11:48 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/10/30 20:07:40 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/10/30 20:06:42 | 002,595,616 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/06 14:23:18 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/10/29 19:53:32 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016mdm.dll -- (U81xobex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdrframe.dll -- (tabletservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Blfp.dll -- (se44mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgs_sdservice.dll -- (scarddrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AlKernel.dll -- (quickhealfirewall)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snapman380.dll -- (personalsecuredriveservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBCCID.dll -- (pdrframe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCM43XV.dll -- (MTDVC2_ENUM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\armoucfltr.dll -- (mcstrm)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\awhost32.dll -- (lxcf_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssm_mdfl.dll -- (incdsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SeaPort.dll -- (GBFSHook)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQTECH9080.dll -- (ftpqueue)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716nd5.dll -- (cxpt_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmsaccess.dll -- (CTEDSPIO.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w200mdfl.dll -- (cpntsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wudfpf.dll -- (avgems)
SRV - [2012/05/25 10:20:33 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2012/05/21 10:59:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/05/21 10:59:40 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/05/15 20:16:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/13 20:14:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/15 03:33:28 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/11/15 03:31:44 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/07/09 15:03:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/06 14:23:18 | 005,429,624 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012/05/21 10:59:41 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/14 19:25:10 | 000,231,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®
DRV - [2011/08/21 16:07:28 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/08/21 16:07:28 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/08/21 16:07:26 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/08/21 16:07:22 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/03/17 12:10:48 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2011/03/17 12:10:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011/03/17 12:10:34 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2006/11/27 18:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/03/26 07:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/03/24 11:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/03/13 04:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/11/03 09:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80117
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...id=80117&lng=en
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F A3 3B A3 07 53 CC 01 [binary data]
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.inbox.com...id=80117&lng=en
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80117&lng=en
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\SearchScopes\{EC603FD3-4C16-4D16-915D-3ED85D9C4AB3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=853&systemid=2&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Lexy\AppData\Local\Roblox\Versions\version-7cacfdcf8d724c45\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lexy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/10 16:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/26 09:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 20:16:38 | 000,000,000 | ---D | M]

[2012/03/14 19:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Extensions
[2012/05/25 16:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions
[2011/07/22 23:17:59 | 000,000,000 | ---D | M] () -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/05/25 16:50:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/03 22:18:03 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2012/03/14 19:47:37 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011/08/21 14:04:03 | 000,000,000 | ---D | M] (PRIMEWebPlayer) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\primewebplayer@monmentalgames
[2012/03/14 19:47:05 | 000,002,515 | ---- | M] () -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\searchplugins\Search_Results.xml
[2012/05/15 20:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/15 20:16:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/02/24 23:19:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/01 18:16:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/03/14 19:47:05 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/24 23:19:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Lexy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Lexy\AppData\Local\Roblox\Versions\version-7cacfdcf8d724c45\\NPRobloxProxy.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{305E3F8D-525C-452D-9983-1394D1CD92B9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\axsefda: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\axsefda.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/02/07 16:02:00 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/02/27 16:02:48 | 000,000,151 | ---- | M] () - E:\AutoRun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: scarddrv - %systemroot%\system32\bgs_sdservice.dll File not found
NetSvcs: CTEDSPIO.DLL - %systemroot%\system32\nmsaccess.dll File not found
NetSvcs: lxcf_device - %systemroot%\system32\awhost32.dll File not found
NetSvcs: tabletservice - %systemroot%\system32\pdrframe.dll File not found
NetSvcs: quickhealfirewall - %systemroot%\system32\AlKernel.dll File not found
NetSvcs: rtl8023 - File not found
NetSvcs: DS1410D - File not found
NetSvcs: ftpqueue - %systemroot%\system32\SQTECH9080.dll File not found
NetSvcs: kwatchsvc - File not found
NetSvcs: personalsecuredriveservice - %systemroot%\system32\snapman380.dll File not found
NetSvcs: GBFSHook - %systemroot%\system32\SeaPort.dll File not found
NetSvcs: sonicstagemonitoring - File not found
NetSvcs: s116mdm - File not found
NetSvcs: abnetmon - File not found
NetSvcs: openvpnservice - File not found
NetSvcs: keymaestro - File not found
NetSvcs: SMNDIS5 - File not found
NetSvcs: IntelC53 - File not found
NetSvcs: BoiHwsetup - File not found
NetSvcs: 3dkeybd - File not found
NetSvcs: se44mdfl - %systemroot%\system32\Blfp.dll File not found
NetSvcs: mcstrm - %systemroot%\system32\armoucfltr.dll File not found
NetSvcs: avgems - %systemroot%\system32\wudfpf.dll File not found
NetSvcs: incdsrv - %systemroot%\system32\ssm_mdfl.dll File not found
NetSvcs: TICalc - File not found
NetSvcs: msvad_simple - File not found
NetSvcs: dlaopiom - File not found
NetSvcs: cpntsrv - %systemroot%\system32\w200mdfl.dll File not found
NetSvcs: MTDVC2_ENUM - %systemroot%\system32\BCM43XV.dll File not found
NetSvcs: U81xobex - %systemroot%\system32\a016mdm.dll File not found
NetSvcs: pdrframe - %systemroot%\system32\USBCCID.dll File not found
NetSvcs: cxpt_service - %systemroot%\system32\s716nd5.dll File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/27 10:58:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lexy\Desktop\aswMBR.exe
[2012/05/27 10:58:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lexy\Desktop\OTL.exe
[2012/05/26 09:36:20 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/05/26 09:36:20 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/05/26 09:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/26 09:36:18 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/05/26 09:36:15 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/05/26 09:36:14 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/05/26 09:36:14 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/05/26 09:35:51 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/05/26 09:35:51 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/05/26 09:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/26 09:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/25 20:58:22 | 000,000,000 | ---D | C] -- C:\Users\Lexy\Desktop\MapleStory
[2012/05/25 16:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/05/25 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Lexy\AppData\Roaming\Yahoo!
[2012/05/25 16:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/05/25 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/05/25 16:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/05/25 10:20:36 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012/05/25 10:20:36 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012/05/25 10:18:10 | 000,000,000 | ---D | C] -- C:\Users\Lexy\AppData\Local\VS Revo Group
[2012/05/25 10:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/05/25 10:17:53 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2012/05/25 10:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/05/25 10:14:34 | 000,000,000 | ---D | C] -- C:\Users\Lexy\AppData\Roaming\Malwarebytes
[2012/05/25 10:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 10:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/25 10:14:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/25 10:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/21 00:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/05/21 00:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2012/05/21 00:43:02 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/05/21 00:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/05/15 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 20:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/13 13:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RegDef2012
[2012/05/13 13:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2012/05/12 22:10:49 | 000,000,000 | ---D | C] -- C:\268a66ebbecda5152235abe1e46850
[2012/04/28 13:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/27 11:21:37 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/27 11:21:37 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/27 10:58:06 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 10:58:06 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 10:52:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lexy\Desktop\OTL.exe
[2012/05/27 10:52:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lexy\Desktop\aswMBR.exe
[2012/05/27 10:50:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/27 10:50:33 | 2005,737,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 10:49:46 | 000,337,661 | ---- | M] () -- C:\Users\Lexy\Desktop\FSS.exe
[2012/05/26 12:15:15 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/26 12:14:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/26 10:00:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/05/26 09:36:20 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/25 20:57:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/25 16:48:48 | 000,001,131 | ---- | M] () -- C:\Users\Lexy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/25 16:48:48 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/05/25 10:20:31 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/05/24 13:06:21 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/05/23 22:40:00 | 182,075,786 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/21 10:59:41 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/05/21 10:59:41 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/05/21 10:59:41 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012/05/13 12:44:27 | 003,763,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/05 14:40:45 | 000,035,979 | ---- | M] () -- C:\Users\Lexy\Documents\cat_reference_sheet_lineart_by_agoraphobic_blue-d32dgdw.png
[2012/05/05 14:24:46 | 000,192,204 | ---- | M] () -- C:\Users\Lexy\Documents\_reference_sheet_template_v2__by_shayminlover101-d35losa.png
[2012/05/05 14:20:37 | 000,077,643 | ---- | M] () -- C:\Users\Lexy\Documents\cat_reference_sheet_template_by_finchwing-d346td8.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/27 10:58:09 | 000,337,661 | ---- | C] () -- C:\Users\Lexy\Desktop\FSS.exe
[2012/05/26 09:36:20 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/25 16:48:48 | 000,001,131 | ---- | C] () -- C:\Users\Lexy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/25 16:48:48 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/05/25 10:20:31 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/05/05 14:40:43 | 000,035,979 | ---- | C] () -- C:\Users\Lexy\Documents\cat_reference_sheet_lineart_by_agoraphobic_blue-d32dgdw.png
[2012/05/05 14:24:44 | 000,192,204 | ---- | C] () -- C:\Users\Lexy\Documents\_reference_sheet_template_v2__by_shayminlover101-d35losa.png
[2012/05/05 14:20:35 | 000,077,643 | ---- | C] () -- C:\Users\Lexy\Documents\cat_reference_sheet_template_by_finchwing-d346td8.png
[2012/03/14 19:48:26 | 000,004,608 | ---- | C] () -- C:\Users\Lexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 20:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2011/07/13 23:34:41 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/02/19 14:51:12 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Boomzap
[2012/02/18 18:24:31 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Dying for Daylight
[2012/02/18 18:25:03 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Dying for Daylight Shared
[2012/02/18 18:32:32 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\FrimaStudio
[2012/02/18 17:10:17 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Gaijin Ent
[2012/02/18 18:55:51 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Phantasmat_bf_se1
[2012/02/18 17:58:50 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Sandlot Games
[2012/02/18 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\TuneUp Software
[2012/03/08 23:11:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TuneUp Software
[2012/03/19 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Anabel
[2011/08/14 14:33:07 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Artoonix
[2011/12/30 12:28:12 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\BeachPartyCraze
[2011/10/16 08:34:26 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Boomzap
[2011/12/23 15:12:24 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Dying for Daylight
[2011/12/22 23:31:45 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Dying for Daylight Shared
[2012/02/20 12:40:36 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Elephant Games
[2011/09/04 20:42:12 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Gaijin Ent
[2011/07/13 23:30:56 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\GAMEON
[2011/12/30 12:40:34 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Meridian93
[2012/03/14 19:47:16 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\MusicNet
[2012/05/24 00:06:50 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\MysteryStudio
[2011/12/22 11:58:41 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Phantasmat_bf_se1
[2011/09/05 18:07:08 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\PlayFirst
[2011/10/20 13:52:00 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Sandlot Games
[2011/12/31 19:01:31 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Smith Micro
[2011/09/23 12:14:09 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/20 00:53:07 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Stand O'Food 3
[2011/07/10 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\TuneUp Software
[2011/07/26 18:45:15 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Unity
[2012/05/27 10:50:55 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/04/20 15:30:22 | 000,057,856 | ---- | M] () -- C:\CabExtractor.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2008/08/21 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\Windows.old\Windows\explorer.exe
[2008/08/21 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\Windows.old\Windows\system32\dllcache\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/08/21 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\Windows.old\Windows\system32\dllcache\svchost.exe
[2008/08/21 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\Windows.old\Windows\system32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2008/08/21 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\Windows.old\Windows\system32\dllcache\userinit.exe
[2008/08/21 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\Windows.old\Windows\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2008/08/21 12:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe
[2008/08/21 12:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Windows.old\Windows\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB24464$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:D576A536
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:2679D5C1
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:3C9B05C4
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:19F494DE
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:B190BE3A
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:55E1514E
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:CE6885F1
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:18897B1D

< End of report >
********************************************


EXTRAS RPT**********************************************************************************

OTL Extras logfile created on: 5/27/2012 11:22:10 AM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Lexy\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 66.86% Memory free
4.98 Gb Paging File | 4.17 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 431.31 Gb Total Space | 357.75 Gb Free Space | 82.95% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.45 Gb Total Space | 2.17 Gb Free Space | 29.07% Space Free | Partition Type: FAT32

Computer Name: LEXY-LPTP | User Name: Lexy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B4E0EB-9F09-4F8D-808A-880A5B70B626}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{127EFF27-6EE9-4C5F-BAC6-548303F7C8FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BD93661-1FBB-4A17-BE81-6262D5E6017A}" = lport=58314 | protocol=6 | dir=in | name=pando media booster |
"{1D8AA54A-F3B2-45C0-8335-EBD9AC257A12}" = lport=58314 | protocol=17 | dir=in | name=pando media booster |
"{29612385-763C-4536-848C-BBA325933FF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F1D160B-BDED-4934-9D1A-F0C2BC80AC05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F71C82C-4245-4528-96D1-25DA41B3C43D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{376CDE2C-EC3F-4EB3-A01A-BC744915312E}" = lport=58314 | protocol=6 | dir=in | name=pando media booster |
"{49F92E63-1176-43E9-AAF0-B3AB579D9BCD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4BFA3D46-0B32-43B6-94DF-7AB783C55845}" = lport=58314 | protocol=17 | dir=in | name=pando media booster |
"{5FAFE34D-1C39-4652-AECB-F65604E10763}" = rport=138 | protocol=17 | dir=out | app=system |
"{5FD2CDAA-5978-49EA-BB4F-2E8D4EB492D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AA6F706-C997-47D2-AB5E-35BC09B500AC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{738E46DE-304B-43EF-B9BB-052C94F9D3AA}" = rport=445 | protocol=6 | dir=out | app=system |
"{7439FE2D-24AF-40F0-B096-87E52C140B95}" = lport=10243 | protocol=6 | dir=in | app=system |
"{763D5DFE-0F2C-429D-A462-5FA86A1802F6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8D26A84-BA51-42F6-8C5C-9F9D2EA412F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7E2B5F7-B10F-4693-8428-3DBE58BC481A}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9D8B0F0-4E94-4A01-957A-1CFEF6E35578}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF8992E5-52C3-4F30-849E-9768CD3C65A8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0F2E6E4-EB73-4782-BFA0-196D100A055A}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE5DC668-F5E9-4023-B5F9-10D2289B086E}" = lport=138 | protocol=17 | dir=in | app=system |
"{DFE571CC-F419-4ABC-995F-BFCADF91FF0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF8929C4-69F1-47E5-8BB0-BF4AD7B1E5DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFA7C99D-2E20-488F-9859-FBBF1C8E8C57}" = lport=445 | protocol=6 | dir=in | app=system |
"{F089C452-D37D-4406-A7B6-6D3068F8AF0B}" = rport=137 | protocol=17 | dir=out | app=system |
"{F09F8ED3-11BA-47A6-B3A5-4BB0860838B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F87E20DB-672A-4299-A87B-DCBAE78E3711}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B97C24-AAF9-4A79-93D1-5AD4C0AE2741}" = protocol=6 | dir=out | app=system |
"{1D206F75-A667-43A5-92C5-706820E5CFC1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1E0A9866-413D-417D-B20F-14274771EC87}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2305DB43-116A-4157-99F0-57349B0BEDF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{293FB8EF-8F45-4E3F-8E1E-21C693620B9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{36A47075-2104-4557-8AD5-4189637D7ACD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3B599FDA-0ACE-47C0-A0FC-74959CC271B4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4BFA51A4-3A20-4F22-B670-E15B7BA202FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D5CBE2E-7D99-4845-888B-9618375BA763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5758A8D4-8A4F-4630-ACBE-A73D2CDF3F55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{598234D5-98E2-48A5-9403-47BAD1E2F459}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{64C95886-9462-4711-9546-3AA1125B7FB9}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6EA91386-327A-4B79-92D8-ED3AB3B2DC7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79B002B2-06A3-49F3-965F-B38CBEEAA499}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A3A7D4E-3334-4DBD-A1B6-9F715DCBB214}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8093EB2C-C0F5-46D5-8C22-830C06C72F0E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88829839-D5C9-496D-AFFE-DB68008D8224}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8A4AC685-B6DF-4E8D-8CA1-E7620E16F6D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{973E681C-477E-44BB-9B8D-AA09866F7B66}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AF4E235-0243-48E4-925A-54A3C244515B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4CE6E26-3100-4CB8-AF38-97FEF856B376}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B4199BE9-0F64-4687-9C3C-0402156AC8D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4C6778F-ABF1-4C15-918E-119C3AAB94C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B866A06E-5D13-42B2-9D0B-3D4667CC5226}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C2FBCDF0-30AC-4689-8AF7-4902C518F2B7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CDEFDF2A-414C-4AF2-A852-2097EA085299}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D2E2671C-0F11-43F3-BF0E-4B367E73D045}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E07EBE08-FC46-45B0-9F7A-6D51C7365A94}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E5C0C615-96B0-42BA-A042-EDA579F84AF2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{ED7ACFAF-75D1-4C8D-A697-810AA2EE6475}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED8A97BC-44CD-4250-AA39-F54BD4A043BD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0150D55C-0FEE-4F1D-BEE5-085C0DD2B476}_is1" = Hello Kitty Online POD Installer
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{803259ED-7A67-4CB5-B6D7-281ED371091B}" = LogMeIn
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARDR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARDR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARDR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARDR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARDR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARDR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age Of Pirates 1.41_is1" = Age Of Pirates - Caribbean Tales 1.41
"am-alicegreenfingers" = Alice Greenfingers
"am-annabel" = Annabel
"am-beachpartycraze" = Beach Party Craze
"am-buildalottownoftheyear" = Build-a-lot - Town of the Year
"am-buildintime" = Build in Time
"am-chocolatier" = Chocolatier
"am-chuzzledeluxe" = Chuzzle Deluxe
"am-fabfashion" = Fab Fashion
"am-fairytreasure" = Fairy Treasure
"am-feedingfrenzy2" = Feeding Frenzy 2
"am-fishingcraze" = Fishing Craze
"amg-magicfarm" = Magic Farm
"am-hammerheadstmdeluxe" = Hammer Heads™ Deluxe
"am-lavendersbotanicals" = Lavender's Botanicals
"am-nancydrewrsecretoftheoldclock" = Nancy Drew® - Secret of the Old Clock
"am-pioneerlands" = Pioneer Lands
"am-plantsvszombiestm" = Plants vs. Zombies™
"am-planttycoon" = Plant Tycoon
"am-sallyssalon" = Sally's Salon
"am-standofood" = Stand O' Food
"am-supergranny4" = Super Granny 4
"am-teddyfactory" = Teddy Factory
"am-turtleodyssey" = Turtle Odyssey
"am-turtleodyssey2" = Turtle Odyssey 2
"am-virtualvillagerstm4thetreeoflifepremiumedition" = Virtual Villagers™ 4 - The Tree of Life Premium Edition
"am-weddingsalon" = Wedding Salon
"Artoonix 1.11_is1" = Artoonix 1.11 Release 1
"ASD800_is1" = Anime Studio Debut 8.0
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 7.2
"BFG-Burger Island" = Burger Island
"BFG-Burger Island 2 - The Missing Ingredients" = Burger Island 2: The Missing Ingredients
"BFGC" = Big Fish Games: Game Manager
"BFG-Deadtime Stories" = Deadtime Stories
"BFG-Death at Fairing Point - A Dana Knightstone Novel" = Death at Fairing Point: A Dana Knightstone Novel
"BFG-Dying_for_Daylight" = Charlaine Harris: Dying for Daylight
"BFG-Nancy Drew - Secret Of The Old Clock" = Nancy Drew - Secret Of The Old Clock
"BFG-Peter Flat's Inflatable Adventures" = Peter Flat's Inflatable Adventures
"BFG-Phantasmat" = Phantasmat
"BFG-Purrfect Pet Shop" = Purrfect Pet Shop
"BFG-Samantha Swift and the Golden Touch" = Samantha Swift and the Golden Touch
"BFG-Stand O'Food 3" = Stand O'Food 3
"BFG-Urban Legends - The Maze" = Urban Legends: The Maze
"BFG-Virtual Families" = Virtual Families
"BFG-Virtual Villagers - New Believers" = Virtual Villagers: New Believers
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Disney Toontown Online" = Disney Toontown Online
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MapleStory" = MapleStory
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.STANDARDR" = Microsoft Office Standard 2010
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Pivot Stickfigure FileBulldog Toolbar" = Pivot Stickfigure FileBulldog Toolbar
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TuneUp Utilities" = TuneUp Utilities
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Web Games Player Plugin" = Web Games Player Plugin
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Lexy
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2012 12:21:44 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

Error - 5/27/2012 12:23:05 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

Error - 5/27/2012 12:24:26 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

Error - 5/27/2012 12:25:47 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

Error - 5/27/2012 12:27:07 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

Error - 5/27/2012 12:28:27 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

Error - 5/27/2012 12:29:48 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

Error - 5/27/2012 12:31:09 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

Error - 5/27/2012 12:32:29 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

Error - 5/27/2012 12:33:50 PM | Computer Name = Lexy-LPTP | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x00002742.

[ System Events ]
Error - 12/19/2011 9:58:20 PM | Computer Name = Lexy-LPTP | Source = DCOM | ID = 10010
Description =

Error - 12/24/2011 11:48:39 PM | Computer Name = Lexy-LPTP | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.

Error - 12/27/2011 4:59:25 PM | Computer Name = Lexy-LPTP | Source = DCOM | ID = 10010
Description =

Error - 12/30/2011 1:11:18 PM | Computer Name = Lexy-LPTP | Source = DCOM | ID = 10010
Description =


< End of report >

FARBAR log******************************************************************************************************************

Farbar Service Scanner Version: 25-05-2012
Ran by Lexy (administrator) on 27-05-2012 at 11:56:12
Running from "C:\Users\Lexy\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit

ATTENTION!=====> C:\Windows\system32\Drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#2 Render

  • Group: Malware Removal
  • Posts: 4,144
  • Joined: 29-November 09

Posted 27 May 2012 - 01:33 PM

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!


Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection


  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review


Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

#3 bpearce2001

  • Group: Member
  • Posts: 8
  • Joined: 13-October 11

Posted 28 May 2012 - 08:10 AM

Below is my Combofix log:

ComboFix 12-05-28.01 - Lexy 05/28/2012 8:32.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2550.1887 [GMT -5:00]
Running from: e:\virus fight\Combo-Fix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\somototoolbar\vmNTemplatex.dll
c:\windows\$NtUninstallKB24464$
c:\windows\$NtUninstallKB24464$\2411258406
c:\windows\$NtUninstallKB24464$\3875649681\@
c:\windows\$NtUninstallKB24464$\3875649681\cfg.ini
c:\windows\$NtUninstallKB24464$\3875649681\Desktop.ini
c:\windows\$NtUninstallKB24464$\3875649681\L\xadqgnnk
c:\windows\$NtUninstallKB24464$\3875649681\oemid
c:\windows\$NtUninstallKB24464$\3875649681\U\00000001.@
c:\windows\$NtUninstallKB24464$\3875649681\U\00000002.@
c:\windows\$NtUninstallKB24464$\3875649681\U\00000004.@
c:\windows\$NtUninstallKB24464$\3875649681\U\80000000.@
c:\windows\$NtUninstallKB24464$\3875649681\U\80000004.@
c:\windows\$NtUninstallKB24464$\3875649681\U\80000032.@
c:\windows\$NtUninstallKB24464$\3875649681\version
c:\windows\system32\dds_trash_log.cmd
.
c:\windows\system32\drivers\afd.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 13:45 . 2012-05-28 13:49 -------- d-----w- c:\users\Lexy\AppData\Local\temp
2012-05-28 13:45 . 2012-05-28 13:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-28 13:45 . 2012-05-28 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-28 13:45 . 2012-05-28 13:45 -------- d-----w- c:\users\Abby\AppData\Local\temp
2012-05-28 13:45 . 2012-05-28 13:45 -------- d-----w- c:\users\Abbie\AppData\Local\temp
2012-05-28 13:45 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-26 14:36 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-26 14:36 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-26 14:36 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-26 14:36 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-26 14:36 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-26 14:36 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-26 14:35 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-26 14:35 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-26 14:35 . 2012-05-26 14:35 -------- d-----w- c:\programdata\AVAST Software
2012-05-26 14:35 . 2012-05-26 14:35 -------- d-----w- c:\program files\AVAST Software
2012-05-25 21:49 . 2012-05-25 21:50 -------- d-----w- c:\users\Lexy\AppData\Roaming\Yahoo!
2012-05-25 21:49 . 2012-05-25 21:49 -------- d-----w- c:\programdata\Yahoo! Companion
2012-05-25 21:48 . 2012-05-25 21:49 -------- d-----w- c:\programdata\Yahoo!
2012-05-25 21:47 . 2012-05-25 21:49 -------- d-----w- c:\program files\Yahoo!
2012-05-25 15:20 . 2011-11-15 08:31 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-05-25 15:20 . 2011-11-15 08:31 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-25 15:18 . 2012-05-25 15:18 -------- d-----w- c:\users\Lexy\AppData\Local\VS Revo Group
2012-05-25 15:17 . 2009-12-30 16:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-25 15:17 . 2012-05-25 15:17 -------- d-----w- c:\program files\VS Revo Group
2012-05-25 15:14 . 2012-05-25 15:14 -------- d-----w- c:\users\Lexy\AppData\Roaming\Malwarebytes
2012-05-25 15:14 . 2012-05-25 15:14 -------- d-----w- c:\programdata\Malwarebytes
2012-05-25 15:14 . 2012-05-25 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-25 15:14 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-25 15:10 . 2012-05-25 15:10 -------- d-----w- c:\users\LogMeInRemoteUser
2012-05-21 05:55 . 2012-05-21 05:55 -------- d-----w- c:\programdata\Nexon
2012-05-21 05:43 . 2012-05-21 05:43 -------- d-----w- C:\Nexon
2012-05-16 01:16 . 2012-05-16 01:16 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-16 01:16 . 2012-05-16 01:16 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-16 01:16 . 2012-05-16 01:16 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-13 18:02 . 2012-05-25 21:30 -------- d-----w- c:\programdata\RegDef2012
2012-05-13 18:02 . 2012-05-25 21:30 -------- d-----w- c:\program files\Angle Interactive
2012-05-13 03:10 . 2012-05-13 03:10 -------- d-----w- C:\268a66ebbecda5152235abe1e46850
2012-05-13 01:06 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 01:06 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 01:06 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 01:06 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 01:06 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 01:06 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-13 01:06 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 01:06 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 01:06 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 01:06 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\program files\Common Files\Java
2012-04-28 18:43 . 2012-04-28 18:42 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 15:59 . 2011-07-11 17:58 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-21 15:59 . 2011-07-11 17:58 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-21 15:59 . 2011-07-11 17:58 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-21 15:59 . 2011-07-11 17:58 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-20 22:37 . 2010-11-20 21:29 388096 ----a-w- c:\windows\system32\drivers\csc.sys
2012-05-14 01:14 . 2012-03-31 06:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 01:14 . 2011-07-10 20:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-13 18:07 . 2010-11-20 21:29 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-28 18:42 . 2011-08-27 23:53 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 05:46 . 2012-04-12 01:43 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 01:43 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 01:43 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 01:43 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-16 01:16 . 2011-07-09 20:41 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-07-10 19:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-20 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 257696]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-20 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-16 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-03-17 10752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-09 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-05-21 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-01-12 12856]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 5429624]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-11-15 1052480]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
scarddrv
CTEDSPIO.DLL
lxcf_device
tabletservice
quickhealfirewall
rtl8023
DS1410D
ftpqueue
kwatchsvc
personalsecuredriveservice
GBFSHook
sonicstagemonitoring
s116mdm
abnetmon
openvpnservice
keymaestro
SMNDIS5
IntelC53
BoiHwsetup
3dkeybd
se44mdfl
mcstrm
avgems
incdsrv
TICalc
msvad_simple
dlaopiom
cpntsrv
MTDVC2_ENUM
U81xobex
pdrframe
cxpt_service
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:14]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-20 05:41]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-20 05:41]
.
2012-05-28 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance.job
- c:\program files\TuneUp Utilities 2010\OneClick.exe [2011-11-15 08:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=853&systemid=2&sr=0&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-axsefda - c:\windows\system32\config\systemprofile\AppData\Local\axsefda.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4165156167-663610051-1803192392-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,f4,ee,3f,00,50,42,b5,19,a4,e1,02,1c,28,35,87,b9,9d,c6,17,6b,
b6,56,d8,20,f9,59,f7,2d,19,4b,70,6c,44,a0,ae,f5,df,21,0b,7f,59,35,06,db,ab,\
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\relog_ap.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Tablet\Wacom\Wacom_TabletUser.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-05-28 08:55:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 13:55
.
Pre-Run: 383,390,773,248 bytes free
Post-Run: 383,460,753,408 bytes free
.
- - End Of File - - 3749FB9C0ED44AB55339E78D909E35DB

#4 Render

  • Group: Malware Removal
  • Posts: 4,144
  • Joined: 29-November 09

Posted 28 May 2012 - 09:13 AM

CF made a good job finding clean afd.sys driver. So you should be able to connect now.

Let's clean java cache first:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
  	
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]


  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


NEXT...

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#5 bpearce2001

  • Group: Member
  • Posts: 8
  • Joined: 13-October 11

Posted 28 May 2012 - 10:46 AM

Here is the first OTL log:

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lexy\Desktop\cmd.bat deleted successfully.
C:\Users\Lexy\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Lexy\Desktop\cmd.bat deleted successfully.
C:\Users\Lexy\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Lexy\Desktop\cmd.bat deleted successfully.
C:\Users\Lexy\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Lexy\Desktop\cmd.bat deleted successfully.
C:\Users\Lexy\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Lexy\Desktop\cmd.bat deleted successfully.
C:\Users\Lexy\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Abbie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 832788 bytes
->FireFox cache emptied: 1147429610 bytes
->Flash cache emptied: 105659 bytes

User: Abby
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 31517475 bytes
->Flash cache emptied: 58847 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2741865 bytes
->FireFox cache emptied: 69175138 bytes
->Flash cache emptied: 58386 bytes

User: Lexy
->Temp folder emptied: 154777 bytes
->Temporary Internet Files folder emptied: 101901298 bytes
->Java cache emptied: 8247728 bytes
->FireFox cache emptied: 201538644 bytes
->Google Chrome cache emptied: 30967287 bytes
->Flash cache emptied: 58565 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,521.00 mb


[EMPTYJAVA]

User: Abbie

User: Abby

User: All Users

User: Default

User: Default User

User: Guest

User: Lexy
->Java cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Abbie
->Flash cache emptied: 0 bytes

User: Abby
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Lexy
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.2 log created on 05282012_104408

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Here is the second OTL Log:

OTL logfile created on: 5/28/2012 11:01:45 AM - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Lexy\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 66.89% Memory free
4.98 Gb Paging File | 4.03 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 431.31 Gb Total Space | 358.42 Gb Free Space | 83.10% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.45 Gb Total Space | 2.16 Gb Free Space | 29.01% Space Free | Partition Type: FAT32

Computer Name: LEXY-LPTP | User Name: Lexy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/27 10:52:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lexy\Desktop\OTL.exe
PRC - [2012/05/21 10:59:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/05/21 10:59:40 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/15 03:34:28 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011/11/15 03:33:28 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2011/06/06 14:23:18 | 005,429,624 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2011/06/06 14:23:18 | 001,460,088 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/10/30 20:11:48 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/10/30 20:07:40 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/10/30 20:06:42 | 002,595,616 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/06 14:23:18 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/10/29 19:53:32 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016mdm.dll -- (U81xobex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdrframe.dll -- (tabletservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Blfp.dll -- (se44mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgs_sdservice.dll -- (scarddrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AlKernel.dll -- (quickhealfirewall)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snapman380.dll -- (personalsecuredriveservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBCCID.dll -- (pdrframe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCM43XV.dll -- (MTDVC2_ENUM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\armoucfltr.dll -- (mcstrm)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\awhost32.dll -- (lxcf_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssm_mdfl.dll -- (incdsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SeaPort.dll -- (GBFSHook)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQTECH9080.dll -- (ftpqueue)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716nd5.dll -- (cxpt_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmsaccess.dll -- (CTEDSPIO.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w200mdfl.dll -- (cpntsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wudfpf.dll -- (avgems)
SRV - [2012/05/25 10:20:33 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2012/05/21 10:59:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/05/21 10:59:40 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/05/15 20:16:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/13 20:14:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/15 03:33:28 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/11/15 03:31:44 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/07/09 15:03:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/06 14:23:18 | 005,429,624 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lexy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/05/21 10:59:41 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/14 19:25:10 | 000,231,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®
DRV - [2011/08/21 16:07:28 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/08/21 16:07:28 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/08/21 16:07:26 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/08/21 16:07:22 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/03/17 12:10:48 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2011/03/17 12:10:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011/03/17 12:10:34 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2006/11/27 18:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/03/26 07:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/03/24 11:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/03/13 04:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/11/03 09:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F A3 3B A3 07 53 CC 01 [binary data]
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80117&lng=en
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\SearchScopes\{EC603FD3-4C16-4D16-915D-3ED85D9C4AB3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=853&systemid=2&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Lexy\AppData\Local\Roblox\Versions\version-7cacfdcf8d724c45\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lexy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/10 16:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/26 09:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 20:16:38 | 000,000,000 | ---D | M]

[2012/03/14 19:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Extensions
[2012/05/25 16:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions
[2011/07/22 23:17:59 | 000,000,000 | ---D | M] () -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/05/25 16:50:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/03 22:18:03 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2012/03/14 19:47:37 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011/08/21 14:04:03 | 000,000,000 | ---D | M] (PRIMEWebPlayer) -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\primewebplayer@monmentalgames
[2012/03/14 19:47:05 | 000,002,515 | ---- | M] () -- C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\searchplugins\Search_Results.xml
[2012/05/15 20:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/15 20:16:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/02/24 23:19:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/01 18:16:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/03/14 19:47:05 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/24 23:19:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Lexy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Lexy\AppData\Local\Roblox\Versions\version-7cacfdcf8d724c45\\NPRobloxProxy.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\apkr7p34.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\

O1 HOSTS File: ([2012/05/28 10:44:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4165156167-663610051-1803192392-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{305E3F8D-525C-452D-9983-1394D1CD92B9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/02/07 16:02:00 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/02/27 16:02:48 | 000,000,151 | ---- | M] () - E:\AutoRun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 10:44:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/28 08:54:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/28 08:45:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/28 08:45:49 | 000,000,000 | ---D | C] -- C:\Users\Lexy\AppData\Local\temp
[2012/05/28 07:55:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/28 07:55:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/28 07:55:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/28 07:55:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/28 07:55:24 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2012/05/28 07:46:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 10:58:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lexy\Desktop\aswMBR.exe
[2012/05/27 10:58:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lexy\Desktop\OTL.exe
[2012/05/26 09:36:20 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/05/26 09:36:20 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/05/26 09:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/26 09:36:18 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/05/26 09:36:15 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/05/26 09:36:14 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/05/26 09:36:14 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/05/26 09:35:51 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/05/26 09:35:51 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/05/26 09:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/26 09:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/25 20:58:22 | 000,000,000 | ---D | C] -- C:\Users\Lexy\Desktop\MapleStory
[2012/05/25 16:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/05/25 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Lexy\AppData\Roaming\Yahoo!
[2012/05/25 16:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/05/25 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/05/25 16:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/05/25 10:20:36 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012/05/25 10:20:36 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012/05/25 10:18:10 | 000,000,000 | ---D | C] -- C:\Users\Lexy\AppData\Local\VS Revo Group
[2012/05/25 10:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/05/25 10:17:53 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2012/05/25 10:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/05/25 10:14:34 | 000,000,000 | ---D | C] -- C:\Users\Lexy\AppData\Roaming\Malwarebytes
[2012/05/25 10:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 10:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/25 10:14:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/25 10:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/21 00:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/05/21 00:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2012/05/21 00:43:02 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/05/21 00:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/05/15 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 20:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/13 13:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RegDef2012
[2012/05/13 13:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2012/05/12 22:10:49 | 000,000,000 | ---D | C] -- C:\268a66ebbecda5152235abe1e46850
[2012/04/28 13:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/05/28 11:01:17 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 11:01:17 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 10:57:49 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 10:57:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/28 10:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/28 10:53:16 | 2005,737,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/28 10:44:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/05/28 10:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/28 08:07:19 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2012/05/27 11:53:07 | 000,000,512 | ---- | M] () -- C:\Users\Lexy\Desktop\MBR.dat
[2012/05/27 11:21:37 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/27 11:21:37 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/27 10:52:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lexy\Desktop\OTL.exe
[2012/05/27 10:52:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lexy\Desktop\aswMBR.exe
[2012/05/27 10:49:46 | 000,337,661 | ---- | M] () -- C:\Users\Lexy\Desktop\FSS.exe
[2012/05/26 10:00:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/05/26 09:36:20 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/25 16:48:48 | 000,001,131 | ---- | M] () -- C:\Users\Lexy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/25 16:48:48 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/05/25 10:20:31 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/05/23 22:40:00 | 182,075,786 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/21 10:59:41 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/05/21 10:59:41 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/05/21 10:59:41 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012/05/13 12:44:27 | 003,763,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/05 14:40:45 | 000,035,979 | ---- | M] () -- C:\Users\Lexy\Documents\cat_reference_sheet_lineart_by_agoraphobic_blue-d32dgdw.png
[2012/05/05 14:24:46 | 000,192,204 | ---- | M] () -- C:\Users\Lexy\Documents\_reference_sheet_template_v2__by_shayminlover101-d35losa.png
[2012/05/05 14:20:37 | 000,077,643 | ---- | M] () -- C:\Users\Lexy\Documents\cat_reference_sheet_template_by_finchwing-d346td8.png

========== Files Created - No Company Name ==========

[2012/05/28 08:07:19 | 000,000,228 | ---- | C] () -- C:\Windows\tasks\TuneUpUtilities_Task_BkGndMaintenance.job
[2012/05/28 07:55:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/28 07:55:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/28 07:55:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/28 07:55:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/28 07:55:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/27 11:53:07 | 000,000,512 | ---- | C] () -- C:\Users\Lexy\Desktop\MBR.dat
[2012/05/27 10:58:09 | 000,337,661 | ---- | C] () -- C:\Users\Lexy\Desktop\FSS.exe
[2012/05/26 09:36:20 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/25 16:48:48 | 000,001,131 | ---- | C] () -- C:\Users\Lexy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/25 16:48:48 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/05/25 10:20:31 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/05/05 14:40:43 | 000,035,979 | ---- | C] () -- C:\Users\Lexy\Documents\cat_reference_sheet_lineart_by_agoraphobic_blue-d32dgdw.png
[2012/05/05 14:24:44 | 000,192,204 | ---- | C] () -- C:\Users\Lexy\Documents\_reference_sheet_template_v2__by_shayminlover101-d35losa.png
[2012/05/05 14:20:35 | 000,077,643 | ---- | C] () -- C:\Users\Lexy\Documents\cat_reference_sheet_template_by_finchwing-d346td8.png
[2012/03/14 19:48:26 | 000,004,608 | ---- | C] () -- C:\Users\Lexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 20:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2011/07/13 23:34:41 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/02/19 14:51:12 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Boomzap
[2012/02/18 18:24:31 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Dying for Daylight
[2012/02/18 18:25:03 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Dying for Daylight Shared
[2012/02/18 18:32:32 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\FrimaStudio
[2012/02/18 17:10:17 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Gaijin Ent
[2012/02/18 18:55:51 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Phantasmat_bf_se1
[2012/02/18 17:58:50 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Sandlot Games
[2012/02/18 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\TuneUp Software
[2012/03/08 23:11:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TuneUp Software
[2012/03/19 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Anabel
[2011/08/14 14:33:07 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Artoonix
[2011/12/30 12:28:12 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\BeachPartyCraze
[2011/10/16 08:34:26 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Boomzap
[2011/12/23 15:12:24 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Dying for Daylight
[2011/12/22 23:31:45 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Dying for Daylight Shared
[2012/02/20 12:40:36 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Elephant Games
[2011/09/04 20:42:12 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Gaijin Ent
[2011/07/13 23:30:56 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\GAMEON
[2011/12/30 12:40:34 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Meridian93
[2012/03/14 19:47:16 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\MusicNet
[2012/05/24 00:06:50 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\MysteryStudio
[2011/12/22 11:58:41 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Phantasmat_bf_se1
[2011/09/05 18:07:08 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\PlayFirst
[2011/10/20 13:52:00 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Sandlot Games
[2011/12/31 19:01:31 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Smith Micro
[2011/09/23 12:14:09 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/20 00:53:07 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Stand O'Food 3
[2011/07/10 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\TuneUp Software
[2011/07/26 18:45:15 | 000,000,000 | ---D | M] -- C:\Users\Lexy\AppData\Roaming\Unity
[2012/05/28 08:30:22 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/28 08:07:19 | 000,000,228 | ---- | M] () -- C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:D576A536
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:2679D5C1
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:3C9B05C4
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:19F494DE
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:B190BE3A
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:55E1514E
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:CE6885F1
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:18897B1D

< End of report >

Here is the Checkup log:

Results of screen317's Security Check version 0.99.39
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Java™ 6 Update 32
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.1)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
[/u]````````````````````End of Log``````````````````````[/u]

#6 Render

  • Group: Malware Removal
  • Posts: 4,144
  • Joined: 29-November 09

Posted 28 May 2012 - 12:33 PM

OK. As your infection is Java related please go here, download and install latest version of Java.

Then uninstall all previous versions of Java. How and why please read here.

NEXT...

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#7 bpearce2001

  • Group: Member
  • Posts: 8
  • Joined: 13-October 11

Posted 31 May 2012 - 08:43 AM

When Kapersky ran, it found the afd.sys driver was infected which is the file that was replaced by CF in the original pass. I just thought I should point that out. My scan with Kapersky log file:

Status: Deleted (events: 1)
5/28/2012 4:00:24 PM Deleted virus Virus.Win32.ZAccess.c C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys High



********************************************************
I have attatched the zip file from the manual gathering. And thank you for all of your help with this!

Attached File(s)


#8 Render

  • Group: Malware Removal
  • Posts: 4,144
  • Joined: 29-November 09

Posted 31 May 2012 - 08:48 AM

I see. Do you have Windows 7 installation DVD?

#9 bpearce2001

  • Group: Member
  • Posts: 8
  • Joined: 13-October 11

Posted 31 May 2012 - 09:21 AM

Yes I do.

#10 Render

  • Group: Malware Removal
  • Posts: 4,144
  • Joined: 29-November 09

Posted 01 June 2012 - 10:19 AM

Good. Please follow instructions here for Windows 7 repair procedure. If you have any questions don't hesitate to ask.

#11 Render

  • Group: Malware Removal
  • Posts: 4,144
  • Joined: 29-November 09

Posted 18 June 2012 - 02:33 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1