Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/ATRAPS.Gen2 [Closed]

Started by Blanco613 , Jun 28 2012 11:37 AM

  • This topic is locked This topic is locked

#1
Blanco613
Posted 28 June 2012 - 11:37 AM

Blanco613

    New Member

  • Member
  • Pip
  • 2 posts
My Avira has been detecting this virus on its system scan, and it tries to remove it but doesn't permanently fix the problem. The next time it scans it just pops up again. Besides being detected by Avira, I haven't seen it cause any problems so far. I ran OTL and after it runs for a while it gives me this error: List Index Out of Bounds (21). But here's the log it created. Thanks in advance.


OTL logfile created on: 6/28/2012 12:20:11 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Blanco\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.61% Memory free
15.95 Gb Paging File | 13.87 Gb Available in Paging File | 86.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.73 Gb Total Space | 13.39 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 130.91 Gb Free Space | 18.74% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 130.04 Gb Free Space | 18.61% Space Free | Partition Type: NTFS

Computer Name: BLANCO-PC | User Name: Blanco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Blanco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Users\Blanco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe (JRT Studio LLC)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8036b60a803443f3c61c48b4959f722d\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d89ee849317b4d93ea78842dd78f79c0\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\spellchk.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\themeedit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ticker.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\winprefs.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\statenotify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\relnot.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\psychic.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmsn.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libgg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsilc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmxit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsametime.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libnovell.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libirc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsimple.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\log_reader.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\notify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\markerline.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libicq.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\newline.dll ()
MOD - C:\Program Files (x86)\Pidgin\libymsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\convcolors.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\history.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\idle.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\joinpart.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\extplacement.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libaim.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\buddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\iconaway.dll ()
MOD - C:\Program Files (x86)\Pidgin\libjabber.dll ()
MOD - C:\Program Files (x86)\Pidgin\liboscar.dll ()
MOD - C:\Program Files (x86)\Pidgin\exchndl.dll ()
MOD - C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\libxml2-2.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comca...insDate06122012
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://xfinity.comca...nsDate06122012"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/03/29 03:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blanco\AppData\Roaming\Mozilla\Extensions
[2012/03/29 03:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blanco\AppData\Roaming\Mozilla\Firefox\Profiles\em84waeu.default\extensions
[2008/06/22 22:57:34 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Blanco\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

O1 HOSTS File: ([2012/01/26 01:09:05 | 000,001,661 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Blanco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A2F1614-EDAE-49C6-8C22-891A57C66E2F}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CEAD86C-F6A9-40C9-8BB8-21682462A58C}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2689AEF-EC12-45B7-AC4C-2783B74FDF84}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4187df9e-32e0-11e1-b847-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4187df9e-32e0-11e1-b847-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{5b306341-4588-11e1-9f7f-5404a6be1ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{5b306341-4588-11e1-9f7f-5404a6be1ff8}\Shell\addons\command - "" = C:\Windows\SysWow64\explorer.exe -- [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{5b306341-4588-11e1-9f7f-5404a6be1ff8}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{5b306341-4588-11e1-9f7f-5404a6be1ff8}\Shell\setup\command - "" = F:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 12:19:48 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Blanco\Desktop\OTL.exe
[2012/06/27 16:36:49 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012/06/27 16:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/06/27 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/06/25 23:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MekTek.net
[2012/06/25 17:02:00 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MC2 Unofficial Patch Ver. 1.7
[2012/06/25 17:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MC2 Unofficial Patch Ver. 1.7
[2012/06/25 13:58:30 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MekTek.net
[2012/06/25 13:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\MicroProse
[2012/06/25 13:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microprose
[2012/06/25 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Blanco\Dropbox
[2012/06/25 11:39:49 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/06/25 11:39:26 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Dropbox
[2012/06/24 03:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shrapnel Games
[2012/06/24 03:47:29 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shrapnel Games
[2012/06/24 03:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dominions3
[2012/06/24 01:45:09 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\LogMeIn Hamachi
[2012/06/23 03:50:11 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Code Force Limited
[2012/06/23 03:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Distant Worlds
[2012/06/23 03:41:34 | 000,000,000 | ---D | C] -- C:\Windows\Distant Worlds
[2012/06/23 03:12:37 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\Desura
[2012/06/23 03:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/06/23 03:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/06/23 03:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
[2012/06/23 03:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/06/23 02:21:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2012/06/17 02:02:19 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\DroxOperative
[2012/06/17 02:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DroxOperative
[2012/06/17 02:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drox Operative
[2012/06/17 02:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drox Operative
[2012/06/12 13:05:18 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\Xfinity.com
[2012/06/12 13:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012/06/12 13:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/06/11 23:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClockworkMod
[2012/06/11 23:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClockworkMod
[2012/06/11 23:18:25 | 000,000,000 | ---D | C] -- C:\Temp
[2012/06/11 22:58:13 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\HTC
[2012/06/11 22:58:12 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Teleca
[2012/06/11 22:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2012/06/11 22:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Teleca Shared
[2012/06/11 22:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Teleca
[2012/06/11 22:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/06/11 22:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/06/11 22:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012/06/11 22:56:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/06/09 02:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/06/08 17:33:03 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\LoneSurvivor
[2012/06/08 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\Blanco\Documents\Gaslamp Games
[2012/06/08 17:09:01 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Braid
[2012/06/08 14:56:39 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\SplitMediaLabs
[2012/06/08 14:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2012/06/08 14:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2012/06/08 14:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2012/06/08 14:54:27 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\SplitMediaLabs
[2012/06/03 15:46:37 | 000,000,000 | ---D | C] -- C:\Users\Blanco\Desktop\SR2ResolutionPatch_1.3
[2012/06/02 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Blanco\Documents\JRT Studio
[2012/06/02 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\JRT Studio
[2012/06/02 20:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRT Studio
[2012/06/02 20:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRT Studio
[2012/06/02 03:23:27 | 000,000,000 | ---D | C] -- C:\Users\Blanco\Documents\Egosoft
[2012/06/02 01:03:39 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\Freelancer
[2012/06/02 01:03:29 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/06/02 01:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/06/02 00:59:08 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\uqm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/28 12:20:50 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 12:20:50 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 12:20:41 | 001,307,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/28 12:20:41 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/28 12:20:41 | 000,415,714 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2012/06/28 12:20:41 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2012/06/28 12:20:41 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/28 12:19:37 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Blanco\Desktop\OTL.exe
[2012/06/28 12:15:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 12:14:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/28 12:14:51 | 2129,305,599 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 10:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 16:36:47 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/06/26 11:49:59 | 000,001,453 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/06/25 23:13:37 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\AT1.lnk
[2012/06/25 17:37:05 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\MW4Mercs.lnk
[2012/06/25 17:37:05 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\MW4Ed2.lnk
[2012/06/25 16:40:50 | 000,001,016 | ---- | M] () -- C:\Users\Blanco\Desktop\MechCommander 2.lnk
[2012/06/25 15:47:14 | 000,001,095 | ---- | M] () -- C:\Users\Blanco\Desktop\Dominions 3 Manual.pdf - Shortcut.lnk
[2012/06/25 13:58:30 | 000,003,043 | ---- | M] () -- C:\Users\Blanco\Desktop\mtx.exe.lnk
[2012/06/25 11:40:13 | 000,001,041 | ---- | M] () -- C:\Users\Blanco\Desktop\Dropbox.lnk
[2012/06/25 11:39:52 | 000,001,051 | ---- | M] () -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/24 03:52:30 | 000,001,895 | ---- | M] () -- C:\Users\Blanco\Desktop\Dominions 3.lnk
[2012/06/23 03:47:12 | 000,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Distant Worlds.lnk
[2012/06/23 03:09:18 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Desura.lnk
[2012/06/17 02:01:46 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Drox Operative.lnk
[2012/06/16 02:50:08 | 000,001,566 | ---- | M] () -- C:\Users\Blanco\Desktop\Civ 5 Maps.lnk
[2012/06/14 08:23:54 | 004,901,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 01:43:04 | 000,002,615 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk
[2012/06/12 13:23:41 | 000,000,087 | ---- | M] () -- C:\Users\Blanco\Documents\Everything.BPres
[2012/06/12 12:53:16 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/12 00:30:35 | 000,000,847 | ---- | M] () -- C:\Users\Blanco\Desktop\Transport Tycoon Deluxe.lnk
[2012/06/11 23:24:33 | 000,002,619 | ---- | M] () -- C:\Users\Blanco\Desktop\Tether.lnk
[2012/06/10 00:18:15 | 000,001,127 | ---- | M] () -- C:\Users\Blanco\Desktop\XSplit Broadcaster.lnk
[2012/06/08 13:57:52 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/08 13:57:44 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/08 13:57:44 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/02 20:42:37 | 000,002,615 | ---- | M] () -- C:\Users\Blanco\Desktop\iSyncr.lnk
[2012/06/02 01:02:13 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 23:13:37 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\AT1.lnk
[2012/06/25 17:25:26 | 000,000,805 | ---- | C] () -- C:\Users\Public\Desktop\MW4Mercs.lnk
[2012/06/25 17:25:26 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\MW4Ed2.lnk
[2012/06/25 16:40:50 | 000,001,016 | ---- | C] () -- C:\Users\Blanco\Desktop\MechCommander 2.lnk
[2012/06/25 15:47:14 | 000,001,095 | ---- | C] () -- C:\Users\Blanco\Desktop\Dominions 3 Manual.pdf - Shortcut.lnk
[2012/06/25 13:58:30 | 000,003,043 | ---- | C] () -- C:\Users\Blanco\Desktop\mtx.exe.lnk
[2012/06/25 11:40:13 | 000,001,041 | ---- | C] () -- C:\Users\Blanco\Desktop\Dropbox.lnk
[2012/06/25 11:39:52 | 000,001,051 | ---- | C] () -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/24 03:52:30 | 000,001,895 | ---- | C] () -- C:\Users\Blanco\Desktop\Dominions 3.lnk
[2012/06/24 01:44:46 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/06/23 03:43:12 | 000,000,679 | ---- | C] () -- C:\Users\Public\Desktop\Distant Worlds.lnk
[2012/06/23 03:09:18 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Desura.lnk
[2012/06/17 02:01:46 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Drox Operative.lnk
[2012/06/16 02:50:08 | 000,001,566 | ---- | C] () -- C:\Users\Blanco\Desktop\Civ 5 Maps.lnk
[2012/06/12 13:23:41 | 000,000,087 | ---- | C] () -- C:\Users\Blanco\Documents\Everything.BPres
[2012/06/12 13:03:07 | 000,002,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/06/12 00:30:35 | 000,000,847 | ---- | C] () -- C:\Users\Blanco\Desktop\Transport Tycoon Deluxe.lnk
[2012/06/11 23:24:33 | 000,002,619 | ---- | C] () -- C:\Users\Blanco\Desktop\Tether.lnk
[2012/06/10 00:18:15 | 000,001,127 | ---- | C] () -- C:\Users\Blanco\Desktop\XSplit Broadcaster.lnk
[2012/06/08 13:48:31 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/08 13:48:30 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/08 13:48:30 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/02 20:42:37 | 000,002,615 | ---- | C] () -- C:\Users\Blanco\Desktop\iSyncr.lnk
[2012/06/02 20:36:33 | 000,002,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk
[2012/06/02 01:02:13 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2012/04/13 15:13:45 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012/04/13 15:13:45 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/04/13 15:13:45 | 000,001,992 | ---- | C] () -- C:\Windows\unins000.dat
[2012/04/13 15:09:22 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/02/27 17:21:01 | 000,067,393 | ---- | C] () -- C:\Users\Blanco\AppData\Roaming\icarus-dxdiag.xml
[2012/02/23 02:17:26 | 000,149,024 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/31 04:22:46 | 001,303,248 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/30 15:55:51 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/12/30 15:55:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/12/30 15:54:14 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/30 15:26:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/30 15:26:15 | 000,025,030 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2012/06/28 12:20:23 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\.purple
[2012/01/30 18:37:48 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\BigHugeEngine
[2012/06/08 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Braid
[2012/06/23 03:50:11 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Code Force Limited
[2012/01/30 04:57:09 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\DAEMON Tools Lite
[2012/06/28 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Dropbox
[2012/06/13 01:42:11 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\JRT Studio
[2011/12/30 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Leadertech
[2012/01/06 03:11:44 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\LolClient
[2012/05/24 23:59:42 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\LolClient2
[2012/06/08 17:33:03 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\LoneSurvivor
[2012/05/06 15:45:36 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Mumble
[2012/02/14 12:49:06 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Origin
[2012/04/13 15:09:22 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\PACE Anti-Piracy
[2012/02/26 15:08:00 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\RotMG.Production
[2012/06/08 14:54:27 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\SplitMediaLabs
[2012/04/13 15:10:13 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/27 13:35:01 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Stardock
[2012/06/11 22:58:21 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Teleca
[2012/01/28 03:06:45 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\The Creative Assembly
[2012/06/21 11:33:48 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\TS3Client
[2012/01/26 00:49:07 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Ubisoft
[2012/06/02 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\uqm
[2012/06/27 16:34:37 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\uTorrent
[2012/06/27 16:33:44 | 000,020,874 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/01/23 05:36:36 | 000,000,000 | ---D | M](C:\Users\Blanco\Documents\Ricotta_???????????) -- C:\Users\Blanco\Documents\Ricotta_ワルキューレロマンツェ
[2012/01/23 05:36:36 | 000,000,000 | ---D | C](C:\Users\Blanco\Documents\Ricotta_???????????) -- C:\Users\Blanco\Documents\Ricotta_ワルキューレロマンツェ

========== Alternate Data Streams ==========

@Alternate Data Stream - 1277 bytes -> C:\ProgramData\Microsoft:embHmIjb7J9qECXy4i5s16W
@Alternate Data Stream - 1252 bytes -> C:\Users\Blanco\AppData\Local\Temp:M75frbIQjNyZIdhWvPD
@Alternate Data Stream - 1178 bytes -> C:\ProgramData\Microsoft:6FOIREDfLCZ0VaHnvXGW4WXdcK

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 28 June 2012 - 12:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi they appear to have changed this one again

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    @Alternate Data Stream - 1277 bytes -> C:\ProgramData\Microsoft:embHmIjb7J9qECXy4i5s16W
    @Alternate Data Stream - 1252 bytes -> C:\Users\Blanco\AppData\Local\Temp:M75frbIQjNyZIdhWvPD
    @Alternate Data Stream - 1178 bytes -> C:\ProgramData\Microsoft:6FOIREDfLCZ0VaHnvXGW4WXdcK

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
Blanco613
Posted 28 June 2012 - 01:56 PM

Blanco613

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here's the logs from OTL and Combofix, I just finished running them and will see how it runs from here.

OTL:


OTL logfile created on: 6/28/2012 2:38:29 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Blanco\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.40 Gb Available Physical Memory | 80.20% Memory free
15.95 Gb Paging File | 14.14 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.73 Gb Total Space | 16.10 Gb Free Space | 11.52% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 166.62 Gb Free Space | 23.85% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 131.61 Gb Free Space | 18.84% Space Free | Partition Type: NTFS

Computer Name: BLANCO-PC | User Name: Blanco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Blanco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Users\Blanco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe (JRT Studio LLC)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8036b60a803443f3c61c48b4959f722d\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\spellchk.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\themeedit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ticker.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\winprefs.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\statenotify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\relnot.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\psychic.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmsn.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libgg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsilc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmxit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsametime.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libnovell.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libirc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsimple.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\log_reader.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\notify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\markerline.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libicq.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\newline.dll ()
MOD - C:\Program Files (x86)\Pidgin\libymsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\convcolors.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\history.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\idle.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\joinpart.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\extplacement.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libaim.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\buddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\iconaway.dll ()
MOD - C:\Program Files (x86)\Pidgin\libjabber.dll ()
MOD - C:\Program Files (x86)\Pidgin\liboscar.dll ()
MOD - C:\Program Files (x86)\Pidgin\exchndl.dll ()
MOD - C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\libxml2-2.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comca...insDate06122012
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://xfinity.comca...nsDate06122012"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/03/29 03:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blanco\AppData\Roaming\Mozilla\Extensions
[2012/03/29 03:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blanco\AppData\Roaming\Mozilla\Firefox\Profiles\em84waeu.default\extensions
[2008/06/22 22:57:34 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Blanco\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

O1 HOSTS File: ([2012/06/28 14:35:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Blanco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A2F1614-EDAE-49C6-8C22-891A57C66E2F}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CEAD86C-F6A9-40C9-8BB8-21682462A58C}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2689AEF-EC12-45B7-AC4C-2783B74FDF84}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4187df9e-32e0-11e1-b847-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4187df9e-32e0-11e1-b847-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{5b306341-4588-11e1-9f7f-5404a6be1ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{5b306341-4588-11e1-9f7f-5404a6be1ff8}\Shell\addons\command - "" = C:\Windows\SysWow64\explorer.exe -- [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{5b306341-4588-11e1-9f7f-5404a6be1ff8}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{5b306341-4588-11e1-9f7f-5404a6be1ff8}\Shell\setup\command - "" = F:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 14:34:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/28 12:19:48 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Blanco\Desktop\OTL.exe
[2012/06/27 16:36:49 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012/06/27 16:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/06/27 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/06/25 23:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MekTek.net
[2012/06/25 17:02:00 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MC2 Unofficial Patch Ver. 1.7
[2012/06/25 17:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MC2 Unofficial Patch Ver. 1.7
[2012/06/25 13:58:30 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MekTek.net
[2012/06/25 13:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\MicroProse
[2012/06/25 13:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microprose
[2012/06/25 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Blanco\Dropbox
[2012/06/25 11:39:49 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/06/25 11:39:26 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Dropbox
[2012/06/24 03:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shrapnel Games
[2012/06/24 03:47:29 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shrapnel Games
[2012/06/24 03:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dominions3
[2012/06/24 01:45:09 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\LogMeIn Hamachi
[2012/06/23 03:50:11 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Code Force Limited
[2012/06/23 03:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Distant Worlds
[2012/06/23 03:41:34 | 000,000,000 | ---D | C] -- C:\Windows\Distant Worlds
[2012/06/23 03:12:37 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\Desura
[2012/06/23 03:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/06/23 03:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/06/23 03:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
[2012/06/23 03:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/06/23 02:21:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2012/06/17 02:02:19 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\DroxOperative
[2012/06/17 02:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DroxOperative
[2012/06/17 02:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drox Operative
[2012/06/17 02:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drox Operative
[2012/06/12 13:05:18 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\Xfinity.com
[2012/06/12 13:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012/06/12 13:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/06/11 23:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClockworkMod
[2012/06/11 23:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClockworkMod
[2012/06/11 23:18:25 | 000,000,000 | ---D | C] -- C:\Temp
[2012/06/11 22:58:13 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\HTC
[2012/06/11 22:58:12 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Teleca
[2012/06/11 22:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2012/06/11 22:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Teleca Shared
[2012/06/11 22:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Teleca
[2012/06/11 22:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/06/11 22:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/06/11 22:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012/06/11 22:56:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/06/09 02:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/06/08 17:33:03 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\LoneSurvivor
[2012/06/08 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\Blanco\Documents\Gaslamp Games
[2012/06/08 17:09:01 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Braid
[2012/06/08 14:56:39 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\SplitMediaLabs
[2012/06/08 14:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2012/06/08 14:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2012/06/08 14:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2012/06/08 14:54:27 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\SplitMediaLabs
[2012/06/03 15:46:37 | 000,000,000 | ---D | C] -- C:\Users\Blanco\Desktop\SR2ResolutionPatch_1.3
[2012/06/02 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Blanco\Documents\JRT Studio
[2012/06/02 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\JRT Studio
[2012/06/02 20:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRT Studio
[2012/06/02 20:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRT Studio
[2012/06/02 03:23:27 | 000,000,000 | ---D | C] -- C:\Users\Blanco\Documents\Egosoft
[2012/06/02 01:03:39 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Local\Freelancer
[2012/06/02 01:03:29 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/06/02 01:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/06/02 00:59:08 | 000,000,000 | ---D | C] -- C:\Users\Blanco\AppData\Roaming\uqm

========== Files - Modified Within 30 Days ==========

[2012/06/28 14:42:50 | 001,307,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/28 14:42:50 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/28 14:42:50 | 000,415,714 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2012/06/28 14:42:50 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2012/06/28 14:42:50 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/28 14:42:19 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 14:42:19 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 14:37:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 14:36:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/28 14:36:44 | 2129,305,599 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 14:35:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/28 13:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 12:19:37 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Blanco\Desktop\OTL.exe
[2012/06/27 16:36:47 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/06/26 11:49:59 | 000,001,453 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/06/25 23:13:37 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\AT1.lnk
[2012/06/25 17:37:05 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\MW4Mercs.lnk
[2012/06/25 17:37:05 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\MW4Ed2.lnk
[2012/06/25 16:40:50 | 000,001,016 | ---- | M] () -- C:\Users\Blanco\Desktop\MechCommander 2.lnk
[2012/06/25 15:47:14 | 000,001,095 | ---- | M] () -- C:\Users\Blanco\Desktop\Dominions 3 Manual.pdf - Shortcut.lnk
[2012/06/25 13:58:30 | 000,003,043 | ---- | M] () -- C:\Users\Blanco\Desktop\mtx.exe.lnk
[2012/06/25 11:40:13 | 000,001,041 | ---- | M] () -- C:\Users\Blanco\Desktop\Dropbox.lnk
[2012/06/25 11:39:52 | 000,001,051 | ---- | M] () -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/24 03:52:30 | 000,001,895 | ---- | M] () -- C:\Users\Blanco\Desktop\Dominions 3.lnk
[2012/06/23 03:47:12 | 000,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Distant Worlds.lnk
[2012/06/23 03:09:18 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Desura.lnk
[2012/06/17 02:01:46 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Drox Operative.lnk
[2012/06/16 02:50:08 | 000,001,566 | ---- | M] () -- C:\Users\Blanco\Desktop\Civ 5 Maps.lnk
[2012/06/14 08:23:54 | 004,901,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 01:43:04 | 000,002,615 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk
[2012/06/12 13:23:41 | 000,000,087 | ---- | M] () -- C:\Users\Blanco\Documents\Everything.BPres
[2012/06/12 12:53:16 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/12 00:30:35 | 000,000,847 | ---- | M] () -- C:\Users\Blanco\Desktop\Transport Tycoon Deluxe.lnk
[2012/06/11 23:24:33 | 000,002,619 | ---- | M] () -- C:\Users\Blanco\Desktop\Tether.lnk
[2012/06/10 00:18:15 | 000,001,127 | ---- | M] () -- C:\Users\Blanco\Desktop\XSplit Broadcaster.lnk
[2012/06/08 13:57:52 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/08 13:57:44 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/08 13:57:44 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/02 20:42:37 | 000,002,615 | ---- | M] () -- C:\Users\Blanco\Desktop\iSyncr.lnk
[2012/06/02 01:02:13 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk

========== Files Created - No Company Name ==========

[2012/06/25 23:13:37 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\AT1.lnk
[2012/06/25 17:25:26 | 000,000,805 | ---- | C] () -- C:\Users\Public\Desktop\MW4Mercs.lnk
[2012/06/25 17:25:26 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\MW4Ed2.lnk
[2012/06/25 16:40:50 | 000,001,016 | ---- | C] () -- C:\Users\Blanco\Desktop\MechCommander 2.lnk
[2012/06/25 15:47:14 | 000,001,095 | ---- | C] () -- C:\Users\Blanco\Desktop\Dominions 3 Manual.pdf - Shortcut.lnk
[2012/06/25 13:58:30 | 000,003,043 | ---- | C] () -- C:\Users\Blanco\Desktop\mtx.exe.lnk
[2012/06/25 11:40:13 | 000,001,041 | ---- | C] () -- C:\Users\Blanco\Desktop\Dropbox.lnk
[2012/06/25 11:39:52 | 000,001,051 | ---- | C] () -- C:\Users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/24 03:52:30 | 000,001,895 | ---- | C] () -- C:\Users\Blanco\Desktop\Dominions 3.lnk
[2012/06/24 01:44:46 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/06/23 03:43:12 | 000,000,679 | ---- | C] () -- C:\Users\Public\Desktop\Distant Worlds.lnk
[2012/06/23 03:09:18 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Desura.lnk
[2012/06/17 02:01:46 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Drox Operative.lnk
[2012/06/16 02:50:08 | 000,001,566 | ---- | C] () -- C:\Users\Blanco\Desktop\Civ 5 Maps.lnk
[2012/06/12 13:23:41 | 000,000,087 | ---- | C] () -- C:\Users\Blanco\Documents\Everything.BPres
[2012/06/12 13:03:07 | 000,002,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/06/12 00:30:35 | 000,000,847 | ---- | C] () -- C:\Users\Blanco\Desktop\Transport Tycoon Deluxe.lnk
[2012/06/11 23:24:33 | 000,002,619 | ---- | C] () -- C:\Users\Blanco\Desktop\Tether.lnk
[2012/06/10 00:18:15 | 000,001,127 | ---- | C] () -- C:\Users\Blanco\Desktop\XSplit Broadcaster.lnk
[2012/06/08 13:48:31 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/08 13:48:30 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/08 13:48:30 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/02 20:42:37 | 000,002,615 | ---- | C] () -- C:\Users\Blanco\Desktop\iSyncr.lnk
[2012/06/02 20:36:33 | 000,002,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk
[2012/06/02 01:02:13 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2012/04/13 15:13:45 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012/04/13 15:13:45 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/04/13 15:13:45 | 000,001,992 | ---- | C] () -- C:\Windows\unins000.dat
[2012/04/13 15:09:22 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/02/27 17:21:01 | 000,067,393 | ---- | C] () -- C:\Users\Blanco\AppData\Roaming\icarus-dxdiag.xml
[2012/02/23 02:17:26 | 000,149,024 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/31 04:22:46 | 001,303,248 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/30 15:55:51 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/12/30 15:55:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/12/30 15:54:14 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/30 15:26:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/30 15:26:15 | 000,025,030 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2012/06/28 14:41:52 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\.purple
[2012/01/30 18:37:48 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\BigHugeEngine
[2012/06/08 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Braid
[2012/06/23 03:50:11 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Code Force Limited
[2012/01/30 04:57:09 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\DAEMON Tools Lite
[2012/06/28 14:37:48 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Dropbox
[2012/06/13 01:42:11 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\JRT Studio
[2011/12/30 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Leadertech
[2012/01/06 03:11:44 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\LolClient
[2012/05/24 23:59:42 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\LolClient2
[2012/06/08 17:33:03 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\LoneSurvivor
[2012/05/06 15:45:36 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Mumble
[2012/02/14 12:49:06 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Origin
[2012/04/13 15:09:22 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\PACE Anti-Piracy
[2012/02/26 15:08:00 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\RotMG.Production
[2012/06/08 14:54:27 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\SplitMediaLabs
[2012/04/13 15:10:13 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/27 13:35:01 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Stardock
[2012/06/11 22:58:21 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Teleca
[2012/01/28 03:06:45 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\The Creative Assembly
[2012/06/21 11:33:48 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\TS3Client
[2012/01/26 00:49:07 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\Ubisoft
[2012/06/02 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\uqm
[2012/06/27 16:34:37 | 000,000,000 | ---D | M] -- C:\Users\Blanco\AppData\Roaming\uTorrent
[2012/06/27 16:33:44 | 000,021,124 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/01/23 05:36:36 | 000,000,000 | ---D | M](C:\Users\Blanco\Documents\Ricotta_???????????) -- C:\Users\Blanco\Documents\Ricotta_ワルキューレロマンツェ
[2012/01/23 05:36:36 | 000,000,000 | ---D | C](C:\Users\Blanco\Documents\Ricotta_???????????) -- C:\Users\Blanco\Documents\Ricotta_ワルキューレロマンツェ

< End of report >


Combofix:


ComboFix 12-06-28.03 - Blanco 06/28/2012 14:46:54.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.6120 [GMT -5:00]
Running from: c:\users\Blanco\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
D:\install.exe
E:\install.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 19:49 . 2012-06-28 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 19:34 . 2012-06-28 19:34 -------- d-----w- C:\_OTL
2012-06-27 21:36 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-06-27 21:36 . 2012-06-27 21:36 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-06-25 18:42 . 2012-06-25 18:42 -------- d-----w- c:\program files\MicroProse
2012-06-25 18:39 . 2012-06-25 18:39 -------- d-----w- c:\program files (x86)\Microprose
2012-06-25 16:40 . 2012-06-28 19:51 -------- d-----r- c:\users\Blanco\Dropbox
2012-06-25 16:39 . 2012-06-28 19:51 -------- d-----w- c:\users\Blanco\AppData\Roaming\Dropbox
2012-06-24 08:47 . 2012-06-27 21:04 -------- d-----w- c:\program files (x86)\dominions3
2012-06-24 06:45 . 2012-06-28 19:37 -------- d-----w- c:\users\Blanco\AppData\Local\LogMeIn Hamachi
2012-06-23 08:50 . 2012-06-23 08:50 -------- d-----w- c:\users\Blanco\AppData\Roaming\Code Force Limited
2012-06-23 08:41 . 2012-06-23 08:41 -------- d-----w- c:\windows\Distant Worlds
2012-06-23 08:12 . 2012-06-23 08:12 -------- d-----w- c:\users\Blanco\AppData\Local\Desura
2012-06-23 08:11 . 2012-06-23 08:11 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-06-23 08:10 . 2012-06-23 08:10 -------- d-----w- c:\programdata\Desura
2012-06-23 08:09 . 2012-06-23 08:43 -------- d-----w- c:\program files (x86)\Desura
2012-06-23 07:21 . 2012-06-23 07:21 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2012-06-21 16:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:42 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:42 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:42 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:42 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:42 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 07:02 . 2012-06-17 07:02 -------- d-----w- c:\users\Blanco\AppData\Local\DroxOperative
2012-06-17 07:02 . 2012-06-17 07:02 -------- d-----w- c:\programdata\DroxOperative
2012-06-17 07:01 . 2012-06-23 06:20 -------- d-----w- c:\program files (x86)\Drox Operative
2012-06-12 18:05 . 2012-06-12 18:05 -------- d-----w- c:\users\Blanco\AppData\Local\Xfinity.com
2012-06-12 18:02 . 2012-06-12 18:02 -------- d-----w- c:\program files (x86)\Cisco Systems
2012-06-12 18:00 . 2012-06-12 18:00 -------- d-----w- c:\programdata\Cisco Systems
2012-06-12 04:19 . 2012-06-12 04:19 -------- d-----w- c:\program files (x86)\ClockworkMod
2012-06-12 04:18 . 2012-06-12 04:18 -------- d-----w- C:\Temp
2012-06-12 03:58 . 2012-06-12 03:58 -------- d-----w- c:\users\Blanco\AppData\Local\HTC
2012-06-12 03:58 . 2012-06-12 03:58 -------- d-----w- c:\users\Blanco\AppData\Roaming\Teleca
2012-06-12 03:58 . 2012-06-12 03:58 -------- d-----w- c:\programdata\HTC
2012-06-12 03:58 . 2012-06-12 03:58 -------- d-----w- c:\program files (x86)\Common Files\Teleca Shared
2012-06-12 03:58 . 2012-06-12 03:58 -------- d-----w- c:\programdata\Teleca
2012-06-12 03:57 . 2012-06-12 03:57 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-06-12 03:57 . 2012-06-12 03:58 -------- d-----w- c:\program files (x86)\HTC
2012-06-12 03:56 . 2012-06-12 03:56 -------- d-----w- c:\windows\Downloaded Installations
2012-06-09 07:14 . 2012-06-09 07:14 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-06-08 22:33 . 2012-06-08 22:33 -------- d-----w- c:\users\Blanco\AppData\Roaming\LoneSurvivor
2012-06-08 22:09 . 2012-06-08 22:09 -------- d-----w- c:\users\Blanco\AppData\Roaming\Braid
2012-06-08 19:56 . 2012-06-08 19:56 -------- d-----w- c:\users\Blanco\AppData\Local\SplitMediaLabs
2012-06-08 19:56 . 2012-06-08 19:56 -------- d-----w- c:\programdata\SplitMediaLabs
2012-06-08 19:56 . 2012-06-08 19:56 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-06-08 19:55 . 2012-06-13 06:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-08 19:54 . 2012-06-08 19:54 -------- d-----w- c:\users\Blanco\AppData\Roaming\SplitMediaLabs
2012-06-08 18:48 . 2012-06-08 18:57 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-08 18:48 . 2012-06-08 18:57 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-08 18:48 . 2012-06-08 18:57 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-06-03 01:37 . 2012-06-13 06:42 -------- d-----w- c:\users\Blanco\AppData\Roaming\JRT Studio
2012-06-03 01:36 . 2012-06-03 01:36 -------- d-----w- c:\program files (x86)\JRT Studio
2012-06-02 06:03 . 2012-06-02 06:03 -------- d-----w- c:\users\Blanco\AppData\Local\Freelancer
2012-06-02 05:59 . 2012-06-02 05:59 -------- d-----w- c:\users\Blanco\AppData\Roaming\uqm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 06:42 . 2012-02-16 19:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-03-12 14:46 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-03-12 14:46 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-12 14:46 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-12-30 20:47 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2011-12-30 20:47 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-12-30 20:47 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-12-30 20:47 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-12-30 20:47 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-12-30 20:47 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-12-30 20:48 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-12-30 20:48 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-12-30 20:48 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-03-12 14:47 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-12-30 20:48 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-12-30 20:48 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-09 04:52 . 2011-12-30 20:47 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 04:52 . 2011-12-30 20:47 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-18 17:08 . 2012-03-12 14:46 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-13 20:13 . 2012-04-13 20:13 715038 ----a-w- c:\windows\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Blanco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Blanco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Blanco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Blanco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Blanco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Blanco\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
Pidgin.lnk - c:\program files (x86)\Pidgin\pidgin.exe [2011-12-14 49340]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSyncr.lnk - c:\windows\Installer\{D34D816C-9F8F-4CE8-84FD-680137D399BF}\_FBD8D8AEF95612444B84C4.exe [2012-6-13 66339]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-24 8704]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R3 ALSysIO;ALSysIO;c:\users\Blanco\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-30 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-06-23 131912]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 32768]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-31 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-23 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 20:27]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 20:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Blanco\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Blanco\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Blanco\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Blanco\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate06122012
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{5A2F1614-EDAE-49C6-8C22-891A57C66E2F}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-667576302-718371680-3064241903-1000\Software\SecuROM\License information*]
"datasecu"=hex:1b,a8,8b,a0,e9,ac,0d,fe,8e,50,e7,17,f1,a4,10,29,c2,f6,1b,50,71,
ae,bb,4d,61,f3,da,03,3e,50,33,f8,68,03,04,60,3d,5f,36,8e,ac,b8,4f,f7,3f,a1,\
"rkeysecu"=hex:65,4b,8c,e0,ce,b4,a3,e2,34,7f,8b,91,30,b0,c3,c1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:a9,2d,52,bd,89,d4,c6,52,e5,c8,bd,63,7d,eb,2c,b4,77,48,13,67,99,
02,e1,98,88,ff,71,dd,e4,19,39,83,58,49,93,9a,9e,1e,b6,d9,aa,c2,7c,89,8a,91,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:a9,2d,52,bd,89,d4,c6,52,e5,c8,bd,63,7d,eb,2c,b4,77,48,13,67,99,
02,e1,98,88,ff,71,dd,e4,19,39,83,58,49,93,9a,9e,1e,b6,d9,aa,c2,7c,89,8a,91,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\JRT Studio\iSyncr\iSyncr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Completion time: 2012-06-28 14:54:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 19:54
.
Pre-Run: 16,966,303,744 bytes free
Post-Run: 16,638,980,096 bytes free
.
- - End Of File - - 5884AF7BA295431D86DD60BA5F1B869F
  • 0

#4
Essexboy
Posted 28 June 2012 - 02:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that replaced the infected file

Lets run a sweep for orphans now... How is the computer behaving ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
Essexboy
Posted 02 July 2012 - 10:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP