Files Detected: 3
C:\Windows\Installer\{753ffbb2-9779-3476-915a-b58ce449f664}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
C:\Windows\SysWOW64\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
However, on running another scan with malwarebytes I realised the files were still there, it had not deleted them. I am not sure where they came from, but recently I did see java unexpectedly run when I was on a website, I do not know if it is linked.
Thank you in advance for your time
Here are the results of the OTL scan:
OTL logfile created on: 18/07/2012 19:28:19 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.75 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 29.74% Memory free
5.49 Gb Paging File | 2.14 Gb Available in Paging File | 38.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 212.37 Gb Free Space | 74.52% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/18 19:09:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/07/18 15:44:51 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/17 13:24:01 | 000,047,616 | ---- | M] (Turtle Beach) -- C:\Users\User\AppData\Local\Temp\DAT3A7D.tmp.exe
PRC - [2012/07/12 15:09:41 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/05/05 12:02:00 | 000,932,528 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2010/04/17 07:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/17 16:56:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/03/11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/09 01:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/18 15:44:50 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/12 15:09:41 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/06/15 16:38:59 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012/06/14 20:40:43 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 20:38:21 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 20:37:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 20:37:44 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/06/14 20:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/14 20:36:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/14 20:36:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/14 20:36:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/05 12:02:00 | 000,932,528 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/12/16 23:05:49 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/03/09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 14:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 13:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 13:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/11/23 17:37:20 | 009,688,064 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/04/22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/04/12 08:14:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/17 12:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/07/18 15:44:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/17 13:24:01 | 000,047,616 | ---- | M] (Turtle Beach) [Auto | Stopped] -- C:\Users\User\AppData\Local\Temp\DAT3A7D.tmp.exe -- (zsmyrynkuwyhztc)
SRV - [2012/07/12 15:09:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/04/17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 14:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 14:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 14:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 14:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 14:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 14:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 14:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 14:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/01/10 21:38:28 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/12 08:28:34 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/12 07:18:44 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/09 00:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/18 09:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/08/23 11:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007/09/17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2012/04/22 01:53:04 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2012/01/06 18:49:39 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...53z105t4601l22r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...53z105t4601l22r
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...53z105t4601l22r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...53z105t4601l22r
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...53z105t4601l22r
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enES462ES462
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/24 21:11:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/07/07 15:15:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 15:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/12/16 22:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/07/16 08:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o105j347.default\extensions
[2012/04/22 01:51:46 | 000,000,000 | ---D | M] (eSupport Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o105j347.default\extensions\[email protected]
[2012/07/12 12:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/07 15:15:24 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/02/24 21:11:49 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/05/02 18:55:33 | 000,013,610 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O105J347.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[2012/01/21 10:29:06 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O105J347.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 15:44:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/06 03:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/05/03 09:45:19 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/08 14:01:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/03 09:45:19 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/03 09:45:19 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/03 09:45:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/03 09:45:19 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_1\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_1\
CHR - Extension: SiteAdvisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\
CHR - Extension: SiteAdvisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_1\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_1\
O1 HOSTS File: ([2011/12/21 12:45:37 | 000,000,863 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.1.149 patitogames.dyndns.tv
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120707140849.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120707140849.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (eSupport Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (eSupport Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E8C2DD2-F49D-4986-931A-BBC07A9D6171}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/18 19:08:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/07/18 17:46:47 | 004,582,182 | ---- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/07/18 16:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/18 11:02:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{356E18C6-CA54-4A07-A387-B5C6230D06A1}
[2012/07/18 11:02:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{56143451-4D22-4ABA-927B-1B059E58A2B5}
[2012/07/18 11:02:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5A2D36DE-7D3E-46C1-A3FD-19A3F0BB77AE}
[2012/07/18 11:01:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7E69CD1C-6491-4415-B3DF-9B400F775A58}
[2012/07/17 23:00:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D479C67F-BE3F-4615-9A82-914A8C0ACB37}
[2012/07/17 23:00:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D79E991B-B983-459D-B96A-00B8BE370A1F}
[2012/07/17 23:00:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FD81322F-3C64-413A-8281-BD40E4AB3336}
[2012/07/17 22:59:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1E28F0F4-5B5B-4ED0-9547-79B8FE7547E4}
[2012/07/17 21:56:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{26A4C520-1F80-4827-8CC0-8C35D8092861}
[2012/07/17 21:34:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{22F1CD1E-BF18-493B-9E3D-0B35109FAD0B}
[2012/07/17 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB075CFC-C7DE-4B72-95A6-C3BD1DEFA5E0}
[2012/07/17 09:19:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D6896CDB-4E09-4BC4-85CC-40047DE0A091}
[2012/07/16 21:05:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EFD61C98-B698-48CD-B961-7AD98D231B42}
[2012/07/16 21:05:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E435707A-763A-4ECF-9EC8-3BF78C59F676}
[2012/07/16 21:05:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DF657825-8AA8-4F91-B32E-0AD1336C73F2}
[2012/07/16 21:05:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5C69E427-1737-43B6-972E-B2033E05BA3D}
[2012/07/16 09:04:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B0D42ECD-B612-413B-864B-9C40EE8A8272}
[2012/07/16 09:04:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3D439EBB-5CA3-451E-AE42-3C8A1FDD23EE}
[2012/07/16 09:04:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{864C18D1-F779-43BD-91D6-A9EBCC4FA89D}
[2012/07/15 21:03:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DC1EC517-C6DB-4B9F-8348-64A7BB7BAF51}
[2012/07/15 21:03:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{442C7FA8-75D7-4ECF-B6FB-71B30DA7CC04}
[2012/07/15 21:03:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{95675E90-E12C-4D18-A035-2C810AFFCD83}
[2012/07/15 21:02:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8E810516-8DA0-430D-9E4D-657D073CB949}
[2012/07/14 11:23:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47B0CD0B-D515-4DF0-8E49-ABE24DEE34B8}
[2012/07/14 11:21:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{468053DE-F670-4475-9ECA-59F42519D086}
[2012/07/14 11:17:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BE2AAC1B-5647-4767-8C9A-EA078706E5C4}
[2012/07/13 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{45BEC74C-13F5-45A8-937F-872EE6593D06}
[2012/07/13 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{83358470-B19E-4F01-A213-B568D3A13C12}
[2012/07/13 18:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/13 18:49:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/13 10:51:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0F2A105A-7867-4873-AA5B-8644D3087A79}
[2012/07/13 10:51:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FD2360F4-2AB0-483E-9015-3200A82FF645}
[2012/07/13 10:51:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B6B4670A-4732-40B2-95AE-CE591BAD1AEF}
[2012/07/13 10:50:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{31E81DED-074B-48B1-AAFD-046BD37DEBC1}
[2012/07/12 22:50:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5C8E4956-ECA1-40B7-9DC1-6A80FED001C3}
[2012/07/12 22:50:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9A60DA56-84D0-4311-B4C6-F595060AF7DA}
[2012/07/12 22:49:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{64C3A2D8-7556-4546-890D-CC03933B2CC3}
[2012/07/12 22:49:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B4862461-C342-425E-A2B7-291DF063D84B}
[2012/07/12 14:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/12 14:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/07/12 14:47:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/07/12 10:49:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8FB26BEE-A380-416F-A94F-7CB9D7EF6ECA}
[2012/07/12 10:49:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{45960560-EF69-4F9C-8928-5C946CA25C7A}
[2012/07/12 10:48:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5843371D-C7B7-4512-984E-76252BFCA3CA}
[2012/07/12 10:48:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DF40128A-A5C6-41F9-AFAB-F85FD1F3765E}
[2012/07/11 22:48:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{568E0ECE-F6FA-40BC-B312-738AC4521F8E}
[2012/07/11 22:47:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{66540BD9-819E-464D-9D3F-9A16DFEE9DE7}
[2012/07/11 22:47:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{299447F9-62CA-4454-A7A3-721ADD4996DE}
[2012/07/11 22:47:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{63A25587-DADA-479F-9EC2-EE12163E8212}
[2012/07/11 10:46:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8AE2BF68-41A9-445C-96E7-753DE0569D7D}
[2012/07/11 10:46:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7ECFB8ED-BE6D-48FC-BB11-3F9B4A326536}
[2012/07/11 10:46:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{012A680C-E6F2-4E6F-B67D-B164BA5A60D6}
[2012/07/11 10:46:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6894FD65-A049-4D21-83AF-0A4780AC7A08}
[2012/07/10 22:45:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1936E478-F462-4928-BEFC-038E4882F28A}
[2012/07/10 22:45:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7B4B7FA4-B9F4-4EBC-ACC8-5FCA66022FC8}
[2012/07/10 22:45:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C3742270-C937-435E-9CF4-83742D7D08E4}
[2012/07/10 22:44:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{32EADF16-5B88-493F-9857-4849CE438800}
[2012/07/10 10:44:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E1C3727A-8016-4E5E-9143-3C95DA6565C6}
[2012/07/10 10:44:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{130E65EC-2650-493A-BEAD-3E37D9A73CE8}
[2012/07/10 10:44:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{000D155E-0F5F-4FD8-958D-2EFE6912B8E9}
[2012/07/10 10:43:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7744619A-6AFB-4D52-A6FF-813F70AFCC4B}
[2012/07/09 22:43:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BF47506-3E91-49FD-A45C-37D11E662D67}
[2012/07/09 22:43:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{61658B3D-B1ED-4CC9-BAFE-D1A8CE4B28A5}
[2012/07/09 22:43:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8F5C40FD-E041-4DC3-8E6B-BE5CABA76AA2}
[2012/07/09 22:42:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F48FD15F-B18F-4235-807E-7A6A25BC555F}
[2012/07/09 10:42:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{23B5F999-FE57-43F4-B03D-0FF1B9E95535}
[2012/07/09 10:41:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{80406213-55A5-4556-BB14-8DF61E930CC7}
[2012/07/09 10:41:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{61DB4CBB-22C2-458E-9812-59B7617AEFE4}
[2012/07/09 10:41:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C8D2AF71-3194-4427-BE17-872C6F0DFD68}
[2012/07/08 23:59:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{24BFED4D-C6B9-4003-B9DC-87D8BD7B1F45}
[2012/07/08 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{23212E1C-7ADA-437B-BF21-C276E4D777DF}
[2012/07/08 23:06:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F06DE33C-C653-46A9-92FA-BC5EC6F68A29}
[2012/07/08 22:13:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AC72F8DB-5351-459D-8D96-7C45BF1BAF53}
[2012/07/08 10:13:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{96B037AE-0EF0-4290-A368-90863394B714}
[2012/07/08 10:12:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6D6E9B84-A8E3-44FF-B704-BBB2E0CE1485}
[2012/07/08 10:12:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{952C3604-9EDE-4943-92EA-72278F35234F}
[2012/07/08 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9CE0A2C4-5C9F-44D1-A6EB-6A47C0F07BF2}
[2012/07/07 13:42:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1041DEA0-BD04-4925-A8D3-D0F511DADC94}
[2012/07/07 13:42:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DACDA126-963A-48F5-A7EA-EAEA6A251E4D}
[2012/07/07 13:42:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA621586-F64F-4AA4-88DF-369932066794}
[2012/07/07 13:42:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{362355D6-2AEE-4163-A183-60D30E3FB013}
[2012/07/07 01:41:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F1929E7C-2248-49B4-83CA-C164D06DB265}
[2012/07/07 01:41:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8C2FB217-8C6C-4212-81DC-F1CE850B3B7F}
[2012/07/07 01:36:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8C42F1B1-E019-4ABD-8EB5-A044B20212F6}
[2012/07/06 23:52:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PlayFirst
[2012/07/06 23:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2012/07/06 22:46:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{198F4F73-9321-4EA3-8D02-3DFA75ED48FD}
[2012/07/06 10:39:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{84A9E3A6-E140-4572-B925-DCF62B1A6123}
[2012/07/06 10:39:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{067BD148-6E32-484B-8C00-37BCF54BA238}
[2012/07/06 10:38:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E5DE6ABB-BBDF-4E5B-AE1C-A37903039BA7}
[2012/07/06 10:38:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AFEEA8C1-731E-44E2-80DB-57CDDEAF6E4C}
[2012/07/05 22:37:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5DAE6DBF-B658-48B1-B23D-3A57C4499F84}
[2012/07/05 22:37:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2E2BE00B-4864-4C8C-9479-1BB5095A5D70}
[2012/07/05 22:36:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EEE2DD94-532D-43EF-B328-3FA252BAEC20}
[2012/07/05 12:00:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EC8D038F-A222-4EA0-BC53-7AD9DC22AA9D}
[2012/07/05 12:00:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{67D6A27D-70EA-4DAD-9A5C-397C7B22216A}
[2012/07/05 12:00:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{13572629-C489-4FD4-8B94-AEA283F68C1A}
[2012/07/05 12:00:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{386F85DC-0472-4EAD-A090-64BBCB92AFFA}
[2012/07/04 23:59:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A72C69CC-6451-4AF8-8A9B-ECD4F86CE322}
[2012/07/04 23:59:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4E9FFA29-F39F-4DED-911F-FEB181F8243D}
[2012/07/04 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3EF3CA02-3D17-4957-9915-4D771CD0D708}
[2012/07/04 23:59:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{984A3024-F307-432E-8636-26BF41E84B27}
[2012/07/04 11:58:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E3D92D29-B79E-4712-B6AC-434D757404E9}
[2012/07/04 11:58:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3494BAAE-BDDB-43F2-96B6-6DD549AAC585}
[2012/07/04 11:58:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AF5E9B9D-B51D-4C00-92AE-791018C76C42}
[2012/07/04 11:58:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{07B30E43-8C92-4596-83B4-01BC7DD22B25}
[2012/07/03 23:57:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1E0F0DFC-E039-4F56-BEC9-9D1BA1F10601}
[2012/07/03 23:57:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{04804965-F769-4F46-8CB8-8ACB707DBB8B}
[2012/07/03 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A9CF329A-2C20-43EA-9402-80BEDE3B5026}
[2012/07/03 23:57:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2F77936F-AB15-4192-B34D-B9195A9EDD41}
[2012/07/03 11:56:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B0C05D71-7E59-4EB7-AEAF-0612F9D7F305}
[2012/07/03 11:56:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9C1A9DED-2B3B-4866-8C9B-4A63E4716FFB}
[2012/07/03 11:56:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B9D38459-C33C-4DD7-8C30-ECCB632E2E34}
[2012/07/03 11:56:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F07D6D8F-9329-4CAE-9A8C-1DFEAD3D4E2B}
[2012/07/02 23:55:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3713B4F3-8206-4014-A271-11D34D99B649}
[2012/07/02 23:55:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{67C636CB-362C-4D68-87D1-C7B5EC486C76}
[2012/07/02 23:55:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ECD0D057-100F-4F9B-ABE9-C133B183B94C}
[2012/07/02 23:54:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A80BA43E-2E9B-44E7-8327-07A80FE0270B}
[2012/07/02 14:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/02 11:54:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9C36DADA-48B2-47BA-9181-763536333389}
[2012/07/02 11:54:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{049B8C8A-C37E-44E2-80ED-7712E06372E6}
[2012/07/02 11:54:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{19B1E5D2-EBF6-4678-9F55-F8172CB684AB}
[2012/07/02 11:53:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{65749274-9B06-44A4-AC83-EAB52A84F2E7}
[2012/07/01 23:53:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0ECED5C5-02C4-4561-928F-982AD2910D37}
[2012/07/01 23:53:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{57A37948-A2BA-4894-9464-1C7BCDE65DA2}
[2012/07/01 23:52:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{491D015E-3D15-4BCB-914F-7A3DC9608C95}
[2012/07/01 23:52:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0ED65EC5-A084-4F79-A262-0C272D6F4140}
[2012/07/01 11:51:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{636F76EE-9E0A-482A-B979-93CA32CC898E}
[2012/07/01 11:51:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C64E923E-DE3D-498F-8AAA-2C937372864A}
[2012/07/01 03:59:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F641A538-B1C9-464D-A00E-4C3F0DB293F7}
[2012/06/30 14:30:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1B54EF46-B441-4D00-9EF9-FB4A88808EB1}
[2012/06/30 14:30:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1713F6CC-6CFF-4B20-95CC-1EF6E6BC7159}
[2012/06/30 14:30:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4536FE44-F82E-4379-A4B0-94F150C010C2}
[2012/06/30 14:30:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FE9A0BE5-7C53-45E6-969D-97791376C947}
[2012/06/29 22:11:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1E2A3FCC-EC62-45D6-9CA9-D2973E66AC82}
[2012/06/29 22:11:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FB90837F-E6F2-440E-9A68-E0EC5B9AC591}
[2012/06/29 22:10:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{68F19E56-69F2-4AD0-96E1-D4BEBC13A6B9}
[2012/06/29 22:10:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{31BDB042-4C49-4D35-832E-5C2EBD0311F0}
[2012/06/29 10:10:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{69DB2BBC-30F1-4411-AD9A-F301E694A95E}
[2012/06/29 10:09:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{98CC87EE-62DB-4A45-93B3-E285C10721CA}
[2012/06/28 21:41:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5292A32E-D682-44E9-BBD4-BDB724651D42}
[2012/06/28 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B32F22C-A03B-48F3-A180-02650B3942FD}
[2012/06/28 09:40:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8DAB9856-BE4D-4E18-B6AA-A7D9EA3D6E1F}
[2012/06/28 09:39:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C410EDED-0CF7-4D8E-9A5A-3C3E585D8AE2}
[2012/06/27 20:52:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FD8C0F4A-C316-4165-A815-3FB28D938A59}
[2012/06/27 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DFD6BC36-F63E-48A4-9511-7EE4FAA8C780}
[2012/06/27 20:52:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9AD7BE52-5B9C-4C45-8F9E-8F3D03E0CD85}
[2012/06/27 20:51:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9E132CB0-94B8-4A76-8B38-3E7B980DCF7D}
[2012/06/27 08:51:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0669982E-306B-4D9C-9D8B-DA5C762603DC}
[2012/06/27 08:51:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6FD8F9EC-2411-4B32-9B80-6F3A19B461D7}
[2012/06/27 08:51:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{03E77EBB-C2B1-4410-8356-BAA22A7B63B7}
[2012/06/27 08:51:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6A441A38-900D-4E24-9FEC-DBAF22C78663}
[2012/06/26 20:50:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{96CC662F-0BCB-4323-A59D-0F628D6F5E28}
[2012/06/26 20:50:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DF2C305F-0726-4E4B-9FB3-876D68C385E7}
[2012/06/26 20:50:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B86F5603-5A59-4798-A04A-813923D1E292}
[2012/06/26 20:49:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2BFC989B-744B-420F-9583-A7806E0A8E70}
[2012/06/26 08:49:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6E76F490-2F22-4ABB-8CCC-54C334588797}
[2012/06/26 08:48:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{84F7E7B2-05C8-4436-BDEA-F717788F74A6}
[2012/06/26 08:48:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E0DC9F03-D3B0-4B3E-B825-E70A82A75BC1}
[2012/06/25 20:34:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47C0A311-41BB-4902-BEAD-ED8AF0A72844}
[2012/06/25 20:34:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{51050C67-FC07-4C68-894D-50F94183E4DB}
[2012/06/25 08:34:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{686D6EEA-8214-4F64-8247-E765EF2318FF}
[2012/06/25 08:34:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B37C57DC-D085-479F-966B-AB1F1AD66FF7}
[2012/06/25 08:33:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E7FCFEA8-CA3D-430C-B40C-6B1843A9F4B1}
[2012/06/25 08:33:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47FE59C5-3AFD-4076-B0A6-CDF8BEE0A506}
[2012/06/24 14:30:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{40D4BE10-59AD-484C-A61B-4A9BD46A82E3}
[2012/06/24 14:30:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F3E7DB0B-40BB-4542-96C0-F3FFECEFBC9F}
[2012/06/24 14:30:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{745BCAB9-594C-4B93-8449-776B72FB1A76}
[2012/06/24 14:30:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5ED71B03-1540-4E69-86E9-2B2AAD611A7C}
[2012/06/24 14:20:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{66278416-E379-40DF-BFB2-E39CE016478F}
[2012/06/24 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{549AE719-F830-4BE2-A063-A5F273499AA4}
[2012/06/24 00:36:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{690D8662-1B37-4B58-9956-EF28C23EF0BE}
[2012/06/24 00:35:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BE61E551-8FE6-4F0F-95A9-68BEBEB91415}
[2012/06/23 12:35:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{13E47277-04D6-4798-A1E5-21E9528AEBBA}
[2012/06/23 12:35:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F099A13F-31F9-4D90-8CBB-7D317D66A875}
[2012/06/23 12:34:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0530B03C-F062-41AF-B7F9-7649D3F22080}
[2012/06/23 12:34:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6D8BC88E-4166-4D80-94BD-FA8081FC2A7F}
[2012/06/23 00:34:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D2230952-3781-4AAC-AD43-9EE860844B36}
[2012/06/23 00:33:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B48EA6A-8B31-41E7-8ACA-879B3A066705}
[2012/06/22 12:33:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B412DCD9-8DE8-4497-915C-A05775785749}
[2012/06/22 12:33:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{97AA99ED-EC20-4020-B6E5-B4564BB83778}
[2012/06/22 12:33:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7A52469C-F556-4E39-BA39-452EBEA211E7}
[2012/06/22 12:32:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E8D21505-DA6E-4450-B8B5-455502C8F6A1}
[2012/06/22 00:32:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D04DBE42-2CA2-4452-88D7-1CB6EC7FDCEC}
[2012/06/22 00:32:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{36762D1D-6FDE-48C4-8B76-EA76EAECDF7D}
[2012/06/21 12:31:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{67C6A936-079E-4BEE-A7A3-64237E295DEE}
[2012/06/21 12:31:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BF93F206-F0E5-4C1D-879D-C53F78FACE31}
[2012/06/21 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3DFF4D69-2571-4FB6-A302-0FEC5ED5FABC}
[2012/06/20 23:24:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{845E12BD-58EB-4BEA-B9C6-CE944BEFA082}
[2012/06/20 23:24:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{87BA208E-FB04-49BF-9A16-38B0010FB89B}
[2012/06/20 23:24:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{62DFDA5D-4248-45C2-9AC2-167CBCBB52D2}
[2012/06/20 23:24:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D35E9D16-B7FC-44B5-A970-AD7AA4B98A7F}
[2012/06/20 11:23:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7056460F-DA69-4ABD-ABF4-A7CF4D19ECF1}
[2012/06/20 11:23:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E832A742-2788-4FCD-97B7-71AD8F56E45F}
[2012/06/20 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{58EACE66-1F44-410B-875F-46444BE20BCB}
[2012/06/20 11:23:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9EF6D43E-C831-4DA6-B501-23DEA6B943BD}
[2012/06/19 23:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5B2FE6BA-146D-4350-805A-9EC39ECB481A}
[2012/06/19 23:22:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5743B8D3-FA5E-44C5-A709-456C57FC8E3F}
[2012/06/19 23:22:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{79DDBF3C-E0A8-468F-9844-7B4B3E407C7B}
[2012/06/19 23:22:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{693982C6-1726-4FFC-9C44-98781E5F87DC}
[2012/06/19 11:21:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0115D6D8-4256-46E4-9E17-5894210709A7}
[2012/06/19 11:21:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{42480C98-5217-4FF4-A50B-B0C700455ABE}
[2012/06/19 11:21:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0702F75A-0ED4-49D9-A454-ADBC7F0B3603}
[2012/06/19 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C3151C98-C72D-4196-B7DC-C0EF530E4938}
[2012/06/18 23:20:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E767887C-2009-4681-A756-A00DE77C143C}
========== Files - Modified Within 30 Days ==========
[2012/07/18 19:48:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-334750894-3029775612-822521199-1000UA.job
[2012/07/18 19:09:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/07/18 19:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/18 19:03:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 17:47:39 | 000,001,058 | ---- | M] () -- C:\Users\User\Desktop\ComboFix.exe - Shortcut.lnk
[2012/07/18 17:47:27 | 004,582,182 | ---- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/07/18 16:44:29 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2012/07/18 16:34:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 16:34:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 16:19:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\str.sys
[2012/07/18 16:19:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 16:19:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 16:19:19 | 2213,253,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 14:48:14 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-334750894-3029775612-822521199-1000Core.job
[2012/07/14 08:30:29 | 000,763,250 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/14 08:30:29 | 000,657,396 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/14 08:30:29 | 000,118,562 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/13 18:56:46 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 19:46:02 | 000,002,395 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/07/12 14:48:35 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/08 14:03:10 | 000,000,000 | ---- | M] () -- C:\Users\User\Documents\AE44E400
[2012/07/08 14:03:06 | 000,000,000 | ---- | M] () -- C:\Users\User\Documents\DE34E400
[2012/07/08 14:02:55 | 000,000,000 | ---- | M] () -- C:\Users\User\Documents\1414E400
[2012/07/05 21:50:26 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/25 21:51:41 | 000,065,406 | R--- | M] () -- C:\Users\User\Documents\0240413VK4704A0033QR.pdf
[2012/06/21 20:07:19 | 000,000,600 | ---- | M] () -- C:\Users\User\AppData\Local\PUTTY.RND
========== Files Created - No Company Name ==========
[2012/07/18 17:47:39 | 000,001,058 | ---- | C] () -- C:\Users\User\Desktop\ComboFix.exe - Shortcut.lnk
[2012/07/18 16:45:39 | 000,022,528 | ---- | C] () -- C:\Windows\Installer\{753ffbb2-9779-3476-915a-b58ce449f664}\U\800000cb.@
[2012/07/18 16:19:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\str.sys
[2012/07/13 18:50:16 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 14:48:35 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/08 14:03:10 | 000,000,000 | ---- | C] () -- C:\Users\User\Documents\AE44E400
[2012/07/08 14:03:06 | 000,000,000 | ---- | C] () -- C:\Users\User\Documents\DE34E400
[2012/07/08 14:02:55 | 000,000,000 | ---- | C] () -- C:\Users\User\Documents\1414E400
[2012/07/05 22:37:06 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{753ffbb2-9779-3476-915a-b58ce449f664}\U\00000001.@
[2012/07/05 20:45:25 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012/06/25 21:51:46 | 000,065,406 | R--- | C] () -- C:\Users\User\Documents\0240413VK4704A0033QR.pdf
[2012/06/15 10:36:49 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND
[2012/06/13 17:29:04 | 000,103,784 | ---- | C] () -- C:\Users\User\GoToAssistDownloadHelper.exe
[2012/02/25 16:24:13 | 000,000,313 | ---- | C] () -- C:\Users\User\.JMAppsCfg
[2012/02/25 16:21:57 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\jsound.dll
[2012/02/25 16:21:57 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\jmvh263.dll
[2012/02/25 16:21:56 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jmmpegv.dll
[2012/02/25 16:21:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jmutil.dll
[2012/02/25 16:21:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\jmvfw.dll
[2012/02/25 16:21:56 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmvcm.dll
[2012/02/25 16:21:55 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\jmmpa.dll
[2012/02/25 16:21:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\jmjpeg.dll
[2012/02/25 16:21:55 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\jmh263enc.dll
[2012/02/25 16:21:55 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmmci.dll
[2012/02/25 16:21:54 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\jmh261.dll
[2012/02/25 16:21:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\jmgsm.dll
[2012/02/25 16:21:53 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\jmg723.dll
[2012/02/25 16:21:53 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmgdi.dll
[2012/02/25 16:21:52 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\jmdaud.dll
[2012/02/25 16:21:52 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmfjawt.dll
[2012/02/25 16:21:52 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmddraw.dll
[2012/02/25 16:21:52 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmdaudc.dll
[2012/02/25 16:21:51 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\jmam.dll
[2012/02/25 16:21:51 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmcvid.dll
[2012/02/25 16:21:51 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmacm.dll
[2012/01/11 09:37:31 | 000,002,048 | -HS- | C] () -- C:\Users\User\AppData\Local\{753ffbb2-9779-3476-915a-b58ce449f664}\@
[2012/01/11 09:37:30 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{753ffbb2-9779-3476-915a-b58ce449f664}\@
[2012/01/10 21:37:16 | 000,001,456 | ---- | C] () -- C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/05 15:45:45 | 000,025,088 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 13:36:23 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011/12/20 12:42:02 | 000,000,145 | ---- | C] () -- C:\Users\User\.appletviewer
[2011/12/18 16:11:03 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/18 16:10:30 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/11/17 16:50:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/26 11:00:59 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== LOP Check ==========
[2012/07/05 22:33:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2012/01/09 18:18:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/13 20:02:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DJJava
[2012/03/16 23:05:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2012/05/04 18:40:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeTorrentViewer
[2012/03/24 20:13:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gizza
[2011/12/01 11:48:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JAM Software
[2011/12/20 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MySQL
[2012/01/06 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PC Suite
[2012/07/06 23:52:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PlayFirst
[2012/01/01 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PowerCinema
[2012/01/06 18:14:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2012/06/20 00:12:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2011/12/17 16:58:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2012/06/09 17:42:16 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
< End of report >