Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast keep poping up same virus [Solved]


  • This topic is locked This topic is locked

#1
Michael Vuong

Michael Vuong

    Member

  • Member
  • PipPip
  • 36 posts
I get my services.exe popping up on avast as a virus. Here is mmy otl log:


OTL logfile created on: 17/07/2012 8:14:37 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Michael\Desktop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 70.97% Memory free
6.87 Gb Paging File | 5.56 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): c:\pagefile.sys 4219 4219 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.25 Gb Total Space | 38.91 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive D: | 17.08 Gb Total Space | 0.56 Gb Free Space | 3.30% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 10:44:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\Downloads\OTL.exe
PRC - [2012/07/16 09:34:30 | 000,114,176 | ---- | M] (7pm Tech) -- C:\Users\Michael\Desktop\Tiny_1_1_1_2\Tiny MapleStory AIO Tool 1.1.1.5.exe
PRC - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/28 08:51:51 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/15 05:41:58 | 000,193,536 | ---- | M] () -- C:\Nexon\MapleStory\GameLauncher.exe
PRC - [2010/09/19 21:06:52 | 000,126,976 | ---- | M] (Softarium.com) -- C:\Program Files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/14 20:49:11 | 001,077,760 | ---- | M] () -- C:\Users\Michael\Desktop\Tiny_1_1_1_2\Leech Trainer v 3.3 Reg Version Rev 2.dll
MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/05/16 20:37:26 | 000,206,336 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\plugin\convenience.dll
MOD - [2012/04/28 20:48:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\15a8c3e8da757a23dd5ac75d4f44a752\System.Runtime.Remoting.ni.dll
MOD - [2012/04/28 19:06:37 | 001,836,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ea78917763cbefbffb7fe196ac70b8f2\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/28 18:12:20 | 013,137,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ae33325d95b86d18adfe3b2b76deb55e\System.Windows.Forms.ni.dll
MOD - [2012/04/28 18:12:06 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2f6d092e53fd5fe14e5a2e6ba7055cef\System.Drawing.ni.dll
MOD - [2012/04/28 18:11:41 | 007,054,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\06f187eb8b9da275bdf8c146b8a9dfb6\System.Core.ni.dll
MOD - [2012/04/28 18:11:41 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fd4bcc08668bb561ba59e57a30de6bcf\System.Xml.ni.dll
MOD - [2012/04/28 18:11:35 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\77758dbafc19e68f3dce030879c2cf8d\System.Configuration.ni.dll
MOD - [2012/04/28 18:11:28 | 009,090,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2f52fc9cf3baf5181d1897788d9678f4\System.ni.dll
MOD - [2012/04/28 18:06:47 | 014,408,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\f3b6f64941ee3b90d6abb16e415ceb3b\mscorlib.ni.dll
MOD - [2012/02/15 05:41:58 | 000,193,536 | ---- | M] () -- C:\Nexon\MapleStory\GameLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/28 08:52:39 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/06/28 08:52:36 | 000,958,912 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/06/28 08:52:36 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/06/28 08:52:36 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/06/28 08:52:35 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/06/28 08:52:35 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/06/28 08:52:34 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 3C 0D C2 C5 19 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3082593C-7C13-4A58-BD8E-589FB7DD0083}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3082593C-7C13-4A58-BD8E-589FB7DD0083}: "URL" = http://www.google.co...1I7GUEA_enCA479
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{88AA5655-71A5-49DA-9343-5BED861C51F6}: "URL" = http://search.condui...&ctid=CT3059010
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office 2010\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\Microsoft Office 2010\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/29 21:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/23 17:54:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/13 22:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/05/15 21:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\x7lu3shz.default\extensions
[2012/05/15 21:51:55 | 000,000,000 | ---D | M] (Vgrabber) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\x7lu3shz.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}
[2012/05/13 20:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/25 07:22:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/15 19:34:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/29 11:10:36 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7LU3SHZ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.ca/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.ca/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Chrome Toolbox Plugin (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\plugin/convenience.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office 2010\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office 2010\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Easy Auto Refresh = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc\1.8_0\
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Chrome Toolbox (by Google) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\
CHR - Extension: avast! WebRep = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\
CHR - Extension: Skype Click to Call = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Auto Refresh Plus = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.13_0\
CHR - Extension: Page Monitor = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd\3.2.7_0\
CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/14 15:28:07 | 000,001,764 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 pagead.googlesyndication.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 adservices.google.com
O1 - Hosts: 127.0.0.1 ssl.google-analytics.com
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 imageads.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads1.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads2.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads3.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads4.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads5.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads6.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads7.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads8.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads9.googleadservices.com
O1 - Hosts: 127.0.0.1 partner.googleadservices.com
O1 - Hosts: 127.0.0.1 www.googleadservices.com
O1 - Hosts: 127.0.0.1 apps5.oingo.com
O1 - Hosts: 127.0.0.1 www.appliedsemantics.com
O1 - Hosts: 127.0.0.1 service.urchin.com
O1 - Hosts: 127.0.0.1 toolbar.google.com
O1 - Hosts: 127.0.0.1 view.atdmt.com
O1 - Hosts: 127.0.0.1 rad.live.com
O1 - Hosts: 127.0.0.1 rad.msn.com
O1 - Hosts: 127.0.0.1 live.rads.msn.com
O1 - Hosts: 3 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}] C:\Program Files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe (Softarium.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B788E44-A8B9-451A-AA24-2DE1D04F01D7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81963905-4DC7-4EB0-85AE-848ACE9A7F59}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ec2f51f-b5ca-11e1-81a2-001e33d5b550}\Shell - "" = AutoRun
O33 - MountPoints2\{4ec2f51f-b5ca-11e1-81a2-001e33d5b550}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/16 20:31:46 | 000,966,144 | ---- | C] (GameKiller.net) -- C:\Users\Michael\Desktop\NzMaple.exe
[2012/07/16 11:12:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Tiny-MapleStory-AIO-Tool-1.1.1.5
[2012/07/16 10:36:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Tiny_1_1_1_2
[2012/07/15 22:10:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Leech Trainer v 3.3 Reg Version Rev 2
[2012/07/13 15:52:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Cross Fire
[2012/07/13 15:52:29 | 000,000,000 | ---D | C] -- C:\CFLog
[2012/07/09 18:21:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/07/06 21:51:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\lBot
[2012/07/06 13:54:20 | 000,000,000 | ---D | C] -- C:\Music
[2012/07/05 10:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/07/05 10:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/07/05 10:35:48 | 000,915,920 | ---- | C] (CACE Technologies, Inc.) -- C:\Users\Michael\Desktop\WinPcap_4_1_2.exe
[2012/07/05 10:34:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\MapleShark-1012
[2012/07/04 23:17:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Leech Trainer v 2.9
[2012/07/02 18:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games
[2012/07/02 18:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games
[2012/07/02 18:40:05 | 777,027,688 | ---- | C] (Z8Games.com ) -- C:\Users\Michael\Desktop\CrossFire_Setup_v1095.exe
[2012/07/02 11:20:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Howei
[2012/07/02 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\MapleStory Hacks
[2012/06/30 18:26:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\V-UM14 Logitech Webcam
[2012/06/30 18:12:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Logitech-LS
[2012/06/30 18:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/06/30 18:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012/06/29 21:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2012/06/29 21:03:29 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/29 21:03:29 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/29 21:03:06 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/29 21:03:06 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/29 21:03:05 | 000,019,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/06/29 21:03:04 | 000,958,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/29 21:03:03 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/29 21:03:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/29 20:54:51 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012/06/29 20:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/06/29 20:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/06/29 17:56:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\world
[2012/06/29 15:10:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ElevatedDiagnostics
[2012/06/29 13:53:42 | 000,328,064 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswclear.exe
[2012/06/28 22:22:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Tales of Abyss Sidequest Guides
[2012/06/24 23:30:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\GC BANNER MUSIC
[2012/06/24 21:46:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Audacity
[2012/06/24 21:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/06/24 21:07:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\New folder
[2012/06/24 14:45:22 | 000,000,000 | ---D | C] -- C:\GC Games
[2012/06/23 11:53:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/18 18:26:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ThemeMii
[2012/06/18 18:06:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\g
[2012/06/18 13:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DS Scene Rom Tool

========== Files - Modified Within 30 Days ==========

[2012/07/17 20:22:38 | 000,000,748 | ---- | M] () -- C:\LeechTrain.LTr
[2012/07/17 19:42:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/17 19:38:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001UA.job
[2012/07/17 19:13:24 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 19:13:24 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 19:12:57 | 000,796,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/17 19:12:57 | 000,676,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/17 19:12:57 | 000,130,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/17 19:06:49 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/07/17 19:06:13 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/17 19:06:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/17 19:05:57 | 2212,884,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 09:25:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001UA.job
[2012/07/16 20:32:20 | 000,000,638 | ---- | M] () -- C:\Users\Michael\Desktop\The Nullz MapleStory Gateway.lnk
[2012/07/16 20:32:02 | 000,000,127 | ---- | M] () -- C:\JInject.LTr
[2012/07/16 20:31:51 | 000,966,144 | ---- | M] (GameKiller.net) -- C:\Users\Michael\Desktop\NzMaple.exe
[2012/07/16 18:25:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001Core.job
[2012/07/16 14:38:02 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001Core.job
[2012/07/16 11:12:07 | 000,034,795 | ---- | M] () -- C:\Users\Michael\Desktop\Tiny-MapleStory-AIO-Tool-1.1.1.5.zip
[2012/07/16 10:35:46 | 000,035,828 | ---- | M] () -- C:\Users\Michael\Desktop\Tiny_1_1_1_2.zip
[2012/07/15 22:10:41 | 000,533,284 | ---- | M] () -- C:\Users\Michael\Desktop\Leech Trainer v 3.3 Reg Version Rev 2.rar
[2012/07/13 19:37:36 | 834,525,344 | ---- | M] () -- C:\Users\Michael\Desktop\Mob.wz
[2012/07/11 13:39:29 | 000,002,409 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2012/07/09 17:35:27 | 000,780,444 | ---- | M] () -- C:\Users\Michael\Desktop\IMG_09072012_173444.png
[2012/07/07 16:10:06 | 000,001,115 | ---- | M] () -- C:\Users\Michael\Desktop\Continue vGrabber Installation.lnk
[2012/07/06 21:51:22 | 000,011,083 | ---- | M] () -- C:\Users\Michael\Desktop\lBot.rar
[2012/07/05 10:35:51 | 000,915,920 | ---- | M] (CACE Technologies, Inc.) -- C:\Users\Michael\Desktop\WinPcap_4_1_2.exe
[2012/07/05 10:34:10 | 000,478,212 | ---- | M] () -- C:\Users\Michael\Desktop\MapleShark-1012.zip
[2012/07/04 23:07:09 | 000,504,514 | ---- | M] () -- C:\Users\Michael\Desktop\Leech Trainer v 2.9.rar
[2012/07/04 23:05:35 | 006,378,821 | ---- | M] () -- C:\Users\Michael\Desktop\Legitbot 5.0.8p1.rar
[2012/07/02 18:54:31 | 000,001,136 | ---- | M] () -- C:\Users\Michael\Desktop\CrossFire.lnk
[2012/07/02 18:30:01 | 777,027,688 | ---- | M] (Z8Games.com ) -- C:\Users\Michael\Desktop\CrossFire_Setup_v1095.exe
[2012/06/30 20:29:49 | 000,000,450 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/06/30 18:31:33 | 000,000,276 | ---- | M] () -- C:\Windows\_delis32.ini
[2012/06/29 21:10:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/29 21:09:06 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2012/06/29 20:54:48 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/06/29 17:57:42 | 000,000,458 | ---- | M] () -- C:\Users\Michael\Desktop\server.properties
[2012/06/29 17:55:16 | 001,589,718 | ---- | M] () -- C:\Users\Michael\Desktop\Minecraft_Server.exe
[2012/06/29 13:53:41 | 000,328,064 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswclear.exe
[2012/06/28 08:52:39 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/28 08:52:36 | 000,958,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/28 08:52:36 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/28 08:52:36 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/28 08:52:35 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/28 08:52:35 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/06/28 08:52:34 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/28 08:52:20 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/28 08:51:49 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/28 08:51:33 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/26 12:52:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/06/24 21:46:50 | 000,001,007 | ---- | M] () -- C:\Users\Michael\Desktop\Audacity.lnk
[2012/06/18 18:26:51 | 006,474,816 | ---- | M] () -- C:\Users\Michael\Desktop\4-X_MarioJeb.csm

========== Files Created - No Company Name ==========

[2012/07/16 20:32:20 | 000,000,638 | ---- | C] () -- C:\Users\Michael\Desktop\The Nullz MapleStory Gateway.lnk
[2012/07/16 11:12:15 | 000,034,795 | ---- | C] () -- C:\Users\Michael\Desktop\Tiny-MapleStory-AIO-Tool-1.1.1.5.zip
[2012/07/16 10:41:14 | 000,166,912 | ---- | C] () -- C:\Users\Michael\Desktop\J-Inject v 1.1.exe
[2012/07/16 10:35:48 | 000,035,828 | ---- | C] () -- C:\Users\Michael\Desktop\Tiny_1_1_1_2.zip
[2012/07/15 22:10:40 | 000,533,284 | ---- | C] () -- C:\Users\Michael\Desktop\Leech Trainer v 3.3 Reg Version Rev 2.rar
[2012/07/13 19:03:52 | 834,525,344 | ---- | C] () -- C:\Users\Michael\Desktop\Mob.wz
[2012/07/09 17:34:45 | 000,780,444 | ---- | C] () -- C:\Users\Michael\Desktop\IMG_09072012_173444.png
[2012/07/07 16:10:06 | 000,001,115 | ---- | C] () -- C:\Users\Michael\Desktop\Continue vGrabber Installation.lnk
[2012/07/06 21:51:33 | 000,011,083 | ---- | C] () -- C:\Users\Michael\Desktop\lBot.rar
[2012/07/05 10:34:09 | 000,478,212 | ---- | C] () -- C:\Users\Michael\Desktop\MapleShark-1012.zip
[2012/07/04 23:07:06 | 000,504,514 | ---- | C] () -- C:\Users\Michael\Desktop\Leech Trainer v 2.9.rar
[2012/07/04 23:05:22 | 006,378,821 | ---- | C] () -- C:\Users\Michael\Desktop\Legitbot 5.0.8p1.rar
[2012/07/03 19:14:56 | 000,022,528 | ---- | C] () -- C:\Windows\Installer\{21ddbf52-523a-d4fa-330c-10f4b53d1a92}\U\[email protected]
[2012/07/02 18:54:30 | 000,001,136 | ---- | C] () -- C:\Users\Michael\Desktop\CrossFire.lnk
[2012/07/02 11:38:34 | 000,000,750 | ---- | C] () -- C:\LeechTrain.LTr
[2012/07/02 11:17:49 | 000,000,127 | ---- | C] () -- C:\JInject.LTr
[2012/06/30 18:31:33 | 000,000,276 | ---- | C] () -- C:\Windows\_delis32.ini
[2012/06/30 18:12:24 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{21ddbf52-523a-d4fa-330c-10f4b53d1a92}\U\[email protected]
[2012/06/30 18:12:23 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{21ddbf52-523a-d4fa-330c-10f4b53d1a92}\U\[email protected]
[2012/06/29 21:09:06 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2012/06/29 17:56:31 | 000,000,458 | ---- | C] () -- C:\Users\Michael\Desktop\server.properties
[2012/06/29 17:55:17 | 001,589,718 | ---- | C] () -- C:\Users\Michael\Desktop\Minecraft_Server.exe
[2012/06/26 12:52:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/06/24 21:46:50 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/06/24 21:46:50 | 000,001,007 | ---- | C] () -- C:\Users\Michael\Desktop\Audacity.lnk
[2012/06/18 18:26:49 | 006,474,816 | ---- | C] () -- C:\Users\Michael\Desktop\4-X_MarioJeb.csm
[2012/06/18 18:06:42 | 006,399,911 | ---- | C] () -- C:\Users\Michael\Desktop\00000072_4.0U.zip
[2012/06/18 18:06:37 | 009,670,688 | ---- | C] () -- C:\Users\Michael\Desktop\Super Paper Mario.app
[2012/04/18 23:02:47 | 000,000,403 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\turing_files.ini
[2012/04/16 22:57:33 | 000,000,566 | RHS- | C] () -- C:\Users\Michael\ntuser.pol
[2012/04/15 22:37:54 | 000,000,450 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/15 19:45:36 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\WSContextMenu.dll
[2012/04/14 20:22:02 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012/04/14 16:55:03 | 000,614,400 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2012/04/14 16:55:03 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/04/13 22:28:41 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{21ddbf52-523a-d4fa-330c-10f4b53d1a92}\@
[2012/04/13 22:28:41 | 000,002,048 | -HS- | C] () -- C:\Users\Michael\AppData\Local\{21ddbf52-523a-d4fa-330c-10f4b53d1a92}\@
[2012/04/13 22:05:59 | 000,801,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/13 18:27:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== LOP Check ==========

[2012/07/13 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2012/06/25 11:05:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Audacity
[2012/06/29 21:05:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BitTorrent
[2012/04/14 13:58:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient
[2012/05/25 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient2
[2012/04/15 20:15:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Publish Providers
[2012/05/25 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sony
[2012/06/13 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SystemRequirementsLab
[2012/06/03 16:03:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TeamViewer
[2012/04/13 19:33:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WinBatch
[2012/05/25 15:53:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
[2012/07/17 19:06:49 | 000,000,204 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/07/16 18:25:02 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001Core.job
[2012/07/17 09:25:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001UA.job
[2009/07/14 01:08:49 | 000,012,220 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 17/07/2012 8:14:37 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Michael\Desktop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 70.97% Memory free
6.87 Gb Paging File | 5.56 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): c:\pagefile.sys 4219 4219 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.25 Gb Total Space | 38.91 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive D: | 17.08 Gb Total Space | 0.56 Gb Free Space | 3.30% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V\" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V\" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}" = Desktop Restore
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{30048BC0-4093-11E1-9406-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{331F3940-4093-11E1-9565-F04DA23A5C58}" = MSVCRT Redists
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CustoPackTools" = CustoPackTools
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mz7Optimizer_is1" = Mz 7 Optimizer
"Speccy" = Speccy
"WinRAR archiver" = WinRAR 4.00 beta 7 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{4925C0C2-E4E2-456B-9791-0F228BDDC428}" = Facebook Messenger 2.1.4570.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Ultra Edition
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0
"avast" = avast! Pro Antivirus
"BitTorrent" = BitTorrent
"Cross Fire_is1" = Cross Fire En
"CursorFX" = CursorFX
"Daniusoft Video Converter Ultimate_is1" = Daniusoft Video Converter Ultimate(Build 3.1.1.0)
"Fraps" = Fraps (remove only)
"Hide Window Hotkey" = Hide Window Hotkey
"IconPackager" = IconPackager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MapleStory" = MapleStory
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}_is1" = Sound Volume Hotkeys 1.3
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/07/2012 12:30:13 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\Setup.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 14/07/2012 12:30:59 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/07/2012 12:30:12 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\Setup.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/07/2012 12:31:09 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/07/2012 10:16:43 PM | Computer Name = Michael-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 16/07/2012 12:30:14 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\Setup.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/07/2012 12:31:19 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/07/2012 10:59:55 AM | Computer Name = Michael-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 17/07/2012 12:30:22 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\Setup.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/07/2012 12:32:11 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 16/07/2012 9:48:59 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 17/07/2012 10:30:50 AM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 17/07/2012 7:06:02 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 17/07/2012 7:06:02 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/07/2012 7:06:11 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 17/07/2012 7:06:11 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 17/07/2012 7:06:13 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 17/07/2012 7:06:15 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 17/07/2012 7:06:46 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 17/07/2012 7:06:46 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{21ddbf52-523a-d4fa-330c-10f4b53d1a92}
    C:\Users\Michael\AppData\Local\{21ddbf52-523a-d4fa-330c-10f4b53d1a92}

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
Michael Vuong

Michael Vuong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here are all the logs. Avast doesnt seem to spam virus messages anymore :D.


OTL logfile created on: 25/07/2012 11:47:28 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Michael\Desktop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 64.18% Memory free
6.87 Gb Paging File | 5.73 Gb Available in Paging File | 83.52% Paging File free
Paging file location(s): c:\pagefile.sys 4219 4219 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.25 Gb Total Space | 54.28 Gb Free Space | 25.33% Space Free | Partition Type: NTFS
Drive D: | 17.08 Gb Total Space | 0.56 Gb Free Space | 3.30% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 10:44:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\Downloads\OTL.exe
PRC - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/28 08:51:51 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/19 21:06:52 | 000,126,976 | ---- | M] (Softarium.com) -- C:\Program Files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/05/16 20:37:26 | 000,206,336 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\plugin\convenience.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/18 13:38:03 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/28 08:52:39 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/06/28 08:52:36 | 000,958,912 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/06/28 08:52:36 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/06/28 08:52:36 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/06/28 08:52:35 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/06/28 08:52:35 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/06/28 08:52:34 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 3C 0D C2 C5 19 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3082593C-7C13-4A58-BD8E-589FB7DD0083}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3082593C-7C13-4A58-BD8E-589FB7DD0083}: "URL" = http://www.google.co...1I7GUEA_enCA479
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{88AA5655-71A5-49DA-9343-5BED861C51F6}: "URL" = http://search.condui...&ctid=CT3059010
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office 2010\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\Microsoft Office 2010\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4587.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/29 21:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/23 17:54:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/13 22:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/05/15 21:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\x7lu3shz.default\extensions
[2012/05/15 21:51:55 | 000,000,000 | ---D | M] (Vgrabber) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\x7lu3shz.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}
[2012/05/13 20:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/25 07:22:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/15 19:34:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/29 11:10:36 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7LU3SHZ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.ca/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.ca/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Chrome Toolbox Plugin (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\plugin/convenience.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office 2010\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office 2010\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Easy Auto Refresh = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc\1.8_0\
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Chrome Toolbox (by Google) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\
CHR - Extension: avast! WebRep = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\
CHR - Extension: Skype Click to Call = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Auto Refresh Plus = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.13_0\
CHR - Extension: Page Monitor = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd\3.2.7_0\
CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/14 15:28:07 | 000,001,764 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 pagead.googlesyndication.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 adservices.google.com
O1 - Hosts: 127.0.0.1 ssl.google-analytics.com
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 imageads.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads1.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads2.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads3.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads4.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads5.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads6.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads7.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads8.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads9.googleadservices.com
O1 - Hosts: 127.0.0.1 partner.googleadservices.com
O1 - Hosts: 127.0.0.1 www.googleadservices.com
O1 - Hosts: 127.0.0.1 apps5.oingo.com
O1 - Hosts: 127.0.0.1 www.appliedsemantics.com
O1 - Hosts: 127.0.0.1 service.urchin.com
O1 - Hosts: 127.0.0.1 toolbar.google.com
O1 - Hosts: 127.0.0.1 view.atdmt.com
O1 - Hosts: 127.0.0.1 rad.live.com
O1 - Hosts: 127.0.0.1 rad.msn.com
O1 - Hosts: 127.0.0.1 live.rads.msn.com
O1 - Hosts: 3 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}] C:\Program Files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe (Softarium.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B788E44-A8B9-451A-AA24-2DE1D04F01D7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81963905-4DC7-4EB0-85AE-848ACE9A7F59}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ec2f51f-b5ca-11e1-81a2-001e33d5b550}\Shell - "" = AutoRun
O33 - MountPoints2\{4ec2f51f-b5ca-11e1-81a2-001e33d5b550}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 11:47:45 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2012/07/25 11:05:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/23 18:25:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/07/16 20:31:46 | 000,966,144 | ---- | C] (GameKiller.net) -- C:\Users\Michael\Desktop\NzMaple.exe
[2012/07/16 11:12:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Tiny-MapleStory-AIO-Tool-1.1.1.5
[2012/07/16 10:36:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Tiny_1_1_1_2
[2012/07/15 22:10:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Leech Trainer v 3.3 Reg Version Rev 2
[2012/07/13 15:52:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Cross Fire
[2012/07/13 15:52:29 | 000,000,000 | ---D | C] -- C:\CFLog
[2012/07/06 21:51:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\lBot
[2012/07/06 13:54:20 | 000,000,000 | ---D | C] -- C:\Music
[2012/07/05 10:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/07/05 10:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/07/05 10:35:48 | 000,915,920 | ---- | C] (CACE Technologies, Inc.) -- C:\Users\Michael\Desktop\WinPcap_4_1_2.exe
[2012/07/05 10:34:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\MapleShark-1012
[2012/07/04 23:17:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Leech Trainer v 2.9
[2012/07/02 18:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games
[2012/07/02 18:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games
[2012/07/02 18:40:05 | 777,027,688 | ---- | C] (Z8Games.com ) -- C:\Users\Michael\Desktop\CrossFire_Setup_v1095.exe
[2012/07/02 11:20:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Howei
[2012/07/02 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\MapleStory Hacks
[2012/06/30 18:26:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\V-UM14 Logitech Webcam
[2012/06/30 18:12:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Logitech-LS
[2012/06/30 18:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/06/30 18:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012/06/29 21:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2012/06/29 21:03:29 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/29 21:03:29 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/29 21:03:06 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/29 21:03:06 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/29 21:03:05 | 000,019,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/06/29 21:03:04 | 000,958,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/29 21:03:03 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/29 21:03:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/29 20:54:51 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012/06/29 20:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/06/29 20:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/06/29 17:56:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\world
[2012/06/29 15:10:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ElevatedDiagnostics
[2012/06/29 13:53:42 | 000,328,064 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswclear.exe
[2012/06/28 22:22:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Tales of Abyss Sidequest Guides

========== Files - Modified Within 30 Days ==========

[2012/07/25 11:47:49 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2012/07/25 11:43:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/25 11:42:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/25 11:38:06 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 11:38:06 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 11:38:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001UA.job
[2012/07/25 11:35:16 | 000,796,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/25 11:35:16 | 000,676,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/25 11:35:16 | 000,130,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/25 11:31:33 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/07/25 11:30:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/25 11:30:42 | 2212,884,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 11:08:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 09:25:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001UA.job
[2012/07/24 18:25:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001Core.job
[2012/07/24 14:38:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001Core.job
[2012/07/18 21:58:37 | 000,925,184 | ---- | M] () -- C:\Windows\expstart.exe
[2012/07/17 20:22:38 | 000,000,748 | ---- | M] () -- C:\LeechTrain.LTr
[2012/07/16 20:32:20 | 000,000,638 | ---- | M] () -- C:\Users\Michael\Desktop\The Nullz MapleStory Gateway.lnk
[2012/07/16 20:32:02 | 000,000,127 | ---- | M] () -- C:\JInject.LTr
[2012/07/16 20:31:51 | 000,966,144 | ---- | M] (GameKiller.net) -- C:\Users\Michael\Desktop\NzMaple.exe
[2012/07/16 11:12:07 | 000,034,795 | ---- | M] () -- C:\Users\Michael\Desktop\Tiny-MapleStory-AIO-Tool-1.1.1.5.zip
[2012/07/16 10:35:46 | 000,035,828 | ---- | M] () -- C:\Users\Michael\Desktop\Tiny_1_1_1_2.zip
[2012/07/15 22:10:41 | 000,533,284 | ---- | M] () -- C:\Users\Michael\Desktop\Leech Trainer v 3.3 Reg Version Rev 2.rar
[2012/07/13 19:37:36 | 834,525,344 | ---- | M] () -- C:\Users\Michael\Desktop\Mob.wz
[2012/07/11 13:39:29 | 000,002,409 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2012/07/09 17:35:27 | 000,780,444 | ---- | M] () -- C:\Users\Michael\Desktop\IMG_09072012_173444.png
[2012/07/07 16:10:06 | 000,001,115 | ---- | M] () -- C:\Users\Michael\Desktop\Continue vGrabber Installation.lnk
[2012/07/06 21:51:22 | 000,011,083 | ---- | M] () -- C:\Users\Michael\Desktop\lBot.rar
[2012/07/05 10:35:51 | 000,915,920 | ---- | M] (CACE Technologies, Inc.) -- C:\Users\Michael\Desktop\WinPcap_4_1_2.exe
[2012/07/05 10:34:10 | 000,478,212 | ---- | M] () -- C:\Users\Michael\Desktop\MapleShark-1012.zip
[2012/07/04 23:07:09 | 000,504,514 | ---- | M] () -- C:\Users\Michael\Desktop\Leech Trainer v 2.9.rar
[2012/07/04 23:05:35 | 006,378,821 | ---- | M] () -- C:\Users\Michael\Desktop\Legitbot 5.0.8p1.rar
[2012/07/02 18:54:31 | 000,001,136 | ---- | M] () -- C:\Users\Michael\Desktop\CrossFire.lnk
[2012/07/02 18:30:01 | 777,027,688 | ---- | M] (Z8Games.com ) -- C:\Users\Michael\Desktop\CrossFire_Setup_v1095.exe
[2012/06/30 20:29:49 | 000,000,450 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/06/30 18:31:33 | 000,000,276 | ---- | M] () -- C:\Windows\_delis32.ini
[2012/06/29 21:10:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/29 21:09:06 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2012/06/29 20:54:48 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/06/29 17:57:42 | 000,000,458 | ---- | M] () -- C:\Users\Michael\Desktop\server.properties
[2012/06/29 17:55:16 | 001,589,718 | ---- | M] () -- C:\Users\Michael\Desktop\Minecraft_Server.exe
[2012/06/29 13:53:41 | 000,328,064 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswclear.exe
[2012/06/28 08:52:39 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/28 08:52:36 | 000,958,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/28 08:52:36 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/28 08:52:36 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/28 08:52:35 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/28 08:52:35 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/06/28 08:52:34 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/28 08:52:20 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/28 08:51:49 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/28 08:51:33 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/26 12:52:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012/07/18 13:38:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/16 20:32:20 | 000,000,638 | ---- | C] () -- C:\Users\Michael\Desktop\The Nullz MapleStory Gateway.lnk
[2012/07/16 11:12:15 | 000,034,795 | ---- | C] () -- C:\Users\Michael\Desktop\Tiny-MapleStory-AIO-Tool-1.1.1.5.zip
[2012/07/16 10:41:14 | 000,166,912 | ---- | C] () -- C:\Users\Michael\Desktop\J-Inject v 1.1.exe
[2012/07/16 10:35:48 | 000,035,828 | ---- | C] () -- C:\Users\Michael\Desktop\Tiny_1_1_1_2.zip
[2012/07/15 22:10:40 | 000,533,284 | ---- | C] () -- C:\Users\Michael\Desktop\Leech Trainer v 3.3 Reg Version Rev 2.rar
[2012/07/13 19:03:52 | 834,525,344 | ---- | C] () -- C:\Users\Michael\Desktop\Mob.wz
[2012/07/09 17:34:45 | 000,780,444 | ---- | C] () -- C:\Users\Michael\Desktop\IMG_09072012_173444.png
[2012/07/07 16:10:06 | 000,001,115 | ---- | C] () -- C:\Users\Michael\Desktop\Continue vGrabber Installation.lnk
[2012/07/06 21:51:33 | 000,011,083 | ---- | C] () -- C:\Users\Michael\Desktop\lBot.rar
[2012/07/05 10:34:09 | 000,478,212 | ---- | C] () -- C:\Users\Michael\Desktop\MapleShark-1012.zip
[2012/07/04 23:07:06 | 000,504,514 | ---- | C] () -- C:\Users\Michael\Desktop\Leech Trainer v 2.9.rar
[2012/07/04 23:05:22 | 006,378,821 | ---- | C] () -- C:\Users\Michael\Desktop\Legitbot 5.0.8p1.rar
[2012/07/02 18:54:30 | 000,001,136 | ---- | C] () -- C:\Users\Michael\Desktop\CrossFire.lnk
[2012/07/02 11:38:34 | 000,000,748 | ---- | C] () -- C:\LeechTrain.LTr
[2012/07/02 11:17:49 | 000,000,127 | ---- | C] () -- C:\JInject.LTr
[2012/06/30 18:31:33 | 000,000,276 | ---- | C] () -- C:\Windows\_delis32.ini
[2012/06/29 21:09:06 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2012/06/29 17:56:31 | 000,000,458 | ---- | C] () -- C:\Users\Michael\Desktop\server.properties
[2012/06/29 17:55:17 | 001,589,718 | ---- | C] () -- C:\Users\Michael\Desktop\Minecraft_Server.exe
[2012/06/26 12:52:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/04/18 23:02:47 | 000,000,403 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\turing_files.ini
[2012/04/16 22:57:33 | 000,000,566 | RHS- | C] () -- C:\Users\Michael\ntuser.pol
[2012/04/15 22:37:54 | 000,000,450 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/15 19:45:36 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\WSContextMenu.dll
[2012/04/14 20:22:02 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012/04/14 16:55:03 | 000,614,400 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2012/04/14 16:55:03 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/04/13 22:05:59 | 000,801,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/13 18:27:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== LOP Check ==========

[2012/07/18 19:23:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2012/06/25 11:05:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Audacity
[2012/06/29 21:05:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BitTorrent
[2012/04/14 13:58:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient
[2012/05/25 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient2
[2012/04/15 20:15:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Publish Providers
[2012/05/25 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sony
[2012/06/13 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SystemRequirementsLab
[2012/06/03 16:03:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TeamViewer
[2012/04/13 19:33:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WinBatch
[2012/05/25 15:53:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
[2012/07/25 11:31:33 | 000,000,204 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/07/24 18:25:01 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001Core.job
[2012/07/25 09:25:02 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001UA.job
[2009/07/14 01:08:49 | 000,012,474 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 17/07/2012 8:14:37 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Michael\Desktop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 70.97% Memory free
6.87 Gb Paging File | 5.56 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): c:\pagefile.sys 4219 4219 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.25 Gb Total Space | 38.91 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive D: | 17.08 Gb Total Space | 0.56 Gb Free Space | 3.30% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V\" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V\" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}" = Desktop Restore
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{30048BC0-4093-11E1-9406-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{331F3940-4093-11E1-9565-F04DA23A5C58}" = MSVCRT Redists
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CustoPackTools" = CustoPackTools
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mz7Optimizer_is1" = Mz 7 Optimizer
"Speccy" = Speccy
"WinRAR archiver" = WinRAR 4.00 beta 7 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{4925C0C2-E4E2-456B-9791-0F228BDDC428}" = Facebook Messenger 2.1.4570.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Ultra Edition
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0
"avast" = avast! Pro Antivirus
"BitTorrent" = BitTorrent
"Cross Fire_is1" = Cross Fire En
"CursorFX" = CursorFX
"Daniusoft Video Converter Ultimate_is1" = Daniusoft Video Converter Ultimate(Build 3.1.1.0)
"Fraps" = Fraps (remove only)
"Hide Window Hotkey" = Hide Window Hotkey
"IconPackager" = IconPackager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MapleStory" = MapleStory
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}_is1" = Sound Volume Hotkeys 1.3
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/07/2012 12:30:13 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\Setup.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 14/07/2012 12:30:59 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/07/2012 12:30:12 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\Setup.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/07/2012 12:31:09 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/07/2012 10:16:43 PM | Computer Name = Michael-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 16/07/2012 12:30:14 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\Setup.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/07/2012 12:31:19 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/07/2012 10:59:55 AM | Computer Name = Michael-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 17/07/2012 12:30:22 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\Setup.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/07/2012 12:32:11 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 16/07/2012 9:48:59 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 17/07/2012 10:30:50 AM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 17/07/2012 7:06:02 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 17/07/2012 7:06:02 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/07/2012 7:06:11 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 17/07/2012 7:06:11 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 17/07/2012 7:06:13 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 17/07/2012 7:06:15 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 17/07/2012 7:06:46 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 17/07/2012 7:06:46 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >


ComboFix 12-07-26.03 - Michael 25/07/2012 12:01:09.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.2814.1790 [GMT -4:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 16:09 . 2012-07-25 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 15:05 . 2012-07-25 15:05 -------- d-----w- C:\_OTL
2012-07-09 01:39 . 2012-07-09 01:40 -------- d-----w- c:\users\Second
2012-07-06 17:54 . 2012-07-19 18:04 -------- d-----w- C:\Music
2012-07-05 14:36 . 2012-07-05 14:36 -------- d-----w- c:\program files (x86)\WinPcap
2012-07-02 22:43 . 2012-07-02 22:43 -------- d-----w- c:\program files (x86)\Z8Games
2012-07-02 15:20 . 2012-07-02 15:20 -------- d-----w- c:\users\Michael\AppData\Local\Howei
2012-06-30 22:31 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-06-30 22:19 . 2003-03-19 01:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-30 22:19 . 2003-02-21 09:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-30 22:19 . 2003-03-19 02:20 1060864 ----a-w- c:\windows\SysWow64\MFC71.dll
2012-06-30 22:12 . 2012-06-30 22:12 -------- d-----w- c:\users\Michael\AppData\Local\Logitech-LS
2012-06-30 22:08 . 2003-03-19 02:12 1047552 ----a-w- c:\windows\SysWow64\MFC71u.dll
2012-06-30 22:08 . 2003-03-19 01:44 57344 ----a-w- c:\windows\SysWow64\MFC71ENU.DLL
2012-06-30 22:08 . 2003-03-19 01:44 49152 ----a-w- c:\windows\SysWow64\MFC71KOR.DLL
2012-06-30 22:08 . 2003-03-19 01:44 61440 ----a-w- c:\windows\SysWow64\MFC71ITA.DLL
2012-06-30 22:08 . 2003-03-19 01:44 61440 ----a-w- c:\windows\SysWow64\MFC71ESP.DLL
2012-06-30 22:08 . 2003-03-19 01:44 45056 ----a-w- c:\windows\SysWow64\MFC71CHT.DLL
2012-06-30 22:08 . 2003-03-19 01:44 65536 ----a-w- c:\windows\SysWow64\MFC71DEU.DLL
2012-06-30 22:08 . 2003-03-19 01:44 49152 ----a-w- c:\windows\SysWow64\MFC71JPN.DLL
2012-06-30 22:08 . 2003-03-19 01:44 40960 ----a-w- c:\windows\SysWow64\MFC71CHS.DLL
2012-06-30 22:08 . 2003-03-19 00:05 89088 ----a-w- c:\windows\SysWow64\atl71.dll
2012-06-30 22:05 . 2012-06-30 22:07 -------- d-----w- c:\program files (x86)\Logitech
2012-06-30 22:03 . 2012-06-30 22:03 -------- d-----w- c:\users\AppData
2012-06-30 01:03 . 2012-06-28 12:52 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-30 01:03 . 2012-06-28 12:52 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-30 01:03 . 2012-06-28 12:52 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-30 01:03 . 2012-06-28 12:52 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-30 01:03 . 2012-06-28 12:52 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-06-30 01:03 . 2012-06-28 12:52 958912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-30 01:03 . 2012-06-28 12:52 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-30 01:03 . 2012-06-28 12:51 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-30 00:54 . 2009-03-18 21:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-06-30 00:54 . 2012-06-30 00:54 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-06-29 19:10 . 2012-06-29 19:10 -------- d-----w- c:\users\Michael\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 01:58 . 2012-04-15 00:22 925184 ----a-w- c:\windows\expstart.exe
2012-07-18 17:38 . 2012-04-13 22:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 17:38 . 2012-04-13 22:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-28 12:52 . 2012-04-14 14:10 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2012-04-14 14:10 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-25 20:04 . 2009-07-13 23:57 20430848 ----a-w- c:\windows\system32\imageres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwag.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}"="c:\program files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe" [2010-09-20 126976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 250056]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-06-28 71064]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 17:38]
.
2012-07-25 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-04-14 20:55]
.
2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001Core.job
- c:\users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-19 22:20]
.
2012-07-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001UA.job
- c:\users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-19 22:20]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 02:21]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133330056-422465124-907170563-1001UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 02:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\Microsoft Office 2010\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\Microsoft Office 2010\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\x7lu3shz.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
WebBrowser-{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4133330056-422465124-907170563-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4133330056-422465124-907170563-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-07-25 12:17:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 16:17
.
Pre-Run: 57,915,846,656 bytes free
Post-Run: 57,273,372,672 bytes free
.
- - End Of File - - 6ABA987C55185FE7C64D6CFF8649A75F
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks good, how is the computer behaving ?
  • 0

#5
Michael Vuong

Michael Vuong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Very good. NO more popups. However the setting hide extensions seem to return to default. Thats normal right?
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes Combofix sets some parts of the system back to defaults

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#7
Michael Vuong

Michael Vuong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Well just did what u told me too do. Machines working fine btw Thanks for everything ! :D
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP