Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lingering effects from Live Security Platinum [Closed]


  • This topic is locked This topic is locked

#1
thamasta

thamasta

    Member

  • Member
  • PipPip
  • 81 posts
Hello,

I was using my computer earlier today and walked away for a few minutes while it was on and came back to Live Security Platinum telling me my computer was infected. I came to this site and I followed the steps described using MBAM to remove the infection. I've now rebooted the computer and am no longer getting pop-ups from Live Security Platinum, but I am unable to run Microsoft Security Essentials now. Further reading on this site says it's a left over effect from the virus, so I'm hoping to get some help. Here's my OTL log, thanks for all the help :).


OTL logfile created on: 7/30/2012 10:24:01 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan\Downloads\AV
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 76.55% Memory free
15.79 Gb Paging File | 13.74 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.66 Gb Total Space | 217.96 Gb Free Space | 48.91% Space Free | Partition Type: NTFS
Drive H: | 20.00 Gb Total Space | 18.86 Gb Free Space | 94.30% Space Free | Partition Type: NTFS

Computer Name: BASE | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 22:23:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\AV\OTL.exe
PRC - [2012/07/27 09:39:18 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012/07/17 19:22:03 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/04 08:59:45 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/06 09:27:04 | 002,342,400 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2010/05/21 12:18:50 | 001,024,000 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2010/04/21 10:56:32 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2010/03/03 10:45:46 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
PRC - [2009/12/21 09:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 21:11:54 | 000,427,008 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\wpldmg.dll
MOD - [2012/07/27 09:39:18 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/07/17 19:21:58 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/13 14:43:13 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/13 13:10:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 11:10:45 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 11:10:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 11:10:30 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/05/13 09:51:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 09:50:44 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 09:50:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 09:50:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 09:50:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/13 09:50:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/04 11:40:10 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2011/01/06 09:27:10 | 000,194,560 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/01/06 09:27:04 | 002,342,400 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
MOD - [2010/12/12 06:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 06:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 06:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 06:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 06:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 06:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 14:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll
MOD - [2010/05/23 14:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua51.dll
MOD - [2010/03/19 20:14:20 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/27 09:39:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/17 19:22:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/28 18:48:39 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/20 16:05:04 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/22 04:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/14 18:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/11/15 07:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010/04/21 10:56:32 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 10:45:46 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/30 22:16:23 | 000,036,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/04 09:12:31 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012/02/04 08:59:45 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/07 17:05:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2011/05/03 05:34:50 | 000,762,472 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/05 17:10:44 | 001,119,072 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 19:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2011/10/20 12:48:16 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/14 03:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...CA&dcc=CA&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 D7 61 E8 E5 E2 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=SPLEP1&pc=SPLH
IE - HKCU\..\SearchScopes\{837BD38B-5FDC-4613-B698-A285C7C5E205}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{959612B8-2D1F-4596-8D1B-C4A56CF08563}: "URL" = http://search.yahoo....vm&type=PROTOSV
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ca"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 19:22:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/24 13:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B2699992-DAAC-11E1-8270-B8AC6F996F26}: C:\Users\Ryan\AppData\Local\{B2699992-DAAC-11E1-8270-B8AC6F996F26}\ [2012/07/30 21:11:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 19:22:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/04 09:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2012/07/24 18:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rebxovsq.default\extensions
[2012/07/10 10:15:58 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rebxovsq.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/05/20 10:06:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rebxovsq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/17 18:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/30 21:11:56 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\RYAN\APPDATA\LOCAL\{B2699992-DAAC-11E1-8270-B8AC6F996F26}
[2012/02/13 08:15:33 | 000,105,380 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\REBXOVSQ.DEFAULT\EXTENSIONS\[email protected]
[2012/06/02 11:32:24 | 000,013,684 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\REBXOVSQ.DEFAULT\EXTENSIONS\[email protected]
[2012/03/24 10:08:01 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\REBXOVSQ.DEFAULT\EXTENSIONS\[email protected]
[2012/07/17 19:22:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/17 18:04:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 18:04:59 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Google Drive = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: YouTube = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: openMarkers - Your favorite places on travel = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbddgbbhgiehapkemoldgekakllapanc\9.22_0\
CHR - Extension: Offline Google Mail = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.18_0\
CHR - Extension: Google Calendar = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: PanicButton = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.1_0\
CHR - Extension: AdBlock = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: Next Bus London = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\golhdmegajbopkkhfbjbilfecnjaobod\1.0.1_0\
CHR - Extension: Dropbox = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.2_0\
CHR - Extension: TouristEye Planner = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg\9_0\
CHR - Extension: Google Maps = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: Google Mail Checker = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Cloud9 = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp\1.9.8.2_0\
CHR - Extension: Gmail = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/26 15:27:24 | 000,001,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nmlets] rundll32.exe "C:\Users\Ryan\AppData\Roaming\nmlets.dll",CenterDialog File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [wpldmg] C:\Users\Ryan\AppData\Roaming\wpldmg.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [wpldmg] C:\Users\Ryan\AppData\Roaming\wpldmg.dll ()
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81112B0B-598F-4007-94A8-1EDD541D78C9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA13DC39-2F46-43E0-A763-9191B0242C1A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (expstart.exe) - expstart.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1B46F8DD-A511-417A-BFFA-B2D8ED7742E9}
[2012/07/30 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D67D2F30-37D0-4DEE-9C7B-97C624A24CA9}
[2012/07/30 21:14:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/30 21:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCA90009B0B20000D3B3F875EF60
[2012/07/30 21:11:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B2699992-DAAC-11E1-8270-B8AC6F996F26}
[2012/07/30 10:01:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{AC13AFA9-87DA-4CF6-995C-05E5CC93F8C4}
[2012/07/30 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9037FF64-4777-47CB-985C-60ED8C9B4D57}
[2012/07/29 18:00:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{71BA19E3-5CE0-422B-92CB-4F9274E2B51B}
[2012/07/29 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{02B10E39-78E6-406D-A3DC-648D8F3C8F15}
[2012/07/29 06:00:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{88FB72DE-D12D-470B-8FF2-DDD6EB368B4F}
[2012/07/29 06:00:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C93CD714-88D0-4B87-AA11-9590177484C9}
[2012/07/28 10:41:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C65419F3-05A9-42C7-AC0C-6DAB4B98AFC0}
[2012/07/28 10:40:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{605274DE-BAE0-47A7-8271-84B4980BCCC1}
[2012/07/27 22:13:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{2CF698CE-D748-4954-B1CA-CBF7DCD63900}
[2012/07/27 22:13:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C818DF18-A44F-47C4-B0C3-5EEC0358C2B2}
[2012/07/27 10:12:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8C889F9F-3B16-449B-842C-552995D5D9F9}
[2012/07/27 10:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F318133F-C642-4812-AE97-457AB96A827E}
[2012/07/26 23:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/26 22:11:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EFF9E262-E3B4-4360-9E18-AC97A94A53D7}
[2012/07/26 22:11:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{FA4C10C0-9611-455F-AFB7-295A03AFB8D7}
[2012/07/26 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\CDisplayEx
[2012/07/26 17:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
[2012/07/26 17:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplayEx
[2012/07/26 09:59:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{ED779B69-6323-4DD2-9B75-A5413D505FAE}
[2012/07/26 09:59:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{A53CBDB8-A139-45B0-B2D1-0DF6531890A5}
[2012/07/25 21:58:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{07EBBAF6-7780-4946-9CF6-E1F52F582844}
[2012/07/25 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{FC9F4940-55F2-4F87-B742-2EE0644162CB}
[2012/07/25 09:58:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{E74F8A42-3647-41BA-ADAE-53344F1E792A}
[2012/07/24 21:57:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{54F7BA74-DA55-4698-A204-775B737F8A7E}
[2012/07/24 21:57:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{12CB7A02-00E3-428C-BBF7-5F23F3DB7EF4}
[2012/07/24 09:57:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{E1A9063F-4B66-4D5C-BA96-3ECA7638D4D2}
[2012/07/24 09:57:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9F2BF2A7-74DE-4F5F-8967-2C6FA7B1E27B}
[2012/07/23 21:55:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{ABFE9EEB-1976-4C23-B100-D60B7695CF45}
[2012/07/23 21:55:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D8C747DB-633B-43F5-B3A7-9E84EE12ACE6}
[2012/07/23 16:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/23 09:55:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{BF278ECE-2F91-4DA1-8AC3-573B7B9929A5}
[2012/07/23 09:55:01 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F78A6EDB-59B3-4977-B7A0-E0118B9EEE32}
[2012/07/22 21:54:35 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3E65BBE5-1B43-4AB2-8D99-87193183B636}
[2012/07/22 21:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{7570151F-94A9-4037-9692-7B88F6DE1834}
[2012/07/22 21:41:36 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\TeraCopy
[2012/07/22 21:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2012/07/22 21:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2012/07/22 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C68EEDA0-F436-4BF4-8158-BEA7A69EE9A8}
[2012/07/22 09:53:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{38BD93F6-0BCD-4E13-A3A8-288CA2D39876}
[2012/07/22 00:14:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\six-zsync
[2012/07/22 00:14:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\six-updater
[2012/07/22 00:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
[2012/07/22 00:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects
[2012/07/22 00:13:35 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Downloaded Installations
[2012/07/21 23:31:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ArmA 2 OA
[2012/07/21 23:19:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\ArmA 2
[2012/07/21 23:19:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ArmA 2
[2012/07/21 23:19:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/07/21 23:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/07/21 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8C46EB01-2BA4-4849-84E2-D15FC42C8677}
[2012/07/21 21:03:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B76B920E-4D54-471C-A096-48673CE7C7DB}
[2012/07/21 09:02:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{70546CF0-1BB9-4021-82E3-2A63B888EBC3}
[2012/07/21 09:02:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{574C802D-C8E9-4970-A91F-0A6A0BF5D972}
[2012/07/20 10:48:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CF6784CE-52C5-4EB8-80CE-900861C0C477}
[2012/07/20 10:48:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{E32B659C-6295-4DCB-82A2-033271BBA585}
[2012/07/19 22:47:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{91B835B3-DBFF-4DA3-8963-A762D52E6B49}
[2012/07/19 22:47:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3C5C5401-B936-4A35-9F92-2B89BFDB73F6}
[2012/07/19 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8B46428E-B498-44A0-8DE0-7C17B839F104}
[2012/07/19 10:46:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{2A45902C-EE29-4265-AAF6-53F6BFE38D32}
[2012/07/18 19:45:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1962AF30-B058-4769-AF33-35703A862F69}
[2012/07/18 19:45:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{07056F89-3333-4A2A-BE3C-79E3A172EEFB}
[2012/07/18 13:41:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan\jagexcache1
[2012/07/18 07:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5D4F8FA3-7A17-49A5-BC47-23CC2D458199}
[2012/07/18 07:44:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{40D897B3-9C58-414C-8D77-E00D55C5E7A4}
[2012/07/17 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{23D8DE6D-8D7F-4B84-AE90-CDB801661997}
[2012/07/17 10:51:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EC0BED7D-4FE7-40BE-96DA-AF91099766B5}
[2012/07/17 00:32:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Games for Windows - LIVE Demos
[2012/07/17 00:26:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012/07/17 00:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/07/17 00:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012/07/16 09:13:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D3C5B86A-3DF6-48DE-9CAB-D95E27BA383E}
[2012/07/16 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5B78CDD1-6070-49A6-AA9F-67277E0E16DF}
[2012/07/15 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F1E3E33F-652D-4866-8CBC-700155E2B8C6}
[2012/07/15 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{411B685E-D981-4984-973A-3B5CBAAECCDD}
[2012/07/15 01:05:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{179CF9FD-EE8F-4AC2-8DA3-78F7F2C0176B}
[2012/07/15 01:05:05 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6FB4F63C-5E7B-4312-B79D-238425173FCA}
[2012/07/14 10:57:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{55B37D45-DA3A-459C-B1E2-5B12DB943AC5}
[2012/07/14 10:57:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{7BE9B499-81A4-4EE5-B0A9-20EB015167EE}
[2012/07/13 22:35:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{AA50A3F7-B5FE-4B73-B724-F927C46C43FA}
[2012/07/13 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5AFA456E-F7A0-4706-B2A8-CF1C1B938A37}
[2012/07/13 10:35:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{38173A93-6F8A-440A-B3DD-74211BC026E7}
[2012/07/13 10:34:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D01101D5-AE41-4232-AC03-54404998731E}
[2012/07/12 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5B6039F3-E3E5-4712-8DD1-442360D84821}
[2012/07/12 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EC02F229-1D0D-416C-8520-F8F9CE98A768}
[2012/07/12 10:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{72188C0D-5C15-4BDC-8F7E-EBD43E2F4AAB}
[2012/07/12 10:33:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{324E2294-F022-4FA7-8767-ABB416EAC599}
[2012/07/11 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C6177513-A865-4EE8-8E1F-D10373375976}
[2012/07/11 10:20:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{DAC2AC26-B0C0-4CA4-97C8-EBF7BA11C8E0}
[2012/07/10 22:20:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{76F095A9-8E8E-4680-9B7B-358701306AC3}
[2012/07/10 22:19:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D30273E4-6D01-45F7-90A4-291C509B434B}
[2012/07/10 13:59:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Cracked
[2012/07/10 13:55:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\.minecraft
[2012/07/10 10:19:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{BAA225EE-1C4B-45FE-860D-2E1C71248FFA}
[2012/07/10 10:19:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{348D31A8-FBF7-4EA8-9E99-14C0A913E35A}
[2012/07/09 22:18:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{451B73A5-C24C-4A80-B62A-1E481C7C4692}
[2012/07/09 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{FE68207A-6595-4C0D-A4EA-1E54DDA761C2}
[2012/07/09 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ColorByNumbers
[2012/07/09 16:18:35 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Mumble
[2012/07/09 10:18:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6F18EB51-F546-439B-BA2F-32B9027E1AF2}
[2012/07/09 10:18:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EC80465C-246B-4CF3-999F-218363CAF813}
[2012/07/09 09:38:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Mumble
[2012/07/09 09:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/07/09 09:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012/07/08 23:36:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Hailstone
[2012/07/08 22:17:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{2968FCBB-5FCE-4FF0-A588-0DF32A7CEAFA}
[2012/07/08 22:17:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{96304B49-8E13-47CF-BFA9-9E8052698984}
[2012/07/08 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{A4509E7B-9F1F-48E5-BE1C-517F9E79CC4A}
[2012/07/08 10:16:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{91D31A9B-C1A0-47DD-A6A7-305D8AF14D16}
[2012/07/07 22:16:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{13BE2675-1F81-4F9C-A0DD-71F531193FAF}
[2012/07/07 22:16:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{DBC5DB42-414A-44DD-9BE5-4F4F04B54EB0}
[2012/07/07 10:16:01 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{37A24519-4D8A-4648-A454-F75C93252A6A}
[2012/07/07 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{54B421B4-C463-4E34-9A8A-6D9F57A86696}
[2012/07/06 09:51:53 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D4FD3BEE-8D08-44A8-858B-4B038D9CFF2B}
[2012/07/06 09:51:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8169B098-60FD-4B8E-8297-AA9E25DBB549}
[2012/07/05 21:51:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{30D96C6F-2E18-48C4-BAB1-9E615EDA43F8}
[2012/07/05 21:51:05 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9319AA27-75A1-4986-82A1-E0D79836BE8A}
[2012/07/05 09:50:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{102707DD-E360-4592-B455-EA155CEA61C7}
[2012/07/05 09:50:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B8C656B6-A612-46AC-BA4A-B3DE155F5903}
[2012/07/05 08:37:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\RS
[2012/07/04 21:50:01 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{A82FB583-38A7-4FEC-B16E-0376927D9C7F}
[2012/07/04 21:49:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{06019A94-3E04-4B19-8296-6FF25E966569}
[2012/07/04 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2012/07/04 09:49:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3418677D-B93F-4BB8-B107-BA4FDA5C7763}
[2012/07/04 09:49:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C01E3068-1D8D-48E8-8C7A-98905EB4B27D}
[2012/07/03 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Brushes
[2012/07/03 21:31:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6F8501A9-B888-4F71-B51D-6A1B820C4455}
[2012/07/03 21:31:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5BB606C6-2BB4-4DC4-A578-96639B3BB2F4}
[2012/07/03 09:30:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1583DB06-CADE-4DCE-803C-130AB0CA971A}
[2012/07/03 09:30:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9A5A7C9A-04AA-4CAF-A44D-71AAFE01CF05}
[2012/07/02 21:29:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{DC8D3FF2-EC4A-4239-B77F-EF81804E5936}
[2012/07/02 21:29:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{DE777B58-E8B3-4C89-A0C4-DFC2F36A48DA}
[2012/07/02 06:54:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6D0F287E-D9EC-4778-B705-26FAC3696183}
[2012/07/02 06:54:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CB6AB049-562E-4094-8902-0F976E86DFB4}
[2012/07/01 08:04:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{A4BF712C-CF8F-4591-84AB-4B751D0F0D5A}
[2012/07/01 08:04:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F69EC658-AA02-47DB-83AF-1631F9F66BDC}
[2012/05/23 15:36:22 | 002,748,928 | ---- | C] (door2windows) -- C:\Users\Ryan\Windows 7 Start Orb Changer.exe

========== Files - Modified Within 30 Days ==========

[2012/07/30 22:27:09 | 000,729,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/30 22:27:09 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/30 22:27:09 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/30 22:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 22:20:13 | 2064,060,415 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 22:16:23 | 000,036,168 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/07/30 21:11:54 | 000,427,008 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\wpldmg.dll
[2012/07/30 20:56:14 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2012/07/30 20:55:32 | 004,988,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/30 20:53:30 | 000,050,536 | ---- | M] () -- C:\Windows\UTP.exe
[2012/07/30 19:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 17:21:53 | 000,000,043 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE.dat
[2012/07/28 02:03:08 | 000,000,024 | ---- | M] () -- C:\Users\Ryan\random.dat
[2012/07/28 02:01:46 | 000,000,044 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE1.dat
[2012/07/27 09:36:21 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 09:36:21 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 18:49:02 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012/07/24 18:49:02 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012/07/23 00:09:34 | 000,000,024 | ---- | M] () -- C:\Users\Ryan\jagexappletviewer.preferences
[2012/07/16 13:49:37 | 000,000,048 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE_BETA.dat
[2012/07/10 13:59:12 | 000,000,985 | ---- | M] () -- C:\Users\Ryan\Desktop\Start Minecraft Cracked.lnk
[2012/07/09 09:38:42 | 000,002,378 | ---- | M] () -- C:\Users\Ryan\Documents\MumbleAutomaticCertificateBackup.p12
[2012/07/09 09:38:13 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/07/06 10:24:10 | 000,000,132 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/04 17:20:23 | 000,002,050 | ---- | M] () -- C:\Users\Ryan\Desktop\RuneScape.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/30 22:16:23 | 000,036,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/07/30 21:11:53 | 000,427,008 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\wpldmg.dll
[2012/07/30 21:11:13 | 000,023,040 | ---- | C] () -- C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U\[email protected]
[2012/07/30 21:11:12 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U\[email protected]
[2012/07/30 21:11:12 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U\[email protected]
[2012/07/30 20:53:30 | 000,050,536 | ---- | C] () -- C:\Windows\UTP.exe
[2012/07/22 00:13:51 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012/07/22 00:13:51 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012/07/18 13:41:57 | 000,000,044 | ---- | C] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE1.dat
[2012/07/16 13:49:37 | 000,000,048 | ---- | C] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE_BETA.dat
[2012/07/10 13:59:12 | 000,000,985 | ---- | C] () -- C:\Users\Ryan\Desktop\Start Minecraft Cracked.lnk
[2012/07/09 09:38:42 | 000,002,378 | ---- | C] () -- C:\Users\Ryan\Documents\MumbleAutomaticCertificateBackup.p12
[2012/07/09 09:38:13 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/07/04 17:20:40 | 000,000,024 | ---- | C] () -- C:\Users\Ryan\jagexappletviewer.preferences
[2012/07/04 17:20:23 | 000,002,080 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2012/07/04 17:20:23 | 000,002,050 | ---- | C] () -- C:\Users\Ryan\Desktop\RuneScape.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/13 14:03:46 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/04 09:05:05 | 000,000,024 | ---- | C] () -- C:\Users\Ryan\random.dat
[2012/03/04 09:05:04 | 000,000,043 | ---- | C] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE.dat
[2012/03/03 17:54:12 | 000,000,600 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\winscp.rnd
[2012/02/12 10:30:47 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/02/11 20:11:32 | 000,005,464 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/02/11 20:11:30 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2012/02/11 20:11:30 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2012/02/11 20:11:30 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2012/02/11 20:11:30 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2012/02/11 20:11:30 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll
[2012/02/11 20:11:30 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2012/02/11 20:11:30 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2012/02/11 20:11:30 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2012/02/11 20:11:30 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2012/02/11 20:11:30 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2012/02/11 20:11:30 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2012/02/11 20:11:30 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2012/02/11 20:11:30 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2012/02/11 20:11:30 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2012/02/11 20:11:30 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2012/02/11 20:11:30 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012/02/06 21:26:26 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012/02/05 11:23:06 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\@
[2012/02/05 11:23:06 | 000,002,048 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\{f219850a-8862-2877-ba35-c2ee86f69397}\@
[2012/02/04 11:43:24 | 000,003,284 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\ANIWZCS{AA13DC39-2F46-43E0-A763-9191B0242C1A}
[2012/02/04 11:40:30 | 000,000,258 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\ANICONFIG_{AA13DC39-2F46-43E0-A763-9191B0242C1A}.ini
[2012/02/04 11:39:42 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012/02/04 10:10:12 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/04 09:02:21 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/02/04 09:02:21 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/02/04 09:02:21 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/02/04 09:02:19 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/02/04 09:02:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/02/04 08:59:55 | 000,000,003 | ---- | C] () -- C:\Users\Ryan\AppData\Local\user_data.ini
[2012/02/04 08:54:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/04 08:54:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/12/05 07:16:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2011/12/05 06:39:12 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== LOP Check ==========

[2012/07/30 14:45:36 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\.minecraft
[2012/07/26 17:34:02 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\CDisplayEx
[2012/02/04 09:32:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DeviceVm
[2012/07/30 22:20:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Dropbox
[2012/03/30 20:32:31 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\GameTuts
[2012/02/04 11:37:58 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leadertech
[2012/02/04 11:12:00 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient
[2012/05/23 13:34:29 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient2
[2012/03/22 12:25:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Microchip
[2012/07/09 16:18:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mumble
[2012/02/26 21:56:09 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Notepad++
[2012/02/04 17:29:29 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Rainmeter
[2012/06/15 22:25:19 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\redsn0w
[2012/07/22 00:14:46 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\six-updater
[2012/07/22 00:14:09 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\six-zsync
[2012/02/04 10:09:55 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Splashtop
[2012/02/08 22:25:15 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/04 09:38:45 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SystemRequirementsLab
[2012/07/22 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TeraCopy
[2012/02/26 21:42:05 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Thunderbird
[2012/02/05 11:46:38 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TuneUp Software
[2012/07/30 14:46:02 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2012/06/15 16:41:49 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
thamasta

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
A quick update, random music is now playing from the computer. When I open the volume mixer to see what's playing the music, it says it's coming from Host Process for Windows Services. Are these problems related or do I have multiple infections?

*Edit*

Things are looking worse. I uninstalled and then reinstalled Microsoft Security Essentials and it updated and scanned, and told me it found a couple of infections. A pop up showed saying "Windows has encounters a critical problem and will restart automatically in one minute. Please save your work now." At the same time a message from MSE comes up saying the computer must be restarted to finish cleaning. However, when the computer restarts these two messages appear again and it keeps happening.

Edited by thamasta, 31 July 2012 - 11:04 AM.

  • 0

#3
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello thamasta, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
    I would recommend printing them out, if you can, so you can check off each step as you complete it.
    Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
  • If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!
  • All tools must be run from an account with Administrator privileges.
  • Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.
In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.




:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do. If you decide to continue with the cleanup, please proceed with the following steps.


You have a zero access rootkit infection. I am reviewing your log. I will be back to you shortly.

Edited by godawgs, 31 July 2012 - 12:11 PM.

  • 0

#4
thamasta

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Thanks for your reply,

I'd rather not leave anything to risk, so I think I'll reformat and reinstall. Are there any steps I should take before I start besides copying any files? And what steps should I take once I reinstall to make sure this doesn't happen again?

Thanks for all your help.
  • 0

#5
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi thamasta,

We need to move OTL from your \Dowloads\AV folder to the desktop.

Please open Windows Explorer and go to the C:\Users\Ryan\Downloads\AV folder and find the OTL.exe file. Right click on it and click Copy.
Then close Windows Explorer and make sure you are on the desktop.
Right click on the desktop and click Paste. This will put OTL on the desktop.

Now go back to the \Downloads\AV folder and click on the OTL icon to open the program.
Click on the Posted Image button.
This will remove the OTL logs and OTL from the \Downloads\AV folder.

Your User Account Control has been turned off. This security feature in windows warns you when changes are about to be made to the system. The malware probably turned this off, but some users turn it off because they don't like the warnings. Please let me know if you want it on or off. I would recommend that you turn it on.

Let's see if we can kill the rootkit.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:OTL
MOD - [2012/07/30 21:11:54 | 000,427,008 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\wpldmg.dll
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B2699992-DAAC-11E1-8270-B8AC6F996F26}: C:\Users\Ryan\AppData\Local\{B2699992-DAAC-11E1-8270-B8AC6F996F26}\ [2012/07/30 21:11:56 | 000,000,000 | ---D | M]
O4:64bit: - HKLM..\Run: [nmlets] rundll32.exe "C:\Users\Ryan\AppData\Roaming\nmlets.dll",CenterDialog File not found
O4:64bit: - HKLM..\Run: [wpldmg] C:\Users\Ryan\AppData\Roaming\wpldmg.dll ()
O4 - HKCU..\Run: [wpldmg] C:\Users\Ryan\AppData\Roaming\wpldmg.dll ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
[2012/07/30 21:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCA90009B0B20000D3B3F875EF60
[2012/07/30 21:11:13 | 000,023,040 | ---- | C] () -- C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U\[email protected]
[2012/07/30 21:11:12 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U\[email protected]
[2012/07/30 21:11:12 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U\[email protected]
[2012/02/05 11:23:06 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\@
[2012/02/05 11:23:06 | 000,002,048 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\{f219850a-8862-2877-ba35-c2ee86f69397}\@
[2012/02/04 11:39:42 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe

:FILES
C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}
C:\Users\Ryan\AppData\Local\{f219850a-8862-2877-ba35-c2ee86f69397}
ipconfig /flushdns /c

:COMMANDS
[RESETHOSTS]
[REBOOT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to reenable your Anti-Virus


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-4.

Run RogueKiller

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-5.

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
HKCU\software\classes\clsid|{f219850a-8862-2877-ba35-c2ee86f69397} /rs
HKLM\software\classes\clsid|{f219850a-8862-2877-ba35-c2ee86f69397} /rs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console.<--Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section, click the radio button beside Use Safelist<--Very Important
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. Extras.txt will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-6.

Things For Your Next Post:
1. The OTL fixes log
2. The ComboFix log
3. The aswMBR log
4. The RKreport.txt log
5. The new OTL.txt log
6. The Extras.txt log
7. How is the computer running now?
  • 0

#6
thamasta

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Hello godawgs,

I didn't turn off the User Account Control but I have no problem with turning it on. When I open MBAM and click the protection tab, I have no options to disable at startup or anything similar. There's a button to start trial, and an advertisement to purchase MBAM. Should I just continue with the rest of the steps?
  • 0

#7
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yes, you don't have Malwarebytes real time protection running and you don't need it. I meant to remove that part of the instructions. Just ignore that part and do the rest. :)
  • 0

#8
thamasta

thamasta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Ok ran everything, here's the log files:

First OTL:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B2699992-DAAC-11E1-8270-B8AC6F996F26}: C:\Users\Ryan\AppData\Local\{B2699992-DAAC-11E1-8270-B8AC6F996F26}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nmlets not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wpldmg deleted successfully.
File C:\Users\Ryan\AppData\Roaming\wpldmg.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wpldmg not found.
File C:\Users\Ryan\AppData\Roaming\wpldmg.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.
Folder C:\ProgramData\7531CCA90009B0B20000D3B3F875EF60\ not found.
C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U\[email protected] moved successfully.
C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U\[email protected] moved successfully.
C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U\[email protected] moved successfully.
C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\@ moved successfully.
C:\Users\Ryan\AppData\Local\{f219850a-8862-2877-ba35-c2ee86f69397}\@ moved successfully.
C:\Windows\lwd.exe moved successfully.
========== FILES ==========
C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U folder moved successfully.
C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\L folder moved successfully.
Folder move failed. C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397} scheduled to be moved on reboot.
C:\Users\Ryan\AppData\Local\{f219850a-8862-2877-ba35-c2ee86f69397}\U folder moved successfully.
C:\Users\Ryan\AppData\Local\{f219850a-8862-2877-ba35-c2ee86f69397}\L folder moved successfully.
C:\Users\Ryan\AppData\Local\{f219850a-8862-2877-ba35-c2ee86f69397} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ryan\Desktop\cmd.bat deleted successfully.
C:\Users\Ryan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_181830

Files\Folders moved on Reboot...
C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397}\U folder moved successfully.
C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397} folder moved successfully.

PendingFileRenameOperations files...
File C:\Windows\Installer\{f219850a-8862-2877-ba35-c2ee86f69397} not found!

Registry entries deleted on Reboot...


ComboFix:

ComboFix 12-07-30.03 - Ryan 07/31/2012 18:26:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8086.6463 [GMT -4:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.dat
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 22:33 . 2012-07-31 22:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 22:33 . 2012-07-31 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 22:18 . 2012-07-31 22:18 -------- d-----w- C:\_OTL
2012-07-31 19:35 . 2012-07-31 19:35 -------- d-----w- c:\users\Ryan\AppData\Local\adaware
2012-07-31 19:35 . 2012-07-31 22:20 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-31 19:35 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-31 19:35 . 2012-07-31 19:38 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-07-31 19:35 . 2012-07-31 19:35 -------- d-----w- c:\programdata\Lavasoft
2012-07-31 19:35 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-07-31 19:35 . 2011-10-26 18:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-07-31 19:34 . 2012-07-31 19:50 -------- d-----w- c:\users\Ryan\AppData\Roaming\Ad-Aware Antivirus
2012-07-31 16:42 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95AE937F-5762-4DBD-BF69-D002E525ACE9}\gapaengine.dll
2012-07-31 01:14 . 2012-07-31 01:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-31 01:12 . 2012-07-31 02:19 -------- d-----w- c:\programdata\7531CCA90009B0B20000D3B3F875EF60
2012-07-31 01:11 . 2012-07-31 01:11 -------- d-----w- c:\users\Ryan\AppData\Local\{B2699992-DAAC-11E1-8270-B8AC6F996F26}
2012-07-31 00:53 . 2010-11-21 03:24 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2012-07-31 00:53 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32_backup_wti.dll
2012-07-31 00:53 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer_backup_wti.exe
2012-07-31 00:53 . 2010-11-21 03:24 898560 ----a-w- c:\windows\system32\OobeFldr_backup_wti.dll
2012-07-31 00:53 . 2010-11-21 03:24 1866240 ----a-w- c:\windows\system32\ExplorerFrame_backup_wti.dll
2012-07-31 00:53 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2012-07-31 00:53 . 2012-07-31 00:53 50536 ----a-w- c:\windows\UTP.exe
2012-07-30 14:11 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11188414-923A-44A6-BB70-AD0981C87D45}\mpengine.dll
2012-07-28 21:14 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-26 21:33 . 2012-07-26 21:34 -------- d-----w- c:\users\Ryan\AppData\Roaming\CDisplayEx
2012-07-26 21:32 . 2012-07-26 21:33 -------- d-----w- c:\program files (x86)\CDisplayEx
2012-07-23 20:14 . 2012-07-23 20:14 -------- d-----w- c:\program files\Oracle
2012-07-23 20:14 . 2012-05-04 22:33 268680 ----a-w- c:\windows\system32\javaws.exe
2012-07-23 20:14 . 2012-05-04 22:33 955800 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-23 20:13 . 2012-07-23 20:13 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-23 20:13 . 2012-07-23 20:13 188912 ----a-w- c:\windows\system32\java.exe
2012-07-23 01:41 . 2012-07-23 01:42 -------- d-----w- c:\users\Ryan\AppData\Roaming\TeraCopy
2012-07-23 01:41 . 2012-07-23 01:41 -------- d-----w- c:\program files\TeraCopy
2012-07-22 04:14 . 2012-07-22 04:14 -------- d-----w- c:\users\Ryan\AppData\Roaming\six-updater
2012-07-22 04:14 . 2012-07-22 04:14 -------- d-----w- c:\users\Ryan\AppData\Roaming\six-zsync
2012-07-22 04:13 . 2012-07-22 04:13 -------- d-----w- c:\program files (x86)\SIX Projects
2012-07-22 04:13 . 2012-07-31 19:34 -------- d-----w- c:\users\Ryan\AppData\Local\Downloaded Installations
2012-07-22 03:31 . 2012-07-31 14:31 -------- d-----w- c:\users\Ryan\AppData\Local\ArmA 2 OA
2012-07-22 03:19 . 2012-07-22 04:02 -------- d-----w- c:\users\Ryan\AppData\Local\ArmA 2
2012-07-18 17:41 . 2012-07-18 17:41 -------- d-----w- c:\users\Ryan\jagexcache1
2012-07-17 04:26 . 2012-07-17 04:26 -------- d-----w- c:\windows\SysWow64\xlive
2012-07-17 04:26 . 2012-07-17 04:26 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-07-11 16:48 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 17:55 . 2012-07-30 18:45 -------- d-----w- c:\users\Ryan\AppData\Roaming\.minecraft
2012-07-09 20:33 . 2012-07-09 20:36 -------- d-----w- c:\program files (x86)\ColorByNumbers
2012-07-09 20:18 . 2012-07-09 20:18 -------- d-----w- c:\users\Ryan\AppData\Local\Mumble
2012-07-09 13:38 . 2012-07-09 20:18 -------- d-----w- c:\users\Ryan\AppData\Roaming\Mumble
2012-07-09 13:38 . 2012-07-09 13:38 -------- d-----w- c:\program files (x86)\Mumble
2012-07-04 13:59 . 2012-02-11 17:19 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{322FDA89-F5C8-4977-A481-5FBCE832DFD4}\gapaengine.dll
2012-07-04 02:11 . 2012-07-04 02:12 -------- d-----w- c:\users\Ryan\Brushes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 00:53 . 2010-11-21 03:24 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2012-07-31 00:53 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2012-07-27 13:39 . 2012-04-16 12:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 13:39 . 2012-02-04 02:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 16:46 . 2012-02-07 20:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2012-02-04 21:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-26 23:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 23:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-26 23:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 23:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 23:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-26 23:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-26 23:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-26 23:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-26 23:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 17:24 . 2012-02-07 01:26 925184 ----a-w- c:\windows\expstart.exe
2012-05-15 10:48 . 2012-03-13 17:28 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-13 17:28 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-21 14:53 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-02-21 14:53 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-02-21 14:53 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-02-21 14:53 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-02-04 13:28 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-02-04 13:14 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-04 13:14 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-02-04 13:13 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2012-02-04 13:16 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-02-04 13:16 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-02-04 13:16 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-02-21 14:54 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-02-04 13:16 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-02-04 13:16 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 22:32 . 2012-02-04 14:47 839056 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 13:07 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 13:07 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 13:07 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-21 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-01-06 2342400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"D-Link D-Link DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirGCFG.exe" [2010-05-21 1024000]
"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe" [2010-04-21 122880]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-02-04 4942336]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2012-2-9 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\rohan_global\GameGuard\dump_wmimmc.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-02-04 31808]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [2010-05-05 1119072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 136176]
R4 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-06 15872]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-02-04 15936]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [2010-04-21 126976]
S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [2010-03-03 53248]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 RTL8192cu;Surf Wireless Micro USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-05-03 762472]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-07-07 66336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 13:39]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 14:41]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 14:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rebxovsq.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-31 18:39:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 22:39
.
Pre-Run: 232,168,402,944 bytes free
Post-Run: 233,577,197,568 bytes free
.
- - End Of File - - 5440710DF328FE22A02AAFB91F660845

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 18:44:23
-----------------------------
18:44:23.864 OS Version: Windows x64 6.1.7601 Service Pack 1
18:44:23.864 Number of processors: 4 586 0x2A07
18:44:23.865 ComputerName: BASE UserName: Ryan
18:44:24.900 Initialize success
18:45:15.912 AVAST engine defs: 12073102
18:45:21.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:45:21.529 Disk 0 Vendor: ST500DM002-1BD142 KC44 Size: 476940MB BusType: 3
18:45:21.559 Disk 0 MBR read successfully
18:45:21.561 Disk 0 MBR scan
18:45:21.586 Disk 0 Windows 7 default MBR code
18:45:21.608 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:45:21.614 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 456357 MB offset 206848
18:45:21.638 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20480 MB offset 934825984
18:45:21.682 Disk 0 scanning C:\Windows\system32\drivers
18:45:43.147 Service scanning
18:46:05.572 Modules scanning
18:46:05.576 Disk 0 trace - called modules:
18:46:05.590 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:46:05.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a27060]
18:46:05.596 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006985d10]
18:46:05.599 5 ACPI.sys[fffff88000e1a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007522060]
18:46:07.039 AVAST engine scan C:\Windows
18:46:12.529 AVAST engine scan C:\Windows\system32
18:50:31.787 AVAST engine scan C:\Windows\system32\drivers
18:50:48.794 AVAST engine scan C:\Users\Ryan
18:52:29.879 File: C:\Users\Ryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\52a1232b-3a22cdd8 **INFECTED** Win32:Jorik-LJ [Trj]
18:58:29.846 AVAST engine scan C:\ProgramData
19:00:28.347 Scan finished successfully
19:02:33.471 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
19:02:33.474 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"


RKreport:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Ryan [Admin rights]
Mode: Scan -- Date: 07/31/2012 19:04:03

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 8a5195614b9c29f0b416d856c8cb6799
[BSP] 93b3bcdd96d2b5530315290484292a9a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 456357 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 934825984 | Size: 20480 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


New OTL:

OTL logfile created on: 7/31/2012 7:07:12 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.94 Gb Available Physical Memory | 75.19% Memory free
15.79 Gb Paging File | 13.83 Gb Available in Paging File | 87.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.66 Gb Total Space | 217.49 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Drive H: | 20.00 Gb Total Space | 18.86 Gb Free Space | 94.30% Space Free | Partition Type: NTFS

Computer Name: BASE | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/31 18:16:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/07/12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/04 08:59:45 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/05/19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/21 12:18:50 | 001,024,000 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2010/04/21 10:56:32 | 000,126,976 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe
PRC - [2010/04/21 10:56:32 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2010/03/03 10:45:46 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 14:43:13 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/13 13:10:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 11:10:45 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 11:10:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 11:10:30 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/13 09:51:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 09:50:44 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 09:50:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 09:50:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 09:50:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/13 09:50:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/04 11:40:10 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2010/03/19 20:14:20 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/27 09:39:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/17 19:22:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/06/28 18:48:39 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/20 16:05:04 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/22 04:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/14 18:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/11/15 07:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010/04/21 10:56:32 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 10:45:46 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/04 09:12:31 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012/02/04 08:59:45 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/07 17:05:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2011/05/03 05:34:50 | 000,762,472 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/05 17:10:44 | 001,119,072 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 19:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/10/20 12:48:16 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/14 03:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 82 25 1F 1F 6F CD 01 [binary data]
IE - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=SPLEP1&pc=SPLH
IE - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\..\SearchScopes\{837BD38B-5FDC-4613-B698-A285C7C5E205}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\..\SearchScopes\{959612B8-2D1F-4596-8D1B-C4A56CF08563}: "URL" = http://search.yahoo....vm&type=PROTOSV
IE - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ca"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 19:22:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/24 13:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B2699992-DAAC-11E1-8270-B8AC6F996F26}: C:\Users\Ryan\AppData\Local\{B2699992-DAAC-11E1-8270-B8AC6F996F26}\ [2012/07/30 21:11:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 19:22:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/04 09:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2012/07/24 18:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rebxovsq.default\extensions
[2012/07/10 10:15:58 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rebxovsq.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/05/20 10:06:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\rebxovsq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/17 18:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/30 21:11:56 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\RYAN\APPDATA\LOCAL\{B2699992-DAAC-11E1-8270-B8AC6F996F26}
[2012/02/13 08:15:33 | 000,105,380 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\REBXOVSQ.DEFAULT\EXTENSIONS\[email protected]
[2012/06/02 11:32:24 | 000,013,684 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\REBXOVSQ.DEFAULT\EXTENSIONS\[email protected]
[2012/03/24 10:08:01 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\REBXOVSQ.DEFAULT\EXTENSIONS\[email protected]
[2012/07/17 19:22:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/17 18:04:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 18:04:59 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Google Drive = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: YouTube = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: openMarkers - Your favorite places on travel = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbddgbbhgiehapkemoldgekakllapanc\9.22_0\
CHR - Extension: Offline Google Mail = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.18_0\
CHR - Extension: Google Calendar = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: PanicButton = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.1_0\
CHR - Extension: AdBlock = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: Next Bus London = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\golhdmegajbopkkhfbjbilfecnjaobod\1.0.1_0\
CHR - Extension: Dropbox = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.2_0\
CHR - Extension: TouristEye Planner = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg\9_0\
CHR - Extension: Google Maps = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: Google Mail Checker = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Cloud9 = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp\1.9.8.2_0\
CHR - Extension: Gmail = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/31 18:34:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-1680603646-3140946140-1769244410-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1680603646-3140946140-1769244410-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1680603646-3140946140-1769244410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1680603646-3140946140-1769244410-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81112B0B-598F-4007-94A8-1EDD541D78C9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA13DC39-2F46-43E0-A763-9191B0242C1A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\appinit_dll.dll) - C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll) - C:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 19:03:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\RK_Quarantine
[2012/07/31 18:43:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2012/07/31 18:42:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/31 18:39:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/31 18:25:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/31 18:25:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/31 18:25:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/31 18:24:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/31 18:24:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/31 18:23:40 | 004,721,982 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2012/07/31 18:18:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/31 18:16:42 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2012/07/31 15:35:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\adaware
[2012/07/31 15:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/07/31 15:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/07/31 15:35:12 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/07/31 15:35:11 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/07/31 15:35:11 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/07/31 15:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/07/31 15:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/07/31 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Ad-Aware Antivirus
[2012/07/31 10:22:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{E16E65E8-9B09-41FC-87F9-A64E3ED11B4A}
[2012/07/31 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F9EFB7ED-676C-46E1-A768-39ECE0CF6C67}
[2012/07/31 09:16:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/31 09:16:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/31 09:16:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/31 09:16:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/31 09:16:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/31 09:16:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/31 09:16:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/31 09:16:29 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/31 09:16:29 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/31 09:16:29 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/31 09:16:29 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/31 09:16:29 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/31 09:16:29 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/31 09:16:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/31 09:16:29 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/31 09:16:29 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/31 09:16:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/31 09:16:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/31 09:16:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/31 09:16:29 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/31 09:16:29 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/31 09:16:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/31 09:16:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/31 09:16:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/31 09:16:29 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/31 09:16:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/31 09:16:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/31 09:16:29 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/31 09:16:29 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/31 09:16:29 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/31 09:16:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/31 09:16:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/31 09:16:29 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/31 09:16:29 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/31 09:16:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/31 09:16:29 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/31 09:16:29 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/31 09:16:29 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/31 09:16:29 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/31 09:16:29 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/31 09:16:29 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/31 09:16:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/31 09:16:29 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/31 09:16:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/31 09:16:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/31 09:16:29 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/31 09:16:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/07/31 09:16:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/31 09:16:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/31 09:16:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/31 09:16:29 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/31 09:16:29 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/31 09:16:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/31 09:16:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/31 09:16:29 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/07/31 09:16:29 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/31 09:16:29 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/31 09:16:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/31 09:16:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/31 09:16:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/31 09:16:29 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/31 09:16:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/31 09:16:29 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/31 09:16:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/31 09:16:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/31 09:16:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/31 09:16:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/31 09:16:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/31 09:16:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/31 09:16:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/31 09:16:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/31 09:16:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/30 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1B46F8DD-A511-417A-BFFA-B2D8ED7742E9}
[2012/07/30 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D67D2F30-37D0-4DEE-9C7B-97C624A24CA9}
[2012/07/30 21:14:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/30 21:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCA90009B0B20000D3B3F875EF60
[2012/07/30 21:11:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B2699992-DAAC-11E1-8270-B8AC6F996F26}
[2012/07/30 20:53:32 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll.backup
[2012/07/30 20:53:31 | 014,172,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shell32_backup_wti.dll
[2012/07/30 20:53:31 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_wti.exe
[2012/07/30 20:53:31 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame_backup_wti.dll
[2012/07/30 20:53:31 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr_backup_wti.dll
[2012/07/30 10:01:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{AC13AFA9-87DA-4CF6-995C-05E5CC93F8C4}
[2012/07/30 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9037FF64-4777-47CB-985C-60ED8C9B4D57}
[2012/07/29 18:00:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{71BA19E3-5CE0-422B-92CB-4F9274E2B51B}
[2012/07/29 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{02B10E39-78E6-406D-A3DC-648D8F3C8F15}
[2012/07/29 06:00:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{88FB72DE-D12D-470B-8FF2-DDD6EB368B4F}
[2012/07/29 06:00:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C93CD714-88D0-4B87-AA11-9590177484C9}
[2012/07/28 10:41:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C65419F3-05A9-42C7-AC0C-6DAB4B98AFC0}
[2012/07/28 10:40:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{605274DE-BAE0-47A7-8271-84B4980BCCC1}
[2012/07/27 22:13:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{2CF698CE-D748-4954-B1CA-CBF7DCD63900}
[2012/07/27 22:13:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C818DF18-A44F-47C4-B0C3-5EEC0358C2B2}
[2012/07/27 10:12:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8C889F9F-3B16-449B-842C-552995D5D9F9}
[2012/07/27 10:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F318133F-C642-4812-AE97-457AB96A827E}
[2012/07/26 23:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/26 23:13:51 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/26 23:13:51 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/26 23:13:51 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/26 23:13:51 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/07/26 23:13:51 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/26 23:13:51 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/07/26 23:13:51 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/26 23:13:51 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/26 23:13:51 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/26 23:13:51 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/26 23:13:51 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/26 23:13:51 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/26 23:13:51 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/07/26 23:13:51 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/07/26 23:13:51 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/07/26 23:13:51 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/07/26 23:13:51 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/07/26 23:13:51 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/07/26 22:11:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EFF9E262-E3B4-4360-9E18-AC97A94A53D7}
[2012/07/26 22:11:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{FA4C10C0-9611-455F-AFB7-295A03AFB8D7}
[2012/07/26 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\CDisplayEx
[2012/07/26 17:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
[2012/07/26 17:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplayEx
[2012/07/26 09:59:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{ED779B69-6323-4DD2-9B75-A5413D505FAE}
[2012/07/26 09:59:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{A53CBDB8-A139-45B0-B2D1-0DF6531890A5}
[2012/07/25 21:58:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{07EBBAF6-7780-4946-9CF6-E1F52F582844}
[2012/07/25 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{FC9F4940-55F2-4F87-B742-2EE0644162CB}
[2012/07/25 09:58:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{E74F8A42-3647-41BA-ADAE-53344F1E792A}
[2012/07/24 21:57:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{54F7BA74-DA55-4698-A204-775B737F8A7E}
[2012/07/24 21:57:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{12CB7A02-00E3-428C-BBF7-5F23F3DB7EF4}
[2012/07/24 09:57:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{E1A9063F-4B66-4D5C-BA96-3ECA7638D4D2}
[2012/07/24 09:57:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9F2BF2A7-74DE-4F5F-8967-2C6FA7B1E27B}
[2012/07/23 21:55:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{ABFE9EEB-1976-4C23-B100-D60B7695CF45}
[2012/07/23 21:55:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D8C747DB-633B-43F5-B3A7-9E84EE12ACE6}
[2012/07/23 16:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/23 16:14:05 | 000,955,800 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/23 16:14:05 | 000,268,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/23 16:13:59 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/23 16:13:59 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/23 09:55:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{BF278ECE-2F91-4DA1-8AC3-573B7B9929A5}
[2012/07/23 09:55:01 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F78A6EDB-59B3-4977-B7A0-E0118B9EEE32}
[2012/07/22 21:54:35 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3E65BBE5-1B43-4AB2-8D99-87193183B636}
[2012/07/22 21:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{7570151F-94A9-4037-9692-7B88F6DE1834}
[2012/07/22 21:41:36 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\TeraCopy
[2012/07/22 21:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2012/07/22 21:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2012/07/22 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C68EEDA0-F436-4BF4-8158-BEA7A69EE9A8}
[2012/07/22 09:53:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{38BD93F6-0BCD-4E13-A3A8-288CA2D39876}
[2012/07/22 00:14:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\six-zsync
[2012/07/22 00:14:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\six-updater
[2012/07/22 00:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
[2012/07/22 00:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects
[2012/07/22 00:13:35 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Downloaded Installations
[2012/07/21 23:31:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ArmA 2 OA
[2012/07/21 23:19:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\ArmA 2
[2012/07/21 23:19:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ArmA 2
[2012/07/21 23:19:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/07/21 23:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/07/21 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8C46EB01-2BA4-4849-84E2-D15FC42C8677}
[2012/07/21 21:03:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B76B920E-4D54-471C-A096-48673CE7C7DB}
[2012/07/21 09:02:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{70546CF0-1BB9-4021-82E3-2A63B888EBC3}
[2012/07/21 09:02:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{574C802D-C8E9-4970-A91F-0A6A0BF5D972}
[2012/07/20 10:48:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CF6784CE-52C5-4EB8-80CE-900861C0C477}
[2012/07/20 10:48:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{E32B659C-6295-4DCB-82A2-033271BBA585}
[2012/07/19 22:47:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{91B835B3-DBFF-4DA3-8963-A762D52E6B49}
[2012/07/19 22:47:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3C5C5401-B936-4A35-9F92-2B89BFDB73F6}
[2012/07/19 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8B46428E-B498-44A0-8DE0-7C17B839F104}
[2012/07/19 10:46:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{2A45902C-EE29-4265-AAF6-53F6BFE38D32}
[2012/07/18 19:45:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1962AF30-B058-4769-AF33-35703A862F69}
[2012/07/18 19:45:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{07056F89-3333-4A2A-BE3C-79E3A172EEFB}
[2012/07/18 13:41:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan\jagexcache1
[2012/07/18 07:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5D4F8FA3-7A17-49A5-BC47-23CC2D458199}
[2012/07/18 07:44:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{40D897B3-9C58-414C-8D77-E00D55C5E7A4}
[2012/07/17 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{23D8DE6D-8D7F-4B84-AE90-CDB801661997}
[2012/07/17 10:51:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EC0BED7D-4FE7-40BE-96DA-AF91099766B5}
[2012/07/17 00:32:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Games for Windows - LIVE Demos
[2012/07/17 00:26:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012/07/17 00:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/07/17 00:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012/07/16 09:13:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D3C5B86A-3DF6-48DE-9CAB-D95E27BA383E}
[2012/07/16 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5B78CDD1-6070-49A6-AA9F-67277E0E16DF}
[2012/07/15 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{F1E3E33F-652D-4866-8CBC-700155E2B8C6}
[2012/07/15 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{411B685E-D981-4984-973A-3B5CBAAECCDD}
[2012/07/15 01:05:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{179CF9FD-EE8F-4AC2-8DA3-78F7F2C0176B}
[2012/07/15 01:05:05 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6FB4F63C-5E7B-4312-B79D-238425173FCA}
[2012/07/14 10:57:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{55B37D45-DA3A-459C-B1E2-5B12DB943AC5}
[2012/07/14 10:57:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{7BE9B499-81A4-4EE5-B0A9-20EB015167EE}
[2012/07/13 22:35:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{AA50A3F7-B5FE-4B73-B724-F927C46C43FA}
[2012/07/13 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5AFA456E-F7A0-4706-B2A8-CF1C1B938A37}
[2012/07/13 10:35:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{38173A93-6F8A-440A-B3DD-74211BC026E7}
[2012/07/13 10:34:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D01101D5-AE41-4232-AC03-54404998731E}
[2012/07/12 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5B6039F3-E3E5-4712-8DD1-442360D84821}
[2012/07/12 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EC02F229-1D0D-416C-8520-F8F9CE98A768}
[2012/07/12 10:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{72188C0D-5C15-4BDC-8F7E-EBD43E2F4AAB}
[2012/07/12 10:33:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{324E2294-F022-4FA7-8767-ABB416EAC599}
[2012/07/11 10:20:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C6177513-A865-4EE8-8E1F-D10373375976}
[2012/07/11 10:20:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{DAC2AC26-B0C0-4CA4-97C8-EBF7BA11C8E0}
[2012/07/11 09:35:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 09:35:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 09:35:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 09:35:03 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 09:35:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 22:20:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{76F095A9-8E8E-4680-9B7B-358701306AC3}
[2012/07/10 22:19:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D30273E4-6D01-45F7-90A4-291C509B434B}
[2012/07/10 13:59:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Cracked
[2012/07/10 13:55:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\.minecraft
[2012/07/10 10:19:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{BAA225EE-1C4B-45FE-860D-2E1C71248FFA}
[2012/07/10 10:19:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{348D31A8-FBF7-4EA8-9E99-14C0A913E35A}
[2012/07/09 22:18:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{451B73A5-C24C-4A80-B62A-1E481C7C4692}
[2012/07/09 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{FE68207A-6595-4C0D-A4EA-1E54DDA761C2}
[2012/07/09 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ColorByNumbers
[2012/07/09 16:18:35 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Mumble
[2012/07/09 10:18:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6F18EB51-F546-439B-BA2F-32B9027E1AF2}
[2012/07/09 10:18:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{EC80465C-246B-4CF3-999F-218363CAF813}
[2012/07/09 09:38:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Mumble
[2012/07/09 09:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/07/09 09:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012/07/08 23:36:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Hailstone
[2012/07/08 22:17:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{2968FCBB-5FCE-4FF0-A588-0DF32A7CEAFA}
[2012/07/08 22:17:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{96304B49-8E13-47CF-BFA9-9E8052698984}
[2012/07/08 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{A4509E7B-9F1F-48E5-BE1C-517F9E79CC4A}
[2012/07/08 10:16:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{91D31A9B-C1A0-47DD-A6A7-305D8AF14D16}
[2012/07/07 22:16:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{13BE2675-1F81-4F9C-A0DD-71F531193FAF}
[2012/07/07 22:16:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{DBC5DB42-414A-44DD-9BE5-4F4F04B54EB0}
[2012/07/07 10:16:01 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{37A24519-4D8A-4648-A454-F75C93252A6A}
[2012/07/07 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{54B421B4-C463-4E34-9A8A-6D9F57A86696}
[2012/07/06 09:51:53 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{D4FD3BEE-8D08-44A8-858B-4B038D9CFF2B}
[2012/07/06 09:51:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8169B098-60FD-4B8E-8297-AA9E25DBB549}
[2012/07/05 21:51:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{30D96C6F-2E18-48C4-BAB1-9E615EDA43F8}
[2012/07/05 21:51:05 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9319AA27-75A1-4986-82A1-E0D79836BE8A}
[2012/07/05 09:50:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{102707DD-E360-4592-B455-EA155CEA61C7}
[2012/07/05 09:50:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{B8C656B6-A612-46AC-BA4A-B3DE155F5903}
[2012/07/05 08:37:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\RS
[2012/07/04 21:50:01 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{A82FB583-38A7-4FEC-B16E-0376927D9C7F}
[2012/07/04 21:49:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{06019A94-3E04-4B19-8296-6FF25E966569}
[2012/07/04 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2012/07/04 09:49:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{3418677D-B93F-4BB8-B107-BA4FDA5C7763}
[2012/07/04 09:49:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{C01E3068-1D8D-48E8-8C7A-98905EB4B27D}
[2012/07/03 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Brushes
[2012/07/03 21:31:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6F8501A9-B888-4F71-B51D-6A1B820C4455}
[2012/07/03 21:31:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{5BB606C6-2BB4-4DC4-A578-96639B3BB2F4}
[2012/07/03 09:30:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{1583DB06-CADE-4DCE-803C-130AB0CA971A}
[2012/07/03 09:30:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9A5A7C9A-04AA-4CAF-A44D-71AAFE01CF05}
[2012/07/02 21:29:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{DC8D3FF2-EC4A-4239-B77F-EF81804E5936}
[2012/07/02 21:29:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{DE777B58-E8B3-4C89-A0C4-DFC2F36A48DA}
[2012/07/02 06:54:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{6D0F287E-D9EC-4778-B705-26FAC3696183}
[2012/07/02 06:54:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{CB6AB049-562E-4094-8902-0F976E86DFB4}
[2012/05/23 15:36:22 | 002,748,928 | ---- | C] (door2windows) -- C:\Users\Ryan\Windows 7 Start Orb Changer.exe

========== Files - Modified Within 30 Days ==========

[2012/07/31 19:02:53 | 001,552,384 | ---- | M] () -- C:\Users\Ryan\Desktop\RogueKiller.exe
[2012/07/31 19:02:33 | 000,000,512 | ---- | M] () -- C:\Users\Ryan\Desktop\MBR.dat
[2012/07/31 18:47:53 | 000,729,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/31 18:47:53 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/31 18:47:53 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/31 18:44:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2012/07/31 18:42:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 18:41:56 | 2064,060,415 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/31 18:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 18:34:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/31 18:23:51 | 004,721,982 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2012/07/31 18:20:29 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2012/07/31 18:16:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2012/07/31 12:36:42 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 12:36:42 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 09:19:30 | 000,001,140 | ---- | M] () -- C:\Users\Ryan\Desktop\Activate Splashtop Connect.lnk
[2012/07/31 09:19:02 | 000,001,441 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/31 09:16:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/31 09:16:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/31 09:16:29 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/31 09:16:29 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/31 09:16:29 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/31 09:16:29 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/31 09:16:29 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/31 09:16:29 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/31 09:16:29 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/31 09:16:29 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/31 09:16:29 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/31 09:16:29 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/31 09:16:29 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/31 09:16:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/31 09:16:29 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/31 09:16:29 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/31 09:16:29 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/31 09:16:29 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/31 09:16:29 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/31 09:16:29 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/31 09:16:29 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/31 09:16:29 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/31 09:16:29 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/31 09:16:29 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/31 09:16:29 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/31 09:16:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/31 09:16:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/31 09:16:29 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/31 09:16:29 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/31 09:16:29 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/31 09:16:29 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/31 09:16:29 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/31 09:16:29 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/31 09:16:29 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/31 09:16:29 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/31 09:16:29 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/31 09:16:29 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/31 09:16:29 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/31 09:16:29 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/31 09:16:29 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/31 09:16:29 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/31 09:16:29 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/31 09:16:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/31 09:16:29 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/31 09:16:29 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/31 09:16:29 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/31 09:16:29 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/07/31 09:16:29 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/31 09:16:29 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/31 09:16:29 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/31 09:16:29 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/31 09:16:29 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/31 09:16:29 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/31 09:16:29 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/31 09:16:29 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/07/31 09:16:29 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/31 09:16:29 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/31 09:16:29 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/31 09:16:29 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/31 09:16:29 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/31 09:16:29 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/31 09:16:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/31 09:16:29 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/31 09:16:29 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/31 09:16:29 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/31 09:16:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/31 09:16:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/31 09:16:29 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/31 09:16:29 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/31 09:16:29 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/31 09:16:29 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/31 09:16:29 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/31 09:16:29 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/31 09:16:29 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/30 20:55:32 | 004,988,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/30 20:53:32 | 002,755,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2012/07/30 20:53:30 | 000,050,536 | ---- | M] () -- C:\Windows\UTP.exe
[2012/07/30 17:21:53 | 000,000,043 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE.dat
[2012/07/28 02:03:08 | 000,000,024 | ---- | M] () -- C:\Users\Ryan\random.dat
[2012/07/28 02:01:46 | 000,000,044 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE1.dat
[2012/07/27 09:39:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 09:39:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/24 18:49:02 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012/07/24 18:49:02 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012/07/23 16:13:56 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/23 16:13:56 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/23 00:09:34 | 000,000,024 | ---- | M] () -- C:\Users\Ryan\jagexappletviewer.preferences
[2012/07/16 13:49:37 | 000,000,048 | ---- | M] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE_BETA.dat
[2012/07/10 13:59:12 | 000,000,985 | ---- | M] () -- C:\Users\Ryan\Desktop\Start Minecraft Cracked.lnk
[2012/07/09 09:38:42 | 000,002,378 | ---- | M] () -- C:\Users\Ryan\Documents\MumbleAutomaticCertificateBackup.p12
[2012/07/09 09:38:13 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/07/06 10:24:10 | 000,000,132 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/04 17:20:23 | 000,002,050 | ---- | M] () -- C:\Users\Ryan\Desktop\RuneScape.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/31 19:02:53 | 001,552,384 | ---- | C] () -- C:\Users\Ryan\Desktop\RogueKiller.exe
[2012/07/31 19:02:33 | 000,000,512 | ---- | C] () -- C:\Users\Ryan\Desktop\MBR.dat
[2012/07/31 18:25:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/31 18:25:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/31 18:25:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/31 18:25:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/31 18:25:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/31 12:41:31 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/31 09:19:30 | 000,001,140 | ---- | C] () -- C:\Users\Ryan\Desktop\Activate Splashtop Connect.lnk
[2012/07/31 09:19:02 | 000,001,413 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/07/31 09:19:00 | 000,001,447 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/31 09:19:00 | 000,001,441 | ---- | C] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/31 09:16:29 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/31 09:16:29 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/30 20:53:30 | 000,050,536 | ---- | C] () -- C:\Windows\UTP.exe
[2012/07/22 00:13:51 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012/07/22 00:13:51 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012/07/18 13:41:57 | 000,000,044 | ---- | C] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE1.dat
[2012/07/16 13:49:37 | 000,000,048 | ---- | C] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE_BETA.dat
[2012/07/10 13:59:12 | 000,000,985 | ---- | C] () -- C:\Users\Ryan\Desktop\Start Minecraft Cracked.lnk
[2012/07/09 09:38:42 | 000,002,378 | ---- | C] () -- C:\Users\Ryan\Documents\MumbleAutomaticCertificateBackup.p12
[2012/07/09 09:38:13 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/07/04 17:20:40 | 000,000,024 | ---- | C] () -- C:\Users\Ryan\jagexappletviewer.preferences
[2012/07/04 17:20:23 | 000,002,080 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2012/07/04 17:20:23 | 000,002,050 | ---- | C] () -- C:\Users\Ryan\Desktop\RuneScape.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/13 14:03:46 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/04 09:05:05 | 000,000,024 | ---- | C] () -- C:\Users\Ryan\random.dat
[2012/03/04 09:05:04 | 000,000,043 | ---- | C] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE.dat
[2012/03/03 17:54:12 | 000,000,600 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\winscp.rnd
[2012/02/12 10:30:47 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/02/11 20:11:32 | 000,005,464 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/02/11 20:11:30 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2012/02/11 20:11:30 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2012/02/11 20:11:30 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2012/02/11 20:11:30 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2012/02/11 20:11:30 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll
[2012/02/11 20:11:30 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2012/02/11 20:11:30 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2012/02/11 20:11:30 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2012/02/11 20:11:30 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2012/02/11 20:11:30 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2012/02/11 20:11:30 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2012/02/11 20:11:30 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2012/02/11 20:11:30 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2012/02/11 20:11:30 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2012/02/11 20:11:30 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2012/02/11 20:11:30 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012/02/06 21:26:26 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012/02/04 11:43:24 | 000,003,284 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\ANIWZCS{AA13DC39-2F46-43E0-A763-9191B0242C1A}
[2012/02/04 11:40:30 | 000,000,258 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\ANICONFIG_{AA13DC39-2F46-43E0-A763-9191B0242C1A}.ini
[2012/02/04 10:10:12 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/04 09:02:21 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/02/04 09:02:21 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/02/04 09:02:21 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/02/04 09:02:19 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/02/04 09:02:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/02/04 08:59:55 | 000,000,003 | ---- | C] () -- C:\Users\Ryan\AppData\Local\user_data.ini
[2012/02/04 08:54:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/04 08:54:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/12/05 07:16:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2011/12/05 06:39:12 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\W7SOC\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/08/19 12:23:22 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=55AB5FAFDEFE49C50B3D6ED4D2C6833A -- C:\Windows\Resources\Themes\Frost2\System files\x64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/08/19 12:26:42 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=DC9E4DBEAB7715ACE7E99ED2E34F98F2 -- C:\Windows\Resources\Themes\Frost2\System files\x86\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\Services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\Services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.EXE.VIR >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir

< MD5 for: SERVICES.H >
[2007/05/08 14:49:48 | 000,002,610 | ---- | M] () MD5=F133C41C9B530B27576BBE7F47E8F32C -- C:\Program Files (x86)\Microchip\MpAM\Modules\DNetG2S\Services.h

< MD5 for: SERVICES.JAR >
[2011/02/18 14:45:48 | 000,142,343 | ---- | M] () MD5=ADCFB617234DA35622F7DB0BD61ADAE7 -- C:\Program Files\MATLAB\R2011a\java\jar\services.jar

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PMMSG >
[2011/02/02 15:27:28 | 000,001,020 | ---- | M] () MD5=2999F9A278617962494A7BABF81DC519 -- C:\Program Files\MATLAB\R2011a\toolbox\physmod\foundation\foundation\services.pmmsg

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SETTINGS >
[2012/02/17 07:29:01 | 000,001,622 | ---- | M] () MD5=36F72485C04D6C73C4926FD9112339C1 -- C:\Users\Ryan\.netbeans\7.0\config\Windows2Local\Components\services.settings

< MD5 for: SERVICES.TICO >
[2009/09/25 15:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files (x86)\TuneUp Utilities 2012\data\services.tico

< MD5 for: SERVICES.WSTCGRP >
[2012/07/08 23:49:11 | 000,000,224 | ---- | M] () MD5=4C0234F9B3F49A3484CE64025050D7A7 -- C:\Users\Ryan\.netbeans\7.0\config\Windows2Local\Groups\InitialLayout\services.wstcgrp
[2012/07/08 23:49:11 | 000,000,226 | ---- | M] () MD5=8A7F9D7C8DD6075F38DDD86A0EB5ECEC -- C:\Users\Ryan\.netbeans\7.0\config\Windows2Local\Groups\OpenedProjects\services.wstcgrp

< MD5 for: SERVICES.WSTCREF >
[2012/07/08 23:49:11 | 000,000,130 | ---- | M] () MD5=D4E9F44548BA49C5B68B5578D70F9758 -- C:\Users\Ryan\.netbeans\7.0\config\Windows2Local\Modes\explorer\services.wstcref

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< HKCU\software\classes\clsid|{f219850a-8862-2877-ba35-c2ee86f69397} /rs >

< HKLM\software\classes\clsid|{f219850a-8862-2877-ba35-c2ee86f69397} /rs >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{359FA074-96C3-4033-A747-7BF253671E47}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{81112B0B-598F-4007-94A8-1EDD541D78C9}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AA13DC39-2F46-43E0-A763-9191B0242C1A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 04 01 00 01 01 01 08 01 05 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/17 19:21:57 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/17 19:21:57 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/17 19:21:57 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/17 19:22:03 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/17 19:22:03 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/17 19:22:03 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/07/31 09:16:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/07/31 09:16:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/07/31 09:16:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/07/31 09:16:29 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/07/31 09:16:29 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/17 19:21:57 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/17 19:21:57 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/17 19:21:57 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/17 19:22:03 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/17 19:22:03 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/17 19:22:03 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/07/31 09:16:29 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/07/31 09:16:29 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/07/31 09:16:29 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/07/31 09:16:29 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/07/31 09:16:29 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST500DM002-1BD142 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 446.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 20.00GB
Starting Offset: 478630903808
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: BASE
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 E DVD-ROM 0 B No Media
Volume 2 System Rese NTFS Partition 100 MB Healthy System
Volume 3 C NTFS Partition 445 GB Healthy Boot
Volume 4 H Windows 8 NTFS Partition 20 GB Healthy

< End of report >

Extras:

OTL Extras logfile created on: 7/31/2012 7:07:12 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.94 Gb Available Physical Memory | 75.19% Memory free
15.79 Gb Paging File | 13.83 Gb Available in Paging File | 87.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.66 Gb Total Space | 217.49 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Drive H: | 20.00 Gb Total Space | 18.86 Gb Free Space | 94.30% Space Free | Partition Type: NTFS

Computer Name: BASE | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1680603646-3140946140-1769244410-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{167749EE-ECB5-4AA0-BCF9-E1685579CCFC}C:\users\ryan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ryan\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{68D8C0E0-1D23-42D4-BE99-F60806A0DA7B}C:\users\ryan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ryan\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"MatlabR2011a" = MATLAB R2011a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"nbi-glassfish-mod-3.1.1.12.0" = GlassFish Server Open Source Edition 3.1.1
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"TeraCopy_is1" = TeraCopy 2.27
"VIRTU_is1" = VIRTU 1.2.104
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AA228E2-BA2C-3E62-9A5D-A6CDC1C10C74}" = Google Chrome
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.9
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2222706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 SDK
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{32A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57E3E699-29C7-44F0-B487-7D6162E2A5BF}" = RohanOnline
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin F7D1102 Surf Wireless Micro USB Adapter
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED67196F-C801-42E4-8D0D-B41CE8174DBC}" = MPLAB Tools v8.83
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}" = Splashtop Connect IE
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.110
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"BattlEye for OA" = BattlEye for OA Uninstall
"CDisplayEx_is1" = CDisplayEx 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Digital Editions" = Adobe Digital Editions
"InstallShield_{ED67196F-C801-42E4-8D0D-B41CE8174DBC}" = MPLAB Tools v8.83
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Minecraft Cracked" = Minecraft Cracked
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPLAB C for PIC24 MCUs and-or dsPIC DSCs v3.31" = MPLAB C for PIC24 MCUs and-or dsPIC DSCs
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PSpice Student" = PSpice Student 9.1
"Rainlendar2" = Rainlendar2 (remove only)
"Rainmeter" = Rainmeter
"Realterm" = Realterm 2.0.0.57
"Rohan_RBF" = RohanOnline
"RollerCoaster Tycoon 2 Triple Thrill Pack_is1" = RollerCoaster Tycoon 2 Triple Thrill Pack
"ShiftWindow_is1" = ShiftWindow 1.02
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 33970" = ARMA 2: Operation Arrowhead Demo
"Steam App 45770" = Dead Rising 2: Off the Record
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinISO_is1" = WinISO 5.3
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.7
"XFastUsb" = XFastUsb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1680603646-3140946140-1769244410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2012 3:31:28 PM | Computer Name = Base | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 3:39:21 PM | Computer Name = Base | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 3:53:12 PM | Computer Name = Base | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 4:47:01 PM | Computer Name = Base | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 4:52:56 PM | Computer Name = Base | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 5:38:10 PM | Computer Name = Base | Source = System Restore | ID = 8193
Description =

Error - 7/31/2012 6:16:16 PM | Computer Name = Base | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 6:21:38 PM | Computer Name = Base | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 6:35:59 PM | Computer Name = Base | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 6:43:49 PM | Computer Name = Base | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/31/2012 11:06:16 PM | Computer Name = Base | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 5/31/2012 11:06:16 PM | Computer Name = Base | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 6/1/2012 10:15:14 AM | Computer Name = Base | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 6/1/2012 10:15:14 AM | Computer Name = Base | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 6/2/2012 9:22:28 AM | Computer Name = Base | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 6/2/2012 9:22:28 AM | Computer Name = Base | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 6/2/2012 4:16:22 PM | Computer Name = Base | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 6/2/2012 4:16:22 PM | Computer Name = Base | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 6/2/2012 8:07:57 PM | Computer Name = Base | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 6/2/2012 8:07:57 PM | Computer Name = Base | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >




Microsoft Security Essentials still says that it isn't monitoring the PC, and when I click start now, I get an error saying "Couldn't start the Security Essentials service. The specified service does not exist as an installed service."
  • 0

#9
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

The zero access rootkit has been kilt. :) There were a couple of things that OTL didn't get, not related to the rootkit, so we will try to remove them again.
The User Account Control should be turned back on.
After this run see if the problem with MSSE still remains.

There is a lot to do here so it might be helpful to print this out before beginning.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:FILES
C:\Users\Ryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\52a1232b-3a22cdd8 
C:\ProgramData\7531CCA90009B0B20000D3B3F875EF60

:REG
[HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions]
"{B2699992-DAAC-11E1-8270-B8AC6F996F26}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = DWORD:0
"FirewallOverride" = DWORD:0

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted ImageMalwarebytes' Anti-Malware

  • Open MalwareBytes. You will be at the main program as shown below.

    Posted Image
  • Click the Updates tab and update the program.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<--Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-3.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-4.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step-5.

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\libusb0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dump_wmimmc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npggsvc

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.


Step-6.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step-7.

Things For Your Next Post:
1. The OTL fixes log
2. The MalwareBytes log
3. The ESET On-line scan log
4. The Checkup.txt log
5. The new OTL.txt log
6. The FSS.txt log
7. Is MSSE working now?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP