Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sirefef-PL [Rtk] infection, replete with weak cert warnings when tryin


  • Please log in to reply

#1
loadblok

loadblok

    New Member

  • Member
  • Pip
  • 5 posts
First and foremost, kudos and thanks to the volunteers who staff the forums! I have encountered the Sirefef-PL[rtk] malware infection and it is making life difficult. Symptoms include redirects when following results of google searches and a warning when trying to access gmail:

quoting:

The site's security certificate is signed using a weak signature algorithm!
You attempted to reach mail.google.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).
You cannot proceed because the website operator has requested heightened security for this domain. /end quote

The https: in the address bar is crossed out with a red slash, and he padlock icon beside https: has a red X through it as well.

Here are OTL results:
OTL logfile created on: 7/30/2012 4:23:35 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\TROY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.85 Gb Available Physical Memory | 80.95% Memory free
11.98 Gb Paging File | 10.81 Gb Available in Paging File | 90.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.17 Gb Total Space | 461.42 Gb Free Space | 78.99% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.17 Gb Free Space | 18.21% Space Free | Partition Type: NTFS
Drive E: | 643.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TROY-PC | User Name: TROY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 16:23:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\TROY\Desktop\OTL.exe
PRC - [2012/06/24 10:58:44 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 23:09:00 | 000,438,296 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/09 23:08:59 | 003,972,120 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/09 23:07:22 | 000,140,328 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/09 23:07:21 | 000,262,184 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/09 23:07:19 | 002,386,984 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 21:17:27 | 009,255,112 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/06/24 10:58:42 | 000,022,528 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2012/06/24 10:58:38 | 000,028,672 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2012/06/24 10:58:36 | 001,282,560 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2012/06/24 10:57:50 | 000,007,168 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2012/06/24 10:57:46 | 000,536,064 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2012/06/24 10:57:26 | 000,048,640 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2012/06/24 10:57:18 | 000,072,704 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2012/06/24 10:57:08 | 000,013,312 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2012/06/24 10:57:06 | 000,325,632 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.FilesManager.dll
MOD - [2012/06/24 10:57:06 | 000,061,952 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2012/06/24 10:57:06 | 000,018,944 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2012/06/24 10:57:06 | 000,010,240 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2012/06/24 10:57:06 | 000,007,168 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2012/06/24 10:57:04 | 000,012,288 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2012/06/24 10:57:00 | 000,074,752 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2012/06/24 10:57:00 | 000,040,960 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2012/06/24 10:57:00 | 000,009,728 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2012/06/24 10:57:00 | 000,006,144 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2012/06/24 10:57:00 | 000,005,632 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2012/06/14 07:08:04 | 000,254,976 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\plugins\npDefaultTabSearch.dll
MOD - [2012/06/14 07:06:18 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/14 07:06:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 07:05:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:05:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/10 21:21:06 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/06/10 21:21:05 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2012/05/09 03:39:21 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012/05/09 03:36:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 03:36:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 03:36:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 03:36:18 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/11/04 20:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/05/04 14:55:28 | 000,300,920 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\GManager.exe -- (GManager)
SRV - [2012/07/29 17:42:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 20:40:16 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/11 12:08:36 | 000,114,240 | ---- | M] (TODO: <Company name>) [Auto | Stopped] -- C:\Users\TROY\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/05/18 04:00:24 | 000,563,200 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/05/03 19:13:18 | 000,199,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe -- (MCTDesktopSvr)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Stopped] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe -- (NSL)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/03 15:06:52 | 000,168,192 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t1pusb64.sys -- (t1pusb64)
DRV:64bit: - [2011/04/22 13:09:06 | 000,117,376 | ---- | M] (Magic Control Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mctkmd64.sys -- (mctkmd)
DRV:64bit: - [2011/04/08 17:38:58 | 000,019,584 | ---- | M] (Magic Control Technology Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mctKmdldr64.sys -- (mctkmdldr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 09:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/16 06:32:14 | 006,112,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 13:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/11/22 10:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{CB31321C-0B65-4ADB-A88C-F8EDA6E38071}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{CB31321C-0B65-4ADB-A88C-F8EDA6E38071}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook....home.php?ref=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
IE - HKCU\..\URLSearchHook: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
IE - HKCU\..\SearchScopes\{4DA50A75-6112-4F1A-A553-9725D17E613A}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}: "URL" = http://indy.startnow...eferrer:source}
IE - HKCU\..\SearchScopes\{8057843E-F848-4DC1-A428-025BBF32EA53}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{CB31321C-0B65-4ADB-A88C-F8EDA6E38071}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&fr=chr-offrhap
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\TROY\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\TROY\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TROY\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TROY\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\TROY\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/09/26 04:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2012/01/28 00:59:58 | 000,000,000 | ---D | M]

[2012/06/10 21:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TROY\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\TROY\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RivalGaming = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\
CHR - Extension: Community Smartbar = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Surf Canyon = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\3.4.2_0\
CHR - Extension: YouTube = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: We-Care Reminder = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.25_0\
CHR - Extension: DefaultTab = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\
CHR - Extension: My Personal Homepage = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdibpcceojcijhomkdgiffflkgngmapf\2.6.430_0\
CHR - Extension: Gmail = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RivalGaming Games) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\TROY\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\TROY\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll ()
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Produtools Manuals 2.1 Toolbar) - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Produtools Manuals 2.1 Toolbar) - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [FDispPos] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MCTDUtil] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [FDPRO-501] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO File not found
O4 - HKCU..\Run: [GenieoSystemTray] C:\Users\TROY\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKCU..\Run: [GenieoUpdaterService] C:\Users\TROY\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\TROY\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe (Avanquest Software)
O4 - HKCU..\Run: [Start WingMan Profiler] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D946C227-0260-468D-B37A-3777880DC02A}: DhcpNameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/03/20 15:35:58 | 000,184,414 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/09/26 12:32:24 | 000,000,037 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{58c1e7ef-a355-11de-aaa2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58c1e7ef-a355-11de-aaa2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2001/03/20 15:35:58 | 000,184,414 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2001/03/20 15:35:58 | 000,184,414 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 16:23:15 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\TROY\Desktop\OTL.exe
[2012/07/30 16:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/30 13:57:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\TROY\Desktop\aswMBR.exe
[2012/07/30 13:39:23 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Roaming\Malwarebytes
[2012/07/30 13:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/30 13:39:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/30 13:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/30 13:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/14 08:43:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/08 20:15:56 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Local\Geckofx
[2012/07/08 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Roaming\Firefly Studios
[2012/07/08 20:15:47 | 000,000,000 | ---D | C] -- C:\Users\TROY\Documents\Stronghold Kingdoms
[2012/07/08 12:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/08 12:21:27 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Local\Conduit
[2012/07/08 12:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Produtools_Manuals_2.1

========== Files - Modified Within 30 Days ==========

[2012/07/30 16:23:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\TROY\Desktop\OTL.exe
[2012/07/30 16:10:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 16:10:07 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 16:09:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 16:09:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 16:02:52 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2012/07/30 16:02:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 16:02:47 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2012/07/30 16:02:44 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/07/30 16:02:36 | 000,002,703 | ---- | M] () -- C:\Windows\SysNative\GManager.ini
[2012/07/30 15:40:02 | 000,000,512 | ---- | M] () -- C:\Users\TROY\Documents\MBR.dat
[2012/07/30 13:58:25 | 000,044,607 | ---- | M] () -- C:\Users\TROY\Desktop\bootkit_remover.zip
[2012/07/30 13:57:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\TROY\Desktop\aswMBR.exe
[2012/07/30 06:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/30 06:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 06:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1643144743-2594041797-535586485-1000UA.job
[2012/07/30 05:34:02 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for TROY.job
[2012/07/30 05:00:02 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job
[2012/07/29 19:00:07 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/07/29 07:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1643144743-2594041797-535586485-1000Core.job
[2012/07/28 14:02:18 | 000,066,629 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.JPG
[2012/07/28 14:02:17 | 000,066,616 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.2
[2012/07/28 14:02:15 | 000,102,795 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.0
[2012/07/28 14:02:15 | 000,066,476 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.1
[2012/07/28 14:00:46 | 000,097,889 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.0
[2012/07/28 14:00:46 | 000,060,666 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.JPG
[2012/07/28 13:59:39 | 000,108,299 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.0
[2012/07/28 13:59:39 | 000,072,334 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.JPG
[2012/07/28 13:59:18 | 000,128,139 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.0
[2012/07/28 13:59:18 | 000,089,130 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.JPG
[2012/07/12 13:24:45 | 000,002,395 | ---- | M] () -- C:\Users\TROY\Desktop\Google Chrome.lnk
[2012/07/11 03:26:53 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTROY.job
[2012/07/11 03:26:45 | 000,355,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/30 15:59:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
[2012/07/30 15:40:02 | 000,000,512 | ---- | C] () -- C:\Users\TROY\Documents\MBR.dat
[2012/07/30 13:58:25 | 000,044,607 | ---- | C] () -- C:\Users\TROY\Desktop\bootkit_remover.zip
[2012/07/28 14:02:18 | 000,066,616 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.2
[2012/07/28 14:02:17 | 000,066,476 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.1
[2012/07/28 14:02:15 | 000,102,795 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.0
[2012/07/28 14:02:15 | 000,066,629 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.JPG
[2012/07/28 14:00:46 | 000,097,889 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.0
[2012/07/28 14:00:46 | 000,060,666 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.JPG
[2012/07/28 13:59:39 | 000,108,299 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.0
[2012/07/28 13:59:39 | 000,072,334 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.JPG
[2012/07/28 13:59:18 | 000,128,139 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.0
[2012/07/28 13:59:18 | 000,089,130 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.JPG
[2012/07/14 08:29:41 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
[2012/07/14 08:29:40 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
[2012/07/14 08:29:40 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\L\[email protected]
[2012/07/14 08:29:19 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
[2012/07/14 08:29:16 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
[2012/07/14 08:29:16 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
[2012/06/11 12:03:24 | 000,425,984 | ---- | C] () -- C:\Windows\SysWow64\WinCMR.dll
[2012/06/10 21:17:29 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/02/11 18:07:12 | 001,697,492 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp107.JPG
[2012/02/11 15:46:40 | 000,064,033 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp100.1
[2012/02/11 15:46:38 | 000,086,681 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp100.0
[2012/02/11 15:46:38 | 000,064,048 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp100.JPG
[2012/02/11 15:40:43 | 000,010,650 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp311_navi.JPG
[2012/02/11 15:40:20 | 000,771,545 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp312.JPG
[2012/02/11 15:39:53 | 000,631,547 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.2
[2012/02/11 15:39:47 | 000,631,557 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.JPG
[2012/02/11 15:37:43 | 000,758,507 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 011.JPG
[2012/02/11 15:37:41 | 000,765,750 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 011.0
[2012/02/05 20:34:55 | 000,870,128 | ---- | C] () -- C:\Users\TROY\AppData\Roaming\mcs.rma
[2012/02/05 20:34:55 | 000,000,004 | ---- | C] () -- C:\Users\TROY\AppData\Roaming\E18E54
[2012/02/05 08:47:31 | 000,000,636 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/01/16 17:00:10 | 000,430,080 | ---- | C] () -- C:\Windows\SysWow64\UDLL.dll
[2012/01/16 17:00:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\mctudll.dll
[2012/01/11 14:40:09 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\@
[2012/01/11 14:40:09 | 000,002,048 | -HS- | C] () -- C:\Users\TROY\AppData\Local\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\@
[2011/11/19 17:16:11 | 000,000,286 | ---- | C] () -- C:\Windows\EReg213.dat
[2011/09/29 19:30:26 | 000,810,523 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp629.JPG
[2011/09/29 19:30:09 | 000,675,276 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp630.1
[2011/09/29 19:30:08 | 001,045,015 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp630.0
[2011/09/29 19:30:08 | 000,675,328 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp630.JPG
[2011/09/29 19:29:15 | 000,684,493 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp321.1
[2011/09/29 19:29:14 | 000,980,091 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp321.0
[2011/09/29 19:29:14 | 000,684,504 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp321.JPG
[2011/09/29 19:28:54 | 000,007,128 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp320_navi.JPG
[2011/09/29 19:28:53 | 000,687,811 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp320.JPG
[2011/09/29 19:27:55 | 000,796,070 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp314.1
[2011/09/29 19:27:54 | 001,310,252 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp314.0
[2011/09/29 19:27:54 | 000,796,071 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp314.JPG
[2011/08/28 16:36:32 | 000,000,315 | ---- | C] () -- C:\Windows\EReg192.dat
[2011/08/23 08:42:01 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/06/15 16:38:55 | 000,723,601 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp146.JPG
[2011/06/01 12:16:19 | 000,444,640 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.JPG
[2011/06/01 12:14:53 | 000,444,657 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.14
[2011/06/01 12:14:51 | 000,444,658 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.13
[2011/06/01 12:14:25 | 000,444,619 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.12
[2011/06/01 12:14:22 | 000,444,624 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.11
[2011/06/01 12:14:18 | 000,444,601 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.10
[2011/06/01 12:14:15 | 000,444,636 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.9
[2011/06/01 12:14:12 | 000,444,663 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.8
[2011/06/01 12:14:07 | 000,444,681 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.7
[2011/06/01 12:13:56 | 000,444,641 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.6
[2011/06/01 12:13:54 | 000,444,639 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.5
[2011/06/01 12:13:52 | 000,444,649 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.4
[2011/06/01 12:13:24 | 000,444,648 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.3
[2011/06/01 12:13:22 | 000,444,704 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.2
[2011/06/01 12:13:16 | 000,444,677 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.1
[2011/06/01 12:13:15 | 000,497,489 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.0
[2011/06/01 12:12:40 | 000,049,814 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEMORIAL DAY 2011.JPG
[2011/05/30 14:42:14 | 000,063,488 | ---- | C] () -- C:\Users\TROY\xobglu16.dll
[2011/05/30 14:42:14 | 000,023,552 | ---- | C] () -- C:\Users\TROY\xobglu32.dll
[2011/04/28 21:53:43 | 004,489,216 | ---- | C] () -- C:\ProgramData\EAW Deathstar.scr
[2011/04/17 08:35:07 | 000,003,482 | ---- | C] () -- C:\Users\TROY\AppData\Roaming\wklnhst.dat
[2011/04/07 18:55:27 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/04/07 18:35:47 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2011/04/02 20:05:10 | 000,240,850 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.JPG
[2011/04/02 20:05:08 | 000,240,869 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.12
[2011/04/02 20:05:08 | 000,240,850 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.13
[2011/04/02 20:05:06 | 000,240,869 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.11
[2011/04/02 20:05:05 | 000,240,864 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.10
[2011/04/02 20:05:02 | 000,240,852 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.9
[2011/04/02 20:05:00 | 000,240,869 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.8
[2011/04/02 20:04:58 | 000,240,880 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.7
[2011/04/02 20:04:56 | 000,240,873 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.6
[2011/04/02 20:04:53 | 000,240,872 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.5
[2011/04/02 20:04:38 | 000,240,890 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.4
[2011/04/02 20:04:37 | 000,245,423 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.3
[2011/04/02 20:04:36 | 000,240,835 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.2
[2011/04/02 20:04:35 | 000,242,560 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.1
[2011/04/02 20:04:28 | 000,551,110 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.0
[2011/04/02 20:03:33 | 000,223,372 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.4
[2011/04/02 20:03:30 | 000,223,379 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.3
[2011/04/02 20:03:28 | 000,223,382 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.2
[2011/04/02 20:03:26 | 000,223,411 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.1
[2011/04/02 20:03:25 | 000,568,257 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.0
[2011/04/02 20:03:25 | 000,223,384 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.JPG
[2011/04/02 20:02:47 | 000,228,024 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.4
[2011/04/02 20:02:41 | 000,228,003 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.3
[2011/04/02 20:02:40 | 000,227,982 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.2
[2011/04/02 20:02:37 | 000,227,984 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.1
[2011/04/02 20:02:35 | 000,571,741 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.0
[2011/04/02 19:58:56 | 001,058,757 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp158.JPG
[2011/04/02 19:57:57 | 001,097,227 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp793.JPG
[2011/04/02 19:57:40 | 000,837,870 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.3
[2011/04/02 19:57:38 | 000,837,900 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.2
[2011/04/02 19:57:36 | 000,837,922 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.1
[2011/04/02 19:57:35 | 000,837,856 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.JPG
[2011/04/02 19:57:34 | 001,364,925 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.0
[2011/04/02 19:57:12 | 000,810,826 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.3
[2011/04/02 19:57:09 | 000,810,844 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.2
[2011/04/02 19:57:08 | 000,810,824 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.1
[2011/04/02 19:57:07 | 000,810,803 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.JPG
[2011/04/02 19:57:06 | 001,333,658 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.0
[2011/04/02 19:56:01 | 000,784,463 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp877.JPG
[2011/04/02 19:55:13 | 000,533,822 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp894.JPG
[2011/04/02 19:55:12 | 000,745,851 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp894.0
[2011/04/02 19:54:14 | 000,715,215 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.JPG
[2011/04/02 19:54:09 | 000,715,245 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.4
[2011/04/02 19:54:06 | 000,715,252 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.3
[2011/04/02 19:54:05 | 000,715,229 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.2
[2011/04/02 19:54:01 | 000,715,230 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.1
[2011/04/02 19:53:48 | 001,112,730 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.0
[2011/04/02 19:53:32 | 000,779,883 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.4
[2011/04/02 19:53:30 | 000,779,867 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.3
[2011/04/02 19:53:27 | 000,779,867 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.2
[2011/04/02 19:53:25 | 000,779,880 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.1
[2011/04/02 19:53:24 | 001,273,338 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.0
[2011/04/02 19:53:24 | 000,779,878 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.JPG
[2011/04/02 19:53:20 | 000,014,611 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923_navi.JPG
[2011/04/02 19:53:06 | 000,977,320 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.4
[2011/04/02 19:53:05 | 000,977,269 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.3
[2011/04/02 19:53:02 | 000,977,347 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.2
[2011/04/02 19:52:59 | 000,977,368 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.1
[2011/04/02 19:52:58 | 001,650,395 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.0
[2011/04/02 19:52:58 | 000,977,285 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.JPG
[2011/04/02 19:52:18 | 000,952,469 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.5
[2011/04/02 19:52:16 | 000,952,509 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.4
[2011/04/02 19:52:13 | 000,952,492 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.3
[2011/04/02 19:52:10 | 000,952,536 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.2
[2011/04/02 19:52:09 | 000,952,526 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.1
[2011/04/02 19:52:06 | 001,567,533 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.0
[2011/04/02 19:52:06 | 000,952,466 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.JPG
[2011/04/02 19:51:41 | 000,816,426 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp926.1
[2011/04/02 19:51:40 | 000,816,346 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp926.JPG
[2011/04/02 19:51:39 | 001,343,776 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp926.0
[2011/04/02 19:51:17 | 000,817,989 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.3
[2011/04/02 19:51:15 | 000,818,034 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.2
[2011/04/02 19:51:12 | 000,818,053 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.1
[2011/04/02 19:51:09 | 001,367,397 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.0
[2011/04/02 19:51:09 | 000,817,989 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.JPG
[2011/04/02 19:50:45 | 000,825,847 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.4
[2011/04/02 19:50:44 | 000,825,832 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.3
[2011/04/02 19:50:42 | 000,825,800 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.2
[2011/04/02 19:50:40 | 000,825,880 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.1
[2011/04/02 19:50:38 | 001,384,564 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.0
[2011/04/02 19:50:38 | 000,825,837 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.JPG
[2011/04/02 19:50:07 | 000,668,731 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp931.1
[2011/04/02 19:50:06 | 001,074,798 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp931.0
[2011/04/02 19:50:06 | 000,668,666 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp931.JPG
[2011/04/02 19:49:46 | 000,992,933 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.3
[2011/04/02 19:49:44 | 000,992,938 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.2
[2011/04/02 19:49:41 | 000,992,960 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.1
[2011/04/02 19:49:37 | 000,993,025 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.JPG
[2011/04/02 19:49:36 | 001,676,542 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.0
[2011/04/02 19:49:15 | 001,019,917 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.3
[2011/04/02 19:49:14 | 001,019,948 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.2
[2011/04/02 19:49:12 | 001,019,915 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.1
[2011/04/02 19:49:11 | 001,019,935 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.JPG
[2011/04/02 19:49:10 | 001,731,616 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.0
[2011/04/02 19:48:35 | 000,840,600 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp935.1
[2011/04/02 19:48:34 | 000,840,566 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp935.JPG
[2011/04/02 19:48:33 | 001,398,459 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp935.0
[2011/04/02 19:48:11 | 001,302,707 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.3
[2011/04/02 19:48:09 | 001,302,785 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.2
[2011/04/02 19:48:02 | 001,302,823 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.1
[2011/04/02 19:48:00 | 002,229,102 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.0
[2011/04/02 19:48:00 | 001,302,711 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.JPG
[2011/04/02 19:47:37 | 001,242,833 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.3
[2011/04/02 19:47:35 | 001,242,866 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.2
[2011/04/02 19:47:33 | 001,242,872 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.1
[2011/04/02 19:47:32 | 001,242,762 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.JPG
[2011/04/02 19:47:31 | 002,137,055 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.0
[2011/04/02 19:46:59 | 000,908,440 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.3
[2011/04/02 19:46:58 | 000,908,473 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.2
[2011/04/02 19:46:54 | 000,908,505 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.1
[2011/04/02 19:46:53 | 001,508,898 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.0
[2011/04/02 19:46:53 | 000,908,407 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.JPG
[2011/04/02 19:46:16 | 000,978,536 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp950.1
[2011/04/02 19:46:15 | 000,978,493 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp950.JPG
[2011/04/02 19:46:14 | 001,624,216 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp950.0
[2011/04/02 19:44:29 | 001,195,691 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp955.1
[2011/04/02 19:44:27 | 001,942,867 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp955.0
[2011/04/02 19:44:27 | 001,195,632 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp955.JPG
[2011/04/02 19:43:02 | 001,020,360 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.3
[2011/04/02 19:43:01 | 001,020,400 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.2
[2011/04/02 19:42:58 | 001,020,353 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.1
[2011/04/02 19:42:56 | 001,616,715 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.0
[2011/04/02 19:42:56 | 001,020,387 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.JPG
[2011/04/02 19:40:36 | 001,190,781 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141.1
[2011/04/02 19:40:35 | 002,101,757 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141.0
[2011/04/02 19:40:35 | 001,190,638 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141.JPG
[2011/04/02 19:40:31 | 000,015,476 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141_navi.JPG
[2011/04/02 19:37:25 | 000,604,325 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 217.JPG
[2011/04/02 19:37:24 | 000,831,836 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 217.0
[2011/04/02 19:36:48 | 000,724,594 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp307.1
[2011/04/02 19:36:46 | 001,091,748 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp307.0
[2011/04/02 19:36:46 | 000,724,584 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp307.JPG
[2011/04/02 19:36:08 | 000,631,585 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.1
[2011/04/02 19:36:06 | 000,985,886 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.0
[2011/04/02 19:35:45 | 000,605,060 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp311.1
[2011/04/02 19:35:44 | 000,879,030 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp311.JPG
[2011/04/02 19:35:20 | 000,771,618 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp312.1
[2011/04/02 19:35:18 | 001,215,884 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp312.0
[2011/04/02 19:34:59 | 000,761,730 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp313.1
[2011/04/02 19:34:56 | 000,761,718 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp313.JPG
[2011/04/02 19:34:55 | 001,252,384 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp313.0
[2011/04/02 19:34:36 | 000,881,082 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.5
[2011/04/02 19:34:33 | 000,881,080 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.4
[2011/04/02 19:34:27 | 000,714,192 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.1
[2011/04/02 19:34:25 | 001,076,798 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.0
[2011/04/02 19:34:25 | 000,714,130 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.JPG
[2011/03/14 11:28:15 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/10 10:05:27 | 000,696,824 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp394.JPG
[2011/03/10 10:00:26 | 001,562,560 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp288.JPG
[2011/03/10 10:00:26 | 000,017,930 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp288_navi.JPG
[2011/03/10 09:59:12 | 000,615,480 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp204.1
[2011/03/10 09:59:10 | 000,970,205 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp204.0
[2011/03/10 09:59:10 | 000,615,436 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp204.JPG
[2011/03/10 09:58:46 | 000,831,568 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.3
[2011/03/10 09:58:43 | 000,831,560 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.2
[2011/03/10 09:58:41 | 000,831,589 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.1
[2011/03/10 09:58:39 | 000,831,542 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.JPG
[2011/03/10 09:58:38 | 001,378,740 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.0
[2011/01/13 09:23:18 | 001,134,304 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp063.0
[2011/01/13 09:21:40 | 000,958,877 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045.1
[2011/01/13 09:21:40 | 000,958,838 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045.JPG
[2011/01/13 09:21:29 | 000,012,900 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045_navi.JPG
[2011/01/13 09:20:01 | 001,481,949 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045.0
[2011/01/13 09:16:17 | 001,766,267 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp046.JPG
[2010/12/30 02:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/27 10:40:27 | 000,033,363 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.3
[2010/09/27 10:40:27 | 000,033,338 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.2
[2010/09/27 10:40:26 | 000,033,363 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.1
[2010/09/27 10:40:25 | 000,052,568 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.JPG
[2010/09/27 10:40:25 | 000,052,568 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.0
[2010/08/15 03:26:16 | 000,000,290 | ---- | C] () -- C:\Windows\EReg220.dat
[2010/05/28 11:43:03 | 000,000,000 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp1094.JPG
[2010/05/28 11:43:03 | 000,000,000 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp1094.0
[2010/03/05 10:31:28 | 001,051,327 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.3
[2010/03/05 10:31:24 | 001,051,327 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.2
[2010/03/05 10:31:20 | 001,051,531 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.1
[2010/03/05 10:31:15 | 001,791,686 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.0
[2010/03/05 10:31:15 | 001,051,266 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.JPG
[2010/01/30 12:29:10 | 000,000,129 | ---- | C] () -- C:\Users\TROY\jagex_runescape_preferences2.dat
[2010/01/30 12:27:55 | 000,000,041 | ---- | C] () -- C:\Users\TROY\jagex_runescape_preferences.dat

========== LOP Check ==========

[2011/06/11 14:00:27 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Amazon
[2011/07/02 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Catalina Marketing Corp
[2012/06/11 12:08:33 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\DefaultTab
[2012/07/30 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Fighters
[2012/07/08 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Firefly Studios
[2010/11/18 22:55:47 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Gamelab
[2012/06/10 21:20:56 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Genieo
[2009/12/31 23:32:10 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Hulabee
[2012/02/01 20:43:21 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\iWin
[2011/12/26 20:52:15 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Leadertech
[2012/06/10 21:03:57 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\MusicOasis
[2009/12/28 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\PictureMover
[2012/01/21 11:58:53 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Product_RM
[2012/01/21 17:14:16 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Registry Mechanic
[2010/01/13 09:45:21 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\SanDisk
[2010/01/05 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\School Zone Preferences
[2012/06/10 21:47:19 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Smart PC Cleaner
[2011/07/14 04:01:15 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Smilebox
[2011/04/17 08:35:08 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Template
[2011/03/21 19:34:02 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\The Creative Assembly
[2010/12/10 07:56:51 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\WildTangentv1001
[2010/01/08 18:22:44 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\WinBatch
[2011/03/14 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Windows Live Writer
[2010/06/15 00:44:03 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\YoudaGames
[2012/07/30 16:02:44 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/06/30 11:23:48 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/07/30 16:02:52 | 000,000,458 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job
[2012/07/30 05:00:02 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\RGames Updater.job
[2012/07/29 19:00:07 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012/07/30 16:02:47 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\RPCReminder.job
[2012/01/24 11:32:44 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:FA7CDE12

< End of report >
And the OTL extras log file:

OTL Extras logfile created on: 7/30/2012 4:23:35 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\TROY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.85 Gb Available Physical Memory | 80.95% Memory free
11.98 Gb Paging File | 10.81 Gb Available in Paging File | 90.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.17 Gb Total Space | 461.42 Gb Free Space | 78.99% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.17 Gb Free Space | 18.21% Space Free | Partition Type: NTFS
Drive E: | 643.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TROY-PC | User Name: TROY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E8AD1B5-C081-4A95-A038-693752D38532}" = Community Smartbar
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1EF75089-392B-4771-B791-17316E27EBA6}" = Real War Rogue States
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43F1F130-66ED-4D50-8475-393312149C5D}" = Youda Legend The Curse of the Amsterdam Diamond
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{5188D24B-9003-41B9-BC5D-7FEBA5C8F3AE}" = Dirt Track Racing 2
"{5411B815-2958-4F4F-B985-AFF0C38A15B2}" = Youda Marina
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5C13AD07-5129-11D5-96DB-AE99AF79C743}" = Bob the Builder - Bob Builds a Park
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6972FD5E-01D0-4742-8EB0-A0D351CF28FF}" = Governor of Poker
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D1C9920-3309-11D4-9B62-004005E1220F}" = BANG! Gunship Elite
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B33A30A-FE01-4BA1-858F-ACB80EABBD25}_is1" = Pacific Storm
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = SEE2 UV150 11.05.0505.1159
"{82B811D7-0B86-45C7-A854-B785CCB3256A}" = WingMan Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{856480C9-2428-15E1-97BC-685EE2A7B8E6}" = MusicOasis
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D267873-6944-4E4F-9158-F702392112D9}" = Compublox
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}" = CWA Reminder by We-Care.com v4.0.19.3
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A34CCD1C-7738-47B9-863D-8E0C478FB8F7}" = Dora the Explorer: Animal Adventures
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C2B9C70F-165E-450D-9EC1-F7B160016291}" = Living 3D Dolphin
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CA256FA1-4CF9-492C-98A6-6E451F83AEC3}" = Youda Farmer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA7D60ED-9ED3-48F5-8F18-5B5B6663B229}" = Desert Storm
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EEE76149-DC7F-4D3E-B021-6152DF574FA6}" = Petz Horsez 2
"{EFF44B4A-5485-4690-8993-E9B7E19599A0}" = Hunting Unlimited 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activision_CWUninstallKey" = The History Channel Civil War
"Activision_HG2UninstallKey" = Heavy Gear 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Ballerburg_is1" = Ballerburg
"Battle For Troy" = Battle For Troy
"Beginning Sounds" = Beginning Sounds
"Best Buy Digital Music Store" = Best Buy Digital Music Store
"BFGC" = Big Fish Games: Game Manager
"BFG-Diego Dinosaur Rescue" = Diego Dinosaur Rescue
"bflixtoolbar" = BFlix Toolbar
"Bird Hunter Wild Wings Edition" = Bird Hunter Wild Wings Edition
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DefaultTab" = DefaultTab
"DefaultTab Chrome" = DefaultTab Chrome
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"European Air War" = European Air War
"Flight Simulator 98" = Microsoft Flight Simulator 98
"Font Companion" = Font Companion
"Guild Wars" = Guild Wars
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"iLivid" = iLivid
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InterActual Player" = InterActual Player
"iWinArcade" = iWin Games (remove only)
"Jewel Quest" = Jewel Quest (remove only)
"Jewel Quest 2" = Jewel Quest 2 (remove only)
"Jewel Quest Solitaire" = Jewel Quest Solitaire (remove only)
"Jewel Quest Solitaire II" = Jewel Quest Solitaire II (remove only)
"LEGO Rock Raiders" = LEGO Rock Raiders
"Lords of Magic Special Edition" = Lords of Magic Special Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Matchbox® Caterpillar® Construction Zone 2 Gold Mining CD-ROM" = Matchbox® Caterpillar® Construction Zone 2 Gold Mining CD-ROM
"McAfee Security Scan" = McAfee Security Scan Plus
"Monopoly Star Wars" = Monopoly Star Wars
"MusicOasis" = MusicOasis
"Network Play System (Patching)" = Network Play System (Patching)
"NSS" = Norton Security Scan
"NST" = Norton Safe Web Lite
"PhonicsTutor Classic" = PhonicsTutor Classic
"Product_Name" = Minnesota Cuke
"Produtools_Manuals_2.1 Toolbar" = Produtools Manuals 2.1 Toolbar
"Project Eden" = UnInstall Project Eden
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Robin Hood: The Legend Of Sherwood" = Robin Hood: The Legend Of Sherwood
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Shogun Total War" = Shogun Total War
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.0
"Squad Leader" = Squad Leader
"Steam App 10500" = Empire: Total War
"Steam App 47410" = Stronghold Kingdoms
"The Operational Art of War: Century of Warfare" = The Operational Art of War: Century of Warfare
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Tonka Raceway" = Tonka Raceway
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-91f8c6c3-7c23-481f-8f83-d50626528b89" = Bob the Builder - Can-Do Carnival
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"genieo" = Genieo
"Google Chrome" = Google Chrome
"Happy Tails Animal Shelter" = Happy Tails Animal Shelter
"RivalGaming" = RivalGaming
"Sansa Updater" = Sansa Updater
"Smilebox" = Smilebox
"SOE-Clone Wars" = Clone Wars
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2011 11:23:39 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 10/27/2011 11:23:50 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/28/2011 6:44:27 PM | Computer Name = TROY-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/28/2011 6:44:27 PM | Computer Name = TROY-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 10/28/2011 7:03:01 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 10/28/2011 7:03:32 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/28/2011 7:52:33 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 10/28/2011 7:52:35 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/28/2011 8:18:11 PM | Computer Name = TROY-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/28/2011 8:18:11 PM | Computer Name = TROY-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

[ Hewlett-Packard Events ]
Error - 8/16/2011 3:32:29 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 4/28/2012 6:10:14 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 4/28/2012 6:10:14 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 4/28/2012 6:10:15 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 4/28/2012 6:10:15 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description =

[ Media Center Events ]
Error - 4/27/2010 3:01:29 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:01:28 AM - Error connecting to the internet. 12:01:28 AM - Unable
to contact server..

Error - 4/27/2010 3:28:04 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:28:04 PM - Error connecting to the internet. 12:28:04 PM - Unable
to contact server..

Error - 4/27/2010 3:28:10 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:28:09 PM - Error connecting to the internet. 12:28:09 PM - Unable
to contact server..

Error - 4/28/2010 3:38:11 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:38:11 AM - Error connecting to the internet. 12:38:11 AM - Unable
to contact server..

Error - 4/28/2010 3:38:17 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:38:16 AM - Error connecting to the internet. 12:38:16 AM - Unable
to contact server..

Error - 4/28/2010 3:16:38 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:16:38 PM - Error connecting to the internet. 12:16:38 PM - Unable
to contact server..

Error - 4/28/2010 3:16:44 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:16:43 PM - Error connecting to the internet. 12:16:43 PM - Unable
to contact server..

Error - 4/29/2010 3:42:14 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:42:14 AM - Error connecting to the internet. 12:42:14 AM - Unable
to contact server..

Error - 4/29/2010 3:42:23 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:42:20 AM - Error connecting to the internet. 12:42:20 AM - Unable
to contact server..

Error - 4/29/2010 4:58:04 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 1:57:57 PM - Error connecting to the internet. 1:57:57 PM - Unable
to contact server..

[ System Events ]
Error - 7/30/2012 5:02:36 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/30/2012 5:02:38 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/30/2012 5:10:20 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/30/2012 5:10:20 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/30/2012 5:10:20 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/30/2012 5:10:21 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache MpFilter spldr Wanarpv6

Error - 7/30/2012 5:10:30 PM | Computer Name = TROY-PC | Source = DCOM | ID = 10005
Description =

Error - 7/30/2012 5:10:36 PM | Computer Name = TROY-PC | Source = DCOM | ID = 10005
Description =

Error - 7/30/2012 5:10:37 PM | Computer Name = TROY-PC | Source = DCOM | ID = 10005
Description =

Error - 7/30/2012 5:10:37 PM | Computer Name = TROY-PC | Source = DCOM | ID = 10005
Description =


< End of report >

And finally, since I started at the avast website before heading here, I have an aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 15:13:49
-----------------------------
15:13:49.868 OS Version: Windows x64 6.1.7601 Service Pack 1
15:13:49.868 Number of processors: 2 586 0x170A
15:13:49.868 ComputerName: TROY-PC UserName: TROY
15:13:50.944 Initialize success
15:14:57.169 AVAST engine defs: 12073000
15:18:14.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:18:14.738 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
15:18:14.748 Disk 0 MBR read successfully
15:18:14.750 Disk 0 MBR scan
15:18:14.764 Disk 0 unknown MBR code
15:18:14.782 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:18:14.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598194 MB offset 206848
15:18:14.830 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12184 MB offset 1225308160
15:18:14.874 Disk 0 scanning C:\Windows\system32\drivers
15:18:23.070 Service scanning
15:18:41.410 Modules scanning
15:18:41.418 Disk 0 trace - called modules:
15:18:41.430 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:18:41.434 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c9c060]
15:18:41.439 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800672f050]
15:18:42.938 AVAST engine scan C:\Windows
15:18:46.614 AVAST engine scan C:\Windows\system32
15:20:22.064 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:20:23.908 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:21:10.710 AVAST engine scan C:\Windows\system32\drivers
15:21:20.916 AVAST engine scan C:\Users\TROY
15:25:40.700 File: C:\Users\TROY\AppData\Local\RivalGaming\RivalGaming.dll **INFECTED** Win32:Malware-gen
15:25:40.800 File: C:\Users\TROY\AppData\Local\RivalGaming\Uninstaller.exe **INFECTED** Win32:Malware-gen
15:31:44.017 File: C:\Users\TROY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\xpcomponent.dll **INFECTED** Win32:Malware-gen
15:34:14.734 AVAST engine scan C:\ProgramData
15:35:54.506 Scan finished successfully
15:40:02.105 Disk 0 MBR has been saved successfully to "C:\Users\TROY\Documents\MBR.dat"
15:40:02.111 The log file has been saved successfully to "C:\Users\TROY\Documents\aswMBR.txt"

Once again, many thanks to the folks providing support here @ GTG!
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello loadblok and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.


  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #
Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • BFlix Toolbar
  • Produtools Manuals 2.1 Toolbar
  • Windows iLivid Toolbar
  • Searchqu 406 MediaBar

# Step 2 #


Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\URLSearchHook: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} -  C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit  Ltd.)
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
    IE - HKCU\..\URLSearchHook: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} -  C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit  Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
    IE - HKCU\..\SearchScopes\{4DA50A75-6112-4F1A-A553-9725D17E613A}: "URL" = http://www.mysearchr...q={searchTerms}
    IE - HKCU\..\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}: "URL" = http://indy.startnow...eferrer:source}
    IE - HKCU\..\SearchScopes\{8057843E-F848-4DC1-A428-025BBF32EA53}: "URL" = http://us.yhs4.searc...p={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} -  C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} -  C:\Program Files (x86)\Windows iLivid  Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -  C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo  Media, inc)
    O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll ()
    O2 - BHO: (Produtools Manuals 2.1 Toolbar) -  {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files  (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) -  {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows  iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (BFlix Toolbar) -  {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files  (x86)\bflixtoolbar\vmntemplateX.dll ()
    O3 - HKLM\..\Toolbar: (Produtools Manuals 2.1 Toolbar) -  {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files  (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar)
    O20:64bit: - AppInit_DLLs:  (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files  (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media,  inc)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll)  - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll  (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) -  C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll  (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) -  C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo  Media, inc)
    [2012/07/14 08:43:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/08 12:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/07/08 12:21:27 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Local\Conduit
    
    :Files
    C:\Users\TROY\AppData\Local\Smartbar
    C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}
    C:\Users\TROY\AppData\Local\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\jestertb.dll
    ipconfig /flushdns /c
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 3 #
  • Run OTL
  • Copy the lines under the Code
    /md5start
    services.exe 
    /md5stop
  • Back to the program and paste the text in red in the text box "Custom Scan / Fixes"
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic.

  • 0

#4
loadblok

loadblok

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Moved Files:


========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}\ not found.
File C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}\ not found.
File C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DA50A75-6112-4F1A-A553-9725D17E613A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DA50A75-6112-4F1A-A553-9725D17E613A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8057843E-F848-4DC1-A428-025BBF32EA53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8057843E-F848-4DC1-A428-025BBF32EA53}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ not found.
File C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
File C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}\ not found.
File C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
File C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}\ not found.
File C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper deleted successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\SysWow64\%APPDATA% folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\TROY\AppData\Local\Conduit folder moved successfully.
========== FILES ==========
C:\Users\TROY\AppData\Local\Smartbar\Smartbar.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.2.0.0 folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Smartbar.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\DistributionFiles\RollBack\Profiles folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\DistributionFiles\RollBack folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\DistributionFiles\Profiles folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\DistributionFiles\History folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\DistributionFiles\Configs folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\DistributionFiles folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Common\ServicesPlugins folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Common\iconsWide folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Common\icons folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Common\Configs folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Common folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\pt folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\it folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\[email protected]\components folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\[email protected]\chrome\PublisherImages folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\[email protected]\chrome\images folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\[email protected]\chrome folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\[email protected] folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\he folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\fr folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\es folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\DefaultFiles folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\de folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\Configs folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\ChromeFiles folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar\Application\ar folder moved successfully.
Folder move failed. C:\Users\TROY\AppData\Local\Smartbar\Application scheduled to be moved on reboot.
Folder move failed. C:\Users\TROY\AppData\Local\Smartbar scheduled to be moved on reboot.
C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U folder moved successfully.
C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\L folder moved successfully.
C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae} folder moved successfully.
C:\Users\TROY\AppData\Local\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U folder moved successfully.
C:\Users\TROY\AppData\Local\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\L folder moved successfully.
C:\Users\TROY\AppData\Local\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae} folder moved successfully.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\jestertb.dll not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\TROY\Desktop\cmd.bat deleted successfully.
C:\Users\TROY\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_115540

Files\Folders moved on Reboot...
C:\Users\TROY\AppData\Local\Smartbar\Application folder moved successfully.
C:\Users\TROY\AppData\Local\Smartbar folder moved successfully.

PendingFileRenameOperations files...
File C:\Users\TROY\AppData\Local\Smartbar\Application not found!
File C:\Users\TROY\AppData\Local\Smartbar not found!

Registry entries deleted on Reboot...


Latest OTL:
OTL logfile created on: 7/31/2012 12:01:49 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\TROY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 71.52% Memory free
11.98 Gb Paging File | 10.10 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.17 Gb Total Space | 460.88 Gb Free Space | 78.90% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.17 Gb Free Space | 18.21% Space Free | Partition Type: NTFS

Computer Name: TROY-PC | User Name: TROY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 16:23:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\TROY\Desktop\OTL.exe
PRC - [2012/07/30 16:07:30 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PRC - [2012/07/10 03:08:24 | 000,290,144 | ---- | M] () -- C:\Users\TROY\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
PRC - [2012/07/10 03:08:06 | 000,522,592 | ---- | M] () -- C:\Users\TROY\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
PRC - [2012/06/19 20:40:16 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/03/21 20:02:24 | 004,862,384 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
PRC - [2012/03/21 20:01:16 | 000,216,720 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Smart PC Cleaner\SPCReminder.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/16 12:37:04 | 000,195,216 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Smart PC Cleaner\SPCSmartScan.exe
PRC - [2012/02/14 22:18:56 | 000,079,728 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe
PRC - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/01/04 23:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/08/02 11:57:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/05/04 19:55:02 | 000,449,152 | ---- | M] (Magic Control Technology Corporation) -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
PRC - [2011/05/03 19:13:18 | 000,199,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
PRC - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
PRC - [2010/10/27 21:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/24 13:38:14 | 000,308,600 | ---- | M] (Magic Control Technology Corporation) -- C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/08/25 13:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/13 09:45:39 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\TROY\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/08/28 15:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 22:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/26 03:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/31 10:53:09 | 000,541,696 | ---- | M] () -- C:\Users\TROY\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
MOD - [2012/07/10 03:08:24 | 000,290,144 | ---- | M] () -- C:\Users\TROY\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
MOD - [2012/07/10 03:08:06 | 000,522,592 | ---- | M] () -- C:\Users\TROY\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
MOD - [2012/07/09 23:09:00 | 000,438,296 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/09 23:08:59 | 003,972,120 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/09 23:07:39 | 000,554,520 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/09 23:07:37 | 000,117,784 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/09 23:07:22 | 000,140,328 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/09 23:07:21 | 000,262,184 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/09 23:07:19 | 002,386,984 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 21:17:27 | 009,255,112 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/06/19 20:40:12 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/19 20:40:09 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/19 20:40:09 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/19 20:40:09 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/19 20:40:09 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/14 07:06:06 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 07:05:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 07:05:42 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/09 03:39:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/09 03:37:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 03:37:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 03:37:11 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/09 03:36:43 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/09 03:36:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 03:36:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 03:36:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 03:36:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 03:36:18 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/08/28 15:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/08/26 03:41:31 | 000,116,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2009/07/15 19:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 19:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 19:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 19:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 19:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 19:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 19:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 19:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/05/26 03:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/05/04 14:55:28 | 000,300,920 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GManager.exe -- (GManager)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/29 17:42:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 20:40:16 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/05/03 19:13:18 | 000,199,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe -- (MCTDesktopSvr)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe -- (NSL)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/03 15:06:52 | 000,168,192 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t1pusb64.sys -- (t1pusb64)
DRV:64bit: - [2011/04/22 13:09:06 | 000,117,376 | ---- | M] (Magic Control Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mctkmd64.sys -- (mctkmd)
DRV:64bit: - [2011/04/08 17:38:58 | 000,019,584 | ---- | M] (Magic Control Technology Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mctKmdldr64.sys -- (mctkmdldr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 09:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/16 06:32:14 | 006,112,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 13:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/11/22 10:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{CB31321C-0B65-4ADB-A88C-F8EDA6E38071}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CB31321C-0B65-4ADB-A88C-F8EDA6E38071}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0AE66742-28B7-432D-814B-51CDB43FAF40}: "URL" = http://search.condui...&ctid=CT3209604
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{CB31321C-0B65-4ADB-A88C-F8EDA6E38071}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&fr=chr-offrhap
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\TROY\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\TROY\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TROY\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TROY\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\TROY\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/09/26 04:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2012/01/28 00:59:58 | 000,000,000 | ---D | M]

[2012/06/10 21:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TROY\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\TROY\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RivalGaming = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\
CHR - Extension: Surf Canyon = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\3.4.2_0\
CHR - Extension: YouTube = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: My Personal Homepage = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdibpcceojcijhomkdgiffflkgngmapf\2.6.430_0\
CHR - Extension: Gmail = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/31 10:14:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [FDispPos] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MCTDUtil] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [GenieoSystemTray] C:\Users\TROY\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKCU..\Run: [GenieoUpdaterService] C:\Users\TROY\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\TROY\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe (Avanquest Software)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D946C227-0260-468D-B37A-3777880DC02A}: DhcpNameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 10:21:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/31 10:15:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/31 10:04:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/31 10:04:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/31 10:04:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/31 09:42:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/31 09:42:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/31 09:41:58 | 004,721,982 | R--- | C] (Swearware) -- C:\Users\TROY\Desktop\ComboFix.exe
[2012/07/31 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\TROY\Desktop\Avast
[2012/07/31 09:10:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/30 16:23:15 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\TROY\Desktop\OTL.exe
[2012/07/30 16:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/30 13:57:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\TROY\Desktop\aswMBR.exe
[2012/07/30 13:39:23 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Roaming\Malwarebytes
[2012/07/30 13:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/30 13:39:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/30 13:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/30 13:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/08 20:15:56 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Local\Geckofx
[2012/07/08 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Roaming\Firefly Studios
[2012/07/08 20:15:47 | 000,000,000 | ---D | C] -- C:\Users\TROY\Documents\Stronghold Kingdoms

========== Files - Modified Within 30 Days ==========

[2012/07/31 12:05:15 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 12:05:15 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 11:58:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/31 11:58:21 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2012/07/31 11:58:20 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2012/07/31 11:57:23 | 000,002,702 | ---- | M] () -- C:\Windows\SysNative\GManager.ini
[2012/07/31 11:57:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 11:57:12 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/31 11:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 11:49:17 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1643144743-2594041797-535586485-1000UA.job
[2012/07/31 11:49:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 11:00:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job
[2012/07/31 10:14:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/31 10:01:24 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/07/31 09:41:58 | 004,721,982 | R--- | M] (Swearware) -- C:\Users\TROY\Desktop\ComboFix.exe
[2012/07/30 16:23:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\TROY\Desktop\OTL.exe
[2012/07/30 15:40:02 | 000,000,512 | ---- | M] () -- C:\Users\TROY\Documents\MBR.dat
[2012/07/30 13:58:25 | 000,044,607 | ---- | M] () -- C:\Users\TROY\Desktop\bootkit_remover.zip
[2012/07/30 13:57:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\TROY\Desktop\aswMBR.exe
[2012/07/30 05:34:02 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for TROY.job
[2012/07/29 19:00:07 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/07/29 07:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1643144743-2594041797-535586485-1000Core.job
[2012/07/28 14:02:18 | 000,066,629 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.JPG
[2012/07/28 14:02:17 | 000,066,616 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.2
[2012/07/28 14:02:15 | 000,102,795 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.0
[2012/07/28 14:02:15 | 000,066,476 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.1
[2012/07/28 14:00:46 | 000,097,889 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.0
[2012/07/28 14:00:46 | 000,060,666 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.JPG
[2012/07/28 13:59:39 | 000,108,299 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.0
[2012/07/28 13:59:39 | 000,072,334 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.JPG
[2012/07/28 13:59:18 | 000,128,139 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.0
[2012/07/28 13:59:18 | 000,089,130 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.JPG
[2012/07/12 13:24:45 | 000,002,395 | ---- | M] () -- C:\Users\TROY\Desktop\Google Chrome.lnk
[2012/07/11 03:26:53 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTROY.job
[2012/07/11 03:26:45 | 000,355,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/31 10:04:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/31 10:04:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/31 10:04:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/31 10:04:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/31 10:04:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/30 15:40:02 | 000,000,512 | ---- | C] () -- C:\Users\TROY\Documents\MBR.dat
[2012/07/30 13:58:25 | 000,044,607 | ---- | C] () -- C:\Users\TROY\Desktop\bootkit_remover.zip
[2012/07/28 14:02:18 | 000,066,616 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.2
[2012/07/28 14:02:17 | 000,066,476 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.1
[2012/07/28 14:02:15 | 000,102,795 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.0
[2012/07/28 14:02:15 | 000,066,629 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.JPG
[2012/07/28 14:00:46 | 000,097,889 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.0
[2012/07/28 14:00:46 | 000,060,666 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.JPG
[2012/07/28 13:59:39 | 000,108,299 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.0
[2012/07/28 13:59:39 | 000,072,334 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.JPG
[2012/07/28 13:59:18 | 000,128,139 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.0
[2012/07/28 13:59:18 | 000,089,130 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.JPG
[2012/06/11 12:03:24 | 000,425,984 | ---- | C] () -- C:\Windows\SysWow64\WinCMR.dll
[2012/06/10 21:17:29 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/02/11 18:07:12 | 001,697,492 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp107.JPG
[2012/02/11 15:46:40 | 000,064,033 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp100.1
[2012/02/11 15:46:38 | 000,086,681 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp100.0
[2012/02/11 15:46:38 | 000,064,048 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp100.JPG
[2012/02/11 15:40:43 | 000,010,650 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp311_navi.JPG
[2012/02/11 15:40:20 | 000,771,545 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp312.JPG
[2012/02/11 15:39:53 | 000,631,547 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.2
[2012/02/11 15:39:47 | 000,631,557 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.JPG
[2012/02/11 15:37:43 | 000,758,507 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 011.JPG
[2012/02/11 15:37:41 | 000,765,750 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 011.0
[2012/02/05 20:34:55 | 000,870,128 | ---- | C] () -- C:\Users\TROY\AppData\Roaming\mcs.rma
[2012/02/05 08:47:31 | 000,000,636 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/01/16 17:00:10 | 000,430,080 | ---- | C] () -- C:\Windows\SysWow64\UDLL.dll
[2012/01/16 17:00:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\mctudll.dll
[2011/11/19 17:16:11 | 000,000,286 | ---- | C] () -- C:\Windows\EReg213.dat
[2011/09/29 19:30:26 | 000,810,523 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp629.JPG
[2011/09/29 19:30:09 | 000,675,276 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp630.1
[2011/09/29 19:30:08 | 001,045,015 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp630.0
[2011/09/29 19:30:08 | 000,675,328 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp630.JPG
[2011/09/29 19:29:15 | 000,684,493 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp321.1
[2011/09/29 19:29:14 | 000,980,091 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp321.0
[2011/09/29 19:29:14 | 000,684,504 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp321.JPG
[2011/09/29 19:28:54 | 000,007,128 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp320_navi.JPG
[2011/09/29 19:28:53 | 000,687,811 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp320.JPG
[2011/09/29 19:27:55 | 000,796,070 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp314.1
[2011/09/29 19:27:54 | 001,310,252 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp314.0
[2011/09/29 19:27:54 | 000,796,071 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp314.JPG
[2011/08/28 16:36:32 | 000,000,315 | ---- | C] () -- C:\Windows\EReg192.dat
[2011/08/23 08:42:01 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/06/15 16:38:55 | 000,723,601 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp146.JPG
[2011/06/01 12:16:19 | 000,444,640 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.JPG
[2011/06/01 12:14:53 | 000,444,657 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.14
[2011/06/01 12:14:51 | 000,444,658 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.13
[2011/06/01 12:14:25 | 000,444,619 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.12
[2011/06/01 12:14:22 | 000,444,624 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.11
[2011/06/01 12:14:18 | 000,444,601 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.10
[2011/06/01 12:14:15 | 000,444,636 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.9
[2011/06/01 12:14:12 | 000,444,663 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.8
[2011/06/01 12:14:07 | 000,444,681 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.7
[2011/06/01 12:13:56 | 000,444,641 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.6
[2011/06/01 12:13:54 | 000,444,639 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.5
[2011/06/01 12:13:52 | 000,444,649 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.4
[2011/06/01 12:13:24 | 000,444,648 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.3
[2011/06/01 12:13:22 | 000,444,704 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.2
[2011/06/01 12:13:16 | 000,444,677 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.1
[2011/06/01 12:13:15 | 000,497,489 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.0
[2011/06/01 12:12:40 | 000,049,814 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEMORIAL DAY 2011.JPG
[2011/05/30 14:42:14 | 000,063,488 | ---- | C] () -- C:\Users\TROY\xobglu16.dll
[2011/04/17 08:35:07 | 000,003,482 | ---- | C] () -- C:\Users\TROY\AppData\Roaming\wklnhst.dat
[2011/04/07 18:55:27 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/04/02 20:05:10 | 000,240,850 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.JPG
[2011/04/02 20:05:08 | 000,240,869 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.12
[2011/04/02 20:05:08 | 000,240,850 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.13
[2011/04/02 20:05:06 | 000,240,869 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.11
[2011/04/02 20:05:05 | 000,240,864 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.10
[2011/04/02 20:05:02 | 000,240,852 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.9
[2011/04/02 20:05:00 | 000,240,869 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.8
[2011/04/02 20:04:58 | 000,240,880 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.7
[2011/04/02 20:04:56 | 000,240,873 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.6
[2011/04/02 20:04:53 | 000,240,872 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.5
[2011/04/02 20:04:38 | 000,240,890 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.4
[2011/04/02 20:04:37 | 000,245,423 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.3
[2011/04/02 20:04:36 | 000,240,835 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.2
[2011/04/02 20:04:35 | 000,242,560 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.1
[2011/04/02 20:04:28 | 000,551,110 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.0
[2011/04/02 20:03:33 | 000,223,372 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.4
[2011/04/02 20:03:30 | 000,223,379 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.3
[2011/04/02 20:03:28 | 000,223,382 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.2
[2011/04/02 20:03:26 | 000,223,411 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.1
[2011/04/02 20:03:25 | 000,568,257 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.0
[2011/04/02 20:03:25 | 000,223,384 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.JPG
[2011/04/02 20:02:47 | 000,228,024 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.4
[2011/04/02 20:02:41 | 000,228,003 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.3
[2011/04/02 20:02:40 | 000,227,982 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.2
[2011/04/02 20:02:37 | 000,227,984 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.1
[2011/04/02 20:02:35 | 000,571,741 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.0
[2011/04/02 19:58:56 | 001,058,757 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp158.JPG
[2011/04/02 19:57:57 | 001,097,227 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp793.JPG
[2011/04/02 19:57:40 | 000,837,870 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.3
[2011/04/02 19:57:38 | 000,837,900 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.2
[2011/04/02 19:57:36 | 000,837,922 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.1
[2011/04/02 19:57:35 | 000,837,856 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.JPG
[2011/04/02 19:57:34 | 001,364,925 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.0
[2011/04/02 19:57:12 | 000,810,826 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.3
[2011/04/02 19:57:09 | 000,810,844 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.2
[2011/04/02 19:57:08 | 000,810,824 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.1
[2011/04/02 19:57:07 | 000,810,803 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.JPG
[2011/04/02 19:57:06 | 001,333,658 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.0
[2011/04/02 19:56:01 | 000,784,463 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp877.JPG
[2011/04/02 19:55:13 | 000,533,822 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp894.JPG
[2011/04/02 19:55:12 | 000,745,851 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp894.0
[2011/04/02 19:54:14 | 000,715,215 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.JPG
[2011/04/02 19:54:09 | 000,715,245 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.4
[2011/04/02 19:54:06 | 000,715,252 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.3
[2011/04/02 19:54:05 | 000,715,229 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.2
[2011/04/02 19:54:01 | 000,715,230 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.1
[2011/04/02 19:53:48 | 001,112,730 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.0
[2011/04/02 19:53:32 | 000,779,883 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.4
[2011/04/02 19:53:30 | 000,779,867 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.3
[2011/04/02 19:53:27 | 000,779,867 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.2
[2011/04/02 19:53:25 | 000,779,880 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.1
[2011/04/02 19:53:24 | 001,273,338 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.0
[2011/04/02 19:53:24 | 000,779,878 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.JPG
[2011/04/02 19:53:20 | 000,014,611 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923_navi.JPG
[2011/04/02 19:53:06 | 000,977,320 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.4
[2011/04/02 19:53:05 | 000,977,269 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.3
[2011/04/02 19:53:02 | 000,977,347 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.2
[2011/04/02 19:52:59 | 000,977,368 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.1
[2011/04/02 19:52:58 | 001,650,395 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.0
[2011/04/02 19:52:58 | 000,977,285 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.JPG
[2011/04/02 19:52:18 | 000,952,469 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.5
[2011/04/02 19:52:16 | 000,952,509 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.4
[2011/04/02 19:52:13 | 000,952,492 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.3
[2011/04/02 19:52:10 | 000,952,536 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.2
[2011/04/02 19:52:09 | 000,952,526 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.1
[2011/04/02 19:52:06 | 001,567,533 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.0
[2011/04/02 19:52:06 | 000,952,466 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.JPG
[2011/04/02 19:51:41 | 000,816,426 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp926.1
[2011/04/02 19:51:40 | 000,816,346 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp926.JPG
[2011/04/02 19:51:39 | 001,343,776 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp926.0
[2011/04/02 19:51:17 | 000,817,989 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.3
[2011/04/02 19:51:15 | 000,818,034 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.2
[2011/04/02 19:51:12 | 000,818,053 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.1
[2011/04/02 19:51:09 | 001,367,397 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.0
[2011/04/02 19:51:09 | 000,817,989 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.JPG
[2011/04/02 19:50:45 | 000,825,847 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.4
[2011/04/02 19:50:44 | 000,825,832 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.3
[2011/04/02 19:50:42 | 000,825,800 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.2
[2011/04/02 19:50:40 | 000,825,880 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.1
[2011/04/02 19:50:38 | 001,384,564 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.0
[2011/04/02 19:50:38 | 000,825,837 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.JPG
[2011/04/02 19:50:07 | 000,668,731 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp931.1
[2011/04/02 19:50:06 | 001,074,798 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp931.0
[2011/04/02 19:50:06 | 000,668,666 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp931.JPG
[2011/04/02 19:49:46 | 000,992,933 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.3
[2011/04/02 19:49:44 | 000,992,938 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.2
[2011/04/02 19:49:41 | 000,992,960 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.1
[2011/04/02 19:49:37 | 000,993,025 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.JPG
[2011/04/02 19:49:36 | 001,676,542 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.0
[2011/04/02 19:49:15 | 001,019,917 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.3
[2011/04/02 19:49:14 | 001,019,948 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.2
[2011/04/02 19:49:12 | 001,019,915 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.1
[2011/04/02 19:49:11 | 001,019,935 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.JPG
[2011/04/02 19:49:10 | 001,731,616 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.0
[2011/04/02 19:48:35 | 000,840,600 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp935.1
[2011/04/02 19:48:34 | 000,840,566 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp935.JPG
[2011/04/02 19:48:33 | 001,398,459 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp935.0
[2011/04/02 19:48:11 | 001,302,707 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.3
[2011/04/02 19:48:09 | 001,302,785 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.2
[2011/04/02 19:48:02 | 001,302,823 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.1
[2011/04/02 19:48:00 | 002,229,102 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.0
[2011/04/02 19:48:00 | 001,302,711 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.JPG
[2011/04/02 19:47:37 | 001,242,833 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.3
[2011/04/02 19:47:35 | 001,242,866 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.2
[2011/04/02 19:47:33 | 001,242,872 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.1
[2011/04/02 19:47:32 | 001,242,762 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.JPG
[2011/04/02 19:47:31 | 002,137,055 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.0
[2011/04/02 19:46:59 | 000,908,440 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.3
[2011/04/02 19:46:58 | 000,908,473 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.2
[2011/04/02 19:46:54 | 000,908,505 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.1
[2011/04/02 19:46:53 | 001,508,898 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.0
[2011/04/02 19:46:53 | 000,908,407 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.JPG
[2011/04/02 19:46:16 | 000,978,536 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp950.1
[2011/04/02 19:46:15 | 000,978,493 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp950.JPG
[2011/04/02 19:46:14 | 001,624,216 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp950.0
[2011/04/02 19:44:29 | 001,195,691 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp955.1
[2011/04/02 19:44:27 | 001,942,867 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp955.0
[2011/04/02 19:44:27 | 001,195,632 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp955.JPG
[2011/04/02 19:43:02 | 001,020,360 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.3
[2011/04/02 19:43:01 | 001,020,400 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.2
[2011/04/02 19:42:58 | 001,020,353 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.1
[2011/04/02 19:42:56 | 001,616,715 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.0
[2011/04/02 19:42:56 | 001,020,387 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.JPG
[2011/04/02 19:40:36 | 001,190,781 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141.1
[2011/04/02 19:40:35 | 002,101,757 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141.0
[2011/04/02 19:40:35 | 001,190,638 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141.JPG
[2011/04/02 19:40:31 | 000,015,476 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141_navi.JPG
[2011/04/02 19:37:25 | 000,604,325 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 217.JPG
[2011/04/02 19:37:24 | 000,831,836 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 217.0
[2011/04/02 19:36:48 | 000,724,594 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp307.1
[2011/04/02 19:36:46 | 001,091,748 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp307.0
[2011/04/02 19:36:46 | 000,724,584 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp307.JPG
[2011/04/02 19:36:08 | 000,631,585 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.1
[2011/04/02 19:36:06 | 000,985,886 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.0
[2011/04/02 19:35:45 | 000,605,060 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp311.1
[2011/04/02 19:35:44 | 000,879,030 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp311.JPG
[2011/04/02 19:35:20 | 000,771,618 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp312.1
[2011/04/02 19:35:18 | 001,215,884 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp312.0
[2011/04/02 19:34:59 | 000,761,730 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp313.1
[2011/04/02 19:34:56 | 000,761,718 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp313.JPG
[2011/04/02 19:34:55 | 001,252,384 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp313.0
[2011/04/02 19:34:36 | 000,881,082 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.5
[2011/04/02 19:34:33 | 000,881,080 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.4
[2011/04/02 19:34:27 | 000,714,192 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.1
[2011/04/02 19:34:25 | 001,076,798 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.0
[2011/04/02 19:34:25 | 000,714,130 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.JPG
[2011/03/14 11:28:15 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/10 10:05:27 | 000,696,824 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp394.JPG
[2011/03/10 10:00:26 | 001,562,560 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp288.JPG
[2011/03/10 10:00:26 | 000,017,930 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp288_navi.JPG
[2011/03/10 09:59:12 | 000,615,480 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp204.1
[2011/03/10 09:59:10 | 000,970,205 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp204.0
[2011/03/10 09:59:10 | 000,615,436 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp204.JPG
[2011/03/10 09:58:46 | 000,831,568 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.3
[2011/03/10 09:58:43 | 000,831,560 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.2
[2011/03/10 09:58:41 | 000,831,589 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.1
[2011/03/10 09:58:39 | 000,831,542 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.JPG
[2011/03/10 09:58:38 | 001,378,740 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.0
[2011/01/13 09:23:18 | 001,134,304 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp063.0
[2011/01/13 09:21:40 | 000,958,877 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045.1
[2011/01/13 09:21:40 | 000,958,838 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045.JPG
[2011/01/13 09:21:29 | 000,012,900 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045_navi.JPG
[2011/01/13 09:20:01 | 001,481,949 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045.0
[2011/01/13 09:16:17 | 001,766,267 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp046.JPG
[2010/12/30 02:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/27 10:40:27 | 000,033,363 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.3
[2010/09/27 10:40:27 | 000,033,338 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.2
[2010/09/27 10:40:26 | 000,033,363 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.1
[2010/09/27 10:40:25 | 000,052,568 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.JPG
[2010/09/27 10:40:25 | 000,052,568 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.0
[2010/08/15 03:26:16 | 000,000,290 | ---- | C] () -- C:\Windows\EReg220.dat
[2010/05/28 11:43:03 | 000,000,000 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp1094.JPG
[2010/05/28 11:43:03 | 000,000,000 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp1094.0
[2010/03/05 10:31:28 | 001,051,327 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.3
[2010/03/05 10:31:24 | 001,051,327 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.2
[2010/03/05 10:31:20 | 001,051,531 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.1
[2010/03/05 10:31:15 | 001,791,686 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.0
[2010/03/05 10:31:15 | 001,051,266 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.JPG
[2010/01/30 12:29:10 | 000,000,129 | ---- | C] () -- C:\Users\TROY\jagex_runescape_preferences2.dat
[2010/01/30 12:27:55 | 000,000,041 | ---- | C] () -- C:\Users\TROY\jagex_runescape_preferences.dat

========== LOP Check ==========

[2011/06/11 14:00:27 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Amazon
[2011/07/02 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Catalina Marketing Corp
[2012/07/30 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Fighters
[2012/07/08 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Firefly Studios
[2010/11/18 22:55:47 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Gamelab
[2012/06/10 21:20:56 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Genieo
[2009/12/31 23:32:10 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Hulabee
[2012/02/01 20:43:21 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\iWin
[2011/12/26 20:52:15 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Leadertech
[2012/06/10 21:03:57 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\MusicOasis
[2009/12/28 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\PictureMover
[2012/01/21 11:58:53 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Product_RM
[2012/01/21 17:14:16 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Registry Mechanic
[2010/01/13 09:45:21 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\SanDisk
[2010/01/05 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\School Zone Preferences
[2012/06/10 21:47:19 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Smart PC Cleaner
[2011/07/14 04:01:15 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Smilebox
[2011/04/17 08:35:08 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Template
[2011/03/21 19:34:02 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\The Creative Assembly
[2010/12/10 07:56:51 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\WildTangentv1001
[2010/01/08 18:22:44 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\WinBatch
[2011/03/14 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Windows Live Writer
[2010/06/15 00:44:03 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\YoudaGames
[2012/07/31 10:01:24 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/07/31 11:58:21 | 000,000,458 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job
[2012/07/31 11:00:00 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\RGames Updater.job
[2012/07/29 19:00:07 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012/07/31 11:58:20 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\RPCReminder.job
[2012/01/24 11:32:44 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:FA7CDE12

< End of report >
  • 0

#5
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

You told in your topic on avast forum that you ran ComboFix. Can you send me that log?

# Step 1 #
Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#6
loadblok

loadblok

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
FSS.txt:

Farbar Service Scanner Version: 26-07-2012
Ran by TROY (administrator) on 31-07-2012 at 15:33:01
Running from "C:\Users\TROY\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

ComboFix log:
ComboFix 12-07-30.03 - TROY 07/31/2012 10:06:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6134.4988 [GMT -5:00]
Running from: c:\users\TROY\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\iWin Games\iWINgameshookie.dll
c:\program files (x86)\Retrogamer_2zEI
c:\programdata\EAW Deathstar.scr
c:\users\TROY\AppData\Local\RivalGaming\RiVAlgaming.dll
c:\users\TROY\AppData\Roaming\E18E54
c:\users\TROY\xobglu32.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\@
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\L\[email protected]
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\L\1afb2d56
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\L\201d3dde
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
c:\windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\[email protected]
c:\windows\jestertb.dll
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 15:14 . 2012-07-31 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 14:10 . 2012-07-31 14:10 -------- d-----w- C:\_OTL
2012-07-30 21:08 . 2012-07-30 21:08 -------- d-----w- c:\program files (x86)\Oracle
2012-07-30 21:07 . 2012-07-06 03:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-30 18:39 . 2012-07-30 18:39 -------- d-----w- c:\users\TROY\AppData\Roaming\Malwarebytes
2012-07-30 18:39 . 2012-07-30 18:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-30 18:39 . 2012-07-30 18:39 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 18:39 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 13:43 . 2012-07-14 13:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 22:06 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{482280CD-A38E-4E6D-9BA5-4A5E6F803DDD}\mpengine.dll
2012-07-12 22:08 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 08:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:56 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 23:56 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 23:56 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 23:56 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 23:56 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-10 23:56 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-10 23:56 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 23:56 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-10 23:56 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-10 23:49 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 23:49 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 23:49 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 23:49 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-10 23:49 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 23:49 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 23:49 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-09 01:15 . 2012-07-09 01:15 -------- d-----w- c:\users\TROY\AppData\Local\Geckofx
2012-07-09 01:15 . 2012-07-09 01:15 -------- d-----w- c:\users\TROY\AppData\Roaming\Firefly Studios
2012-07-08 17:21 . 2012-07-08 17:21 -------- d-----w- c:\program files (x86)\Conduit
2012-07-08 17:21 . 2012-07-08 17:21 -------- d-----w- c:\users\TROY\AppData\Local\Conduit
2012-07-08 17:20 . 2012-07-08 17:21 -------- d-----w- c:\program files (x86)\Produtools_Manuals_2.1
2012-07-03 19:39 . 2012-02-10 23:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECCF806B-E6DD-48D8-BC09-9F360326A815}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 22:42 . 2012-04-07 18:29 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 22:42 . 2011-06-16 14:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 08:02 . 2010-09-17 10:23 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-11 02:24 . 2011-03-19 14:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 01:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 01:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 01:51 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 01:51 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 01:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 01:51 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 01:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 01:50 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 01:50 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-14 02:15 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 02:15 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 02:15 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}"= "c:\program files (x86)\Produtools_Manuals_2.1\prxtbProd.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Produtools_Manuals_2.1\prxtbProd.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}"= "c:\program files (x86)\Produtools_Manuals_2.1\prxtbProd.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"SansaDispatch"="c:\users\TROY\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-13 79872]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-26 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Smart PC Cleaner"="c:\program files (x86)\Smart PC Cleaner\SPCLauncher.exe" [2012-01-28 80016]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-03-22 4862384]
"GenieoUpdaterService"="c:\users\TROY\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" [2012-06-25 280928]
"GenieoSystemTray"="c:\users\TROY\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [2012-06-25 564064]
"Browser Infrastructure Helper"="c:\users\TROY\AppData\Local\Smartbar\Application\Smartbar.exe" [2012-06-24 13824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-05 103896]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Starter"="c:\program files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe" [2012-02-15 79728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-03-22 4862384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-9-26 1701224]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 t1pusb64;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb64.sys [2011-05-03 168192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-14 1255736]
S0 mctkmdldr;mctkmdldr;c:\windows\system32\drivers\mctkmdldr64.sys [2011-04-08 19584]
S2 GManager;GManager;c:\windows\system32\GManager.exe [2011-05-04 300920]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 MCTDesktopSvr;MCTDesktopSvr;c:\program files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [2011-05-04 199296]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [2010-11-24 130000]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-05 793048]
S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [2010-11-22 55400]
S3 mctkmd;mctkmd;c:\windows\system32\drivers\mctkmd64.sys [2011-04-22 117376]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:42]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 18:08]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 18:08]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1643144743-2594041797-535586485-1000Core.job
- c:\users\TROY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13 12:19]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1643144743-2594041797-535586485-1000UA.job
- c:\users\TROY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13 12:19]
.
2012-07-11 c:\windows\Tasks\HPCeeScheduleForTROY.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-26 21:38]
.
2012-07-30 c:\windows\Tasks\Norton Security Scan for TROY.job
- c:\progra~2\NORTON~2\Engine\313~1.7\Nss.exe [2011-07-01 07:45]
.
2012-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
2012-07-31 c:\windows\Tasks\RegPowerClean.job
- c:\program files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2012-06-11 20:30]
.
2012-07-30 c:\windows\Tasks\RGames Updater.job
- c:\users\TROY\AppData\Local\RivalGaming\Updater.exe [2012-06-11 01:59]
.
2012-07-30 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2012-01-21 04:24]
.
2012-07-31 c:\windows\Tasks\RPCReminder.job
- c:\program files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe [2012-06-11 20:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-24 363544]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"MCTDUtil"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
"FDispPos"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.genieo.com/?v=w3i8
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=74b7139c-673a-4b8d-a82c-7306a1f83cda&searchtype=ds&isid=9860&q={searchTerms}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-RegistryMechanic - c:\program files (x86)\Registry Mechanic\RMTray.exe
Wow6432Node-HKCU-Run-Start WingMan Profiler - (no file)
Wow6432Node-HKCU-Run-FDPRO-501 - c:\program files (x86)\Fighters\FighterLauncher.exe
SafeBoot-MsMpSvc
BHO-{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
Toolbar-10 - (no file)
AddRemove-bflixtoolbar - c:\program files (x86)\bflixtoolbar\uninstall.exe
AddRemove-DefaultTab - c:\users\TROY\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-DefaultTab Chrome - c:\program files (x86)\DefaultTab\uninstaller.exe
AddRemove-Searchqu 406 MediaBar - c:\program files (x86)\Windows iLivid Toolbar\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1643144743-2594041797-535586485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1643144743-2594041797-535586485-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2012-07-31 10:20:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 15:20
.
Pre-Run: 495,177,482,240 bytes free
Post-Run: 495,064,018,944 bytes free
.
- - End Of File - - 57257E5D7C01B33668B2E4B5AF28C8BE
  • 0

#7
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Please, check if the Windows update is working.
http://windows.micro.../windows-update

Do you have the Windows 7 DVD?

I need to know if you have the Recovery Console in your computer. To see this, follow these steps:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • See if the option Repair your computer exist:
    Posted Image

Edited by WhiteHat, 01 August 2012 - 11:59 AM.

  • 0

#8
loadblok

loadblok

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi WhiteHat,

Thanks for the help thus far. I don't want you to think I am giving up, but I will not be able to work on the PC for a few days. I will report back what you asked in the last post, but most likely not until early next week,

Thanks again for the great help!
  • 0

#9
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Ok, no problems.

I will wait. :thumbsup:
  • 0

#10
loadblok

loadblok

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi WhiteHat,
I was able to get back to this quicker than anticipated. The Repair Console is available, and Windows Update is currently broken. I get "unknown" error 80246008, failing the attempt at update. I found that the BITS service was missing from the Services.msc, and ran the following to repair:

sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto

That has fixed the Windows Update error.

Edited by loadblok, 03 August 2012 - 02:25 PM.

  • 0

#11
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

For the next step you will need an USB stick.

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP