Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect and pop ups [Closed]


  • This topic is locked This topic is locked

#1
tstumo

tstumo

    Member

  • Member
  • PipPip
  • 23 posts
Hey everyone. I've been trying to search in google and have been getting redirected to other pages. And also random pop ups come on the screen. A new window of Mozilla firefox opens up with 150 tabs opening as well and I have to constantly close them. I followed the steps to try and remove the virus using steps from here regarding the issue but the problem still persists. I currently have Trend Micro titanium antivirus and I have done a scan and its removed a few threats. I would really love a solution and to remove this virus completely. So scared to lose my laptop so soon.

Here's my OTL file. I hope I'm doing this correctly. Thank you guys so much

OTL logfile created on: 8/2/2012 10:13:42 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Aaron\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.64 Gb Available Physical Memory | 66.41% Memory free
10.96 Gb Paging File | 8.70 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 570.42 Gb Total Space | 435.36 Gb Free Space | 76.32% Space Free | Partition Type: NTFS
Drive D: | 21.58 Gb Total Space | 2.32 Gb Free Space | 10.77% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32
Drive F: | 269.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AARON-HP | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 22:13:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.scr
PRC - [2012/07/28 00:07:25 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/22 19:59:36 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/04/25 16:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/07 20:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/28 16:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/08/26 15:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/08/26 04:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 04:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 04:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/01 15:04:30 | 000,160,256 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Adobe\sp.DLL
MOD - [2012/07/28 00:07:25 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/22 19:59:36 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/05/09 14:01:50 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 14:01:42 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/03 14:34:10 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/09/28 19:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/28 07:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/02 06:11:26 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 12:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/08/02 21:59:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 23:06:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/25 16:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/26 04:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/06/28 18:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/27 16:26:11 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/25 10:26:34 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/09 11:36:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/09 11:36:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/28 19:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 18:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/11 00:53:47 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/08/11 00:53:47 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/08/11 00:53:47 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/08/02 13:33:16 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/07/18 17:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/07/16 05:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/07/16 05:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/06/09 19:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/02 06:11:26 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/30 17:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 12:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 12:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/04/16 03:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 03:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/17 09:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 10:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{008F6831-ECBA-4246-911D-F1DF440F0458}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{008F6831-ECBA-4246-911D-F1DF440F0458}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{008F6831-ECBA-4246-911D-F1DF440F0458}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/22 11:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/08/02 16:41:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/08/02 16:42:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 00:07:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 11:40:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 00:07:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 11:40:44 | 000,000,000 | ---D | M]

[2012/03/20 21:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions
[2012/07/21 18:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/15 00:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/07/21 18:52:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
[2012/07/22 11:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\osqrsy1v.default\extensions
[2012/06/17 17:19:36 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\osqrsy1v.default\extensions\[email protected]
[2012/07/15 00:36:46 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\osqrsy1v.default\extensions\[email protected]
[2012/03/21 10:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/21 10:08:05 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/08/02 16:41:12 | 000,000,000 | ---D | M] (Trend Micro BEP Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.1.1102\7.1.1102\FIREFOXEXTENSION
[2012/07/22 11:31:02 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\AARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSQRSY1V.DEFAULT\EXTENSIONS\[email protected]
[1832/11/28 21:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\AARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSQRSY1V.DEFAULT\EXTENSIONS\[email protected]
[2012/07/28 00:07:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/28 00:07:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/28 00:07:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/02 16:10:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Apple Computer] C:\Users\Aaron\AppData\Local\CrashDumps\Apple Computer\bbuyfhcof.dll (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [sp] C:\Users\Aaron\AppData\Roaming\Adobe\sp.DLL ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Symantec] C:\Users\Aaron\AppData\Local\Symantec\whgpxtwf.dll (Creative Technology Ltd)
O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FFB5237-8642-42B3-9D7E-6AE210979A6E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/31 19:38:13 | 000,880,432 | R--- | M] (Trend Micro Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/06/15 03:07:38 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5c565232-7378-11e1-8617-082e5f955586}\Shell - "" = AutoRun
O33 - MountPoints2\{5c565232-7378-11e1-8617-082e5f955586}\Shell\AutoRun\command - "" = G:\launcher.exe
O33 - MountPoints2\{c95e1bd6-7255-11e1-b111-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c95e1bd6-7255-11e1-b111-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2011/08/31 19:38:13 | 000,880,432 | R--- | M] (Trend Micro Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 22:13:29 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.scr
[2012/08/02 16:41:20 | 000,000,000 | ---D | C] -- C:\temp
[2012/08/02 16:37:39 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2012
[2012/08/02 16:32:15 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2012/08/02 16:32:13 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/08/02 16:32:13 | 000,091,920 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2012/08/02 16:32:13 | 000,070,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2012/08/02 16:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/08/02 16:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/08/02 16:20:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\tdss
[2012/08/02 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\GooredFix Backups
[2012/08/02 16:17:54 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Aaron\Desktop\GooredFix.exe
[2012/08/02 16:10:29 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/02 16:09:29 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTM.exe
[2012/08/02 16:09:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/02 16:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/02 16:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/02 16:08:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Aaron\Desktop\erunt-setup.exe
[2012/08/02 16:06:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\registry backup
[2012/08/02 16:05:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\erunt
[2012/08/01 20:05:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/31 20:54:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Symantec
[2012/07/30 21:46:30 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{66EB9E1B-D822-4285-856C-6ACD90D1DCDE}
[2012/07/27 23:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/07/27 23:27:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\Telltale Games
[2012/07/27 23:15:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Phx_data
[2012/07/27 23:15:30 | 006,801,763 | ---- | C] ($[email protected]!c_V()!D) -- C:\Users\Aaron\Desktop\Phoenix.exe
[2012/07/27 23:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/27 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/27 22:55:53 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\wd
[2012/07/27 22:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telltale Games
[2012/07/27 22:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Walking Dead
[2012/07/27 17:21:43 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Super.Street.Fighter.IV.Arcade.Edition.Update.1-SKIDROW
[2012/07/27 16:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Street Fighter IV Arcade Edition
[2012/07/27 16:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black_Box
[2012/07/27 16:28:46 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/07/27 16:28:46 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/07/27 16:28:46 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/07/27 16:28:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/07/27 16:28:45 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/07/27 16:28:45 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/07/27 16:28:45 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/07/27 16:28:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/07/27 16:28:43 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/07/27 16:28:43 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/07/27 16:28:43 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/07/27 16:28:43 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/07/27 16:28:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/07/27 16:28:41 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/07/27 16:28:41 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/07/27 16:28:41 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/07/27 16:28:39 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/07/27 16:28:39 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/07/27 16:28:38 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/07/27 16:28:38 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/07/27 16:28:37 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/07/27 16:28:37 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/07/27 16:27:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/07/27 16:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012/07/27 16:26:11 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/07/27 16:26:07 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\DAEMON Tools Pro
[2012/07/27 16:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012/07/27 16:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/07/27 16:23:54 | 019,302,416 | ---- | C] (DT Soft Ltd) -- C:\Users\Aaron\Desktop\DAEMONToolsPro510-0333.exe
[2012/07/27 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\sviv
[2012/07/27 14:21:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\CAPCOM
[2012/07/24 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\half life 2
[2012/07/24 18:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/07/22 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{88986852-0150-413A-B312-72B48EDC694F}
[2012/07/22 16:05:47 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{5614BC22-5D8F-4D81-8B56-9E3D2E61CD9D}
[2012/07/22 11:45:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\DDMSettings
[2012/07/22 11:40:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\DivX
[2012/07/22 11:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/07/22 11:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/07/22 11:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/07/22 11:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/07/22 11:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/07/22 11:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/07/21 23:52:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/21 23:52:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/21 23:52:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/21 23:52:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/21 23:52:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/21 23:52:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/21 23:52:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/21 23:52:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/21 23:52:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/21 23:52:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/21 23:52:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/21 23:52:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/21 23:52:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/21 19:05:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/21 19:05:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/21 19:05:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/21 19:03:15 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/21 19:03:15 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/15 00:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/07/15 00:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/07/15 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9D14FFC2-0A28-48F6-832F-3805890005FF}
[2012/07/15 00:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/07/15 00:36:12 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9993943D-C796-4BC9-963A-4828024381E2}
[2012/07/15 00:35:59 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Tracing
[2012/07/14 13:24:23 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7DAAF300-4921-4FBB-AA0A-C1D03A44E7FD}
[2012/07/14 13:24:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{CD00FFD8-9C89-44F9-92C1-AE80AA31B0FB}
[2012/07/13 10:52:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\asl
[2012/07/12 15:40:25 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Google
[2012/07/12 15:40:25 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\CRE
[2012/07/12 15:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/12 15:40:18 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Conduit
[2012/07/12 15:37:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\BitTorrent
[2012/07/11 08:55:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{FF5A7211-3D09-4D92-A1C7-4ECE1FCC10AC}
[2012/07/11 08:54:58 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D49B247A-16DB-4641-A5EB-6F503D4C4676}
[2012/07/09 20:31:12 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{3261AE3C-785F-4727-BEE5-161C71DAFFD3}
[2012/07/09 20:30:50 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4F080B28-D501-43CD-B274-BCADF1E236E8}
[2012/07/04 07:55:23 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Diagnostics
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/02 22:13:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.scr
[2012/08/02 21:59:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 21:59:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 21:59:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/02 21:52:56 | 000,000,635 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmsshf.bin
[2012/08/02 21:44:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/02 17:40:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 17:40:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 17:32:54 | 116,842,495 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 17:31:44 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe
[2012/08/02 16:38:16 | 000,001,445 | ---- | M] () -- C:\Users\Aaron\Desktop\Trend Micro Titanium 2012.lnk
[2012/08/02 16:32:11 | 000,797,136 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/02 16:32:11 | 000,672,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/02 16:32:11 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/02 16:30:10 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/08/02 16:29:59 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/02 16:19:55 | 002,117,108 | ---- | M] () -- C:\Users\Aaron\Desktop\tdsskiller.zip
[2012/08/02 16:17:57 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Aaron\Desktop\GooredFix.exe
[2012/08/02 16:10:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/02 16:09:29 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTM.exe
[2012/08/02 16:08:51 | 000,001,104 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/02 16:08:40 | 000,000,905 | ---- | M] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2012/08/02 16:08:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Aaron\Desktop\erunt-setup.exe
[2012/08/02 16:05:35 | 000,513,320 | ---- | M] () -- C:\Users\Aaron\Desktop\erunt.zip
[2012/08/01 13:56:13 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAaron.job
[2012/07/30 21:37:32 | 000,049,982 | ---- | M] () -- C:\Users\Aaron\Desktop\538983_10151982406740383_1785703162_n.jpg
[2012/07/28 18:11:55 | 000,092,815 | ---- | M] () -- C:\Users\Aaron\Desktop\roy announcer for ike.rar
[2012/07/28 16:52:38 | 191,488,000 | ---- | M] () -- C:\Users\Aaron\Desktop\Payday.The_heist.iso.part
[2012/07/28 11:00:42 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2012/07/28 11:00:34 | 000,168,423 | ---- | M] () -- C:\Users\Aaron\Desktop\306736_10150984640001633_47228775_n.jpg
[2012/07/28 09:57:14 | 000,272,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/27 23:55:11 | 000,000,447 | ---- | M] () -- C:\Users\Aaron\Desktop\Phx_settings.ini
[2012/07/27 23:55:01 | 000,001,494 | ---- | M] () -- C:\Users\Aaron\Desktop\WalkingDead101 - Shortcut.lnk
[2012/07/27 23:26:45 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\The Walking Dead.lnk
[2012/07/27 23:15:57 | 000,000,661 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix.lnk
[2012/07/27 23:05:24 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/27 22:33:11 | 480,811,008 | ---- | M] () -- C:\Users\Aaron\Desktop\rld-twdep1.iso
[2012/07/27 18:00:42 | 000,001,755 | ---- | M] () -- C:\Users\Aaron\Desktop\SSFIV - Shortcut.lnk
[2012/07/27 16:42:07 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\Super Street Fighter IV Arcade Edition.lnk
[2012/07/27 16:26:58 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012/07/27 16:26:11 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/07/27 16:25:11 | 019,302,416 | ---- | M] (DT Soft Ltd) -- C:\Users\Aaron\Desktop\DAEMONToolsPro510-0333.exe
[2012/07/22 19:58:30 | 000,000,990 | ---- | M] () -- C:\Users\Aaron\Desktop\75M.png
[2012/07/22 19:58:01 | 000,000,132 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/22 10:03:38 | 000,004,056 | ---- | M] () -- C:\Users\Aaron\Desktop\RSBE01oldonewitstagesontop.gct
[2012/07/20 13:19:28 | 004,258,033 | ---- | M] () -- C:\Users\Aaron\Desktop\mu_menumain_en.pac
[2012/07/20 00:01:13 | 003,565,262 | ---- | M] () -- C:\Users\Aaron\Desktop\sc_selcharacter2.pac
[2012/07/18 18:39:13 | 003,558,672 | ---- | M] () -- C:\Users\Aaron\Desktop\sc_selcharacter_enw.pac
[2012/07/18 18:27:46 | 001,135,635 | ---- | M] () -- C:\Users\Aaron\Desktop\sc_selmap_en.pac
[2012/07/18 17:00:09 | 000,012,589 | ---- | M] () -- C:\Users\Aaron\Desktop\RSBE01111
[2012/07/18 16:59:22 | 000,012,589 | ---- | M] () -- C:\Users\Aaron\Desktop\RSBE01111.gct
[2012/07/18 16:51:18 | 002,452,000 | ---- | M] () -- C:\Users\Aaron\Desktop\char_bust_tex_lz77a.pac
[2012/07/18 16:45:22 | 009,064,192 | ---- | M] () -- C:\Users\Aaron\Desktop\common5 - Copy.pac
[2012/07/18 16:37:20 | 003,564,594 | ---- | M] () -- C:\Users\Aaron\Desktop\sc_selcharacter.pac
[2012/07/18 16:35:04 | 000,978,004 | ---- | M] () -- C:\Users\Aaron\Desktop\chrselectports.psd
[2012/07/17 15:50:26 | 000,915,014 | ---- | M] () -- C:\Users\Aaron\Desktop\battleportraittemplate.psd
[2012/07/15 15:53:28 | 000,004,288 | ---- | M] () -- C:\Users\Aaron\Desktop\codehandler.bin
[2012/07/15 12:52:01 | 000,296,285 | ---- | M] () -- C:\Users\Aaron\Desktop\3dtemplate.psd
[2012/07/13 19:41:12 | 000,000,120 | ---- | M] () -- C:\Users\Aaron\Desktop\NATE.gct
[2012/07/13 12:06:29 | 000,000,072 | ---- | M] () -- C:\Users\Aaron\Desktop\codee.gct
[2012/07/12 17:27:04 | 000,370,398 | ---- | M] () -- C:\Users\Aaron\Desktop\2d flat template.psd
[2012/07/11 11:23:20 | 000,573,108 | ---- | M] () -- C:\Users\Aaron\Desktop\addin2d.psd
[2012/07/11 10:24:39 | 000,349,305 | ---- | M] () -- C:\Users\Aaron\Desktop\tench2d.psd
[2012/07/11 08:19:38 | 013,090,624 | ---- | M] () -- C:\Users\Aaron\Desktop\F-Zero.wad
[2012/07/10 23:18:34 | 000,353,913 | ---- | M] () -- C:\Users\Aaron\Desktop\gametemplate.psd
[2012/07/10 22:59:00 | 000,888,061 | ---- | M] () -- C:\Users\Aaron\Desktop\Wii_Cover_Template___Hi_Res_by_StardogChampion.png
[2012/07/10 22:55:58 | 000,005,110 | ---- | M] () -- C:\Users\Aaron\Desktop\10-362-600-wii_game_box_cover-27_26_335_564.png
[2012/07/08 13:23:15 | 000,071,404 | ---- | M] () -- C:\Users\Aaron\Desktop\BSIC.jar
[2012/07/07 20:42:38 | 322,207,744 | ---- | M] () -- C:\Users\Aaron\Desktop\game.iso.bak
[2012/07/07 19:00:32 | 001,599,136 | ---- | M] () -- C:\Users\Aaron\Desktop\DIOS MIOS Lite v1.5.wad
[2012/07/07 12:40:04 | 000,004,912 | ---- | M] () -- C:\Users\Aaron\Desktop\RSBE01.gct
[2012/07/07 11:33:49 | 002,837,440 | ---- | M] () -- C:\Users\Aaron\Desktop\char_bust_tex_lz77.pac
[2012/07/07 11:29:25 | 000,002,976 | ---- | M] () -- C:\Users\Aaron\Desktop\emptyu.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/02 16:51:17 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2012/08/02 16:37:39 | 000,001,445 | ---- | C] () -- C:\Users\Aaron\Desktop\Trend Micro Titanium 2012.lnk
[2012/08/02 16:30:10 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/08/02 16:29:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/02 16:19:37 | 002,117,108 | ---- | C] () -- C:\Users\Aaron\Desktop\tdsskiller.zip
[2012/08/02 16:08:51 | 000,001,104 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/02 16:08:40 | 000,000,905 | ---- | C] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2012/08/02 16:05:34 | 000,513,320 | ---- | C] () -- C:\Users\Aaron\Desktop\erunt.zip
[2012/08/01 19:59:00 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{504b1c62-2ea9-2f1b-f726-110079e389e1}\U\[email protected]
[2012/08/01 19:58:56 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{504b1c62-2ea9-2f1b-f726-110079e389e1}\U\[email protected]
[2012/08/01 19:58:56 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{504b1c62-2ea9-2f1b-f726-110079e389e1}\L\[email protected]
[2012/08/01 19:58:43 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{504b1c62-2ea9-2f1b-f726-110079e389e1}\U\[email protected]
[2012/07/30 21:37:30 | 000,049,982 | ---- | C] () -- C:\Users\Aaron\Desktop\538983_10151982406740383_1785703162_n.jpg
[2012/07/29 20:06:49 | 000,167,789 | ---- | C] () -- C:\Users\Aaron\Desktop\FitMarth02zor.pcs
[2012/07/29 20:06:09 | 001,649,216 | ---- | C] () -- C:\Users\Aaron\Desktop\FitYoshi05oldbirdo.pac
[2012/07/29 20:06:09 | 000,616,809 | ---- | C] () -- C:\Users\Aaron\Desktop\FitYoshi05oldbirdo.pcs
[2012/07/29 20:05:41 | 000,381,856 | ---- | C] () -- C:\Users\Aaron\Desktop\FitMarth02zora.pac
[2012/07/28 18:30:35 | 000,004,056 | ---- | C] () -- C:\Users\Aaron\Desktop\RSBE01oldonewitstagesontop.gct
[2012/07/28 18:29:50 | 000,372,096 | ---- | C] () -- C:\Users\Aaron\Desktop\FitPikmin04bomberman.pcs
[2012/07/28 18:11:51 | 000,092,815 | ---- | C] () -- C:\Users\Aaron\Desktop\roy announcer for ike.rar
[2012/07/28 15:06:04 | 191,488,000 | ---- | C] () -- C:\Users\Aaron\Desktop\Payday.The_heist.iso.part
[2012/07/28 11:00:33 | 000,168,423 | ---- | C] () -- C:\Users\Aaron\Desktop\306736_10150984640001633_47228775_n.jpg
[2012/07/27 23:55:01 | 000,001,494 | ---- | C] () -- C:\Users\Aaron\Desktop\WalkingDead101 - Shortcut.lnk
[2012/07/27 23:26:45 | 000,000,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Walking Dead.lnk
[2012/07/27 23:26:45 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\The Walking Dead.lnk
[2012/07/27 23:15:57 | 000,000,661 | ---- | C] () -- C:\Users\Public\Desktop\Phoenix.lnk
[2012/07/27 23:15:34 | 000,000,447 | ---- | C] () -- C:\Users\Aaron\Desktop\Phx_settings.ini
[2012/07/27 23:05:24 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/27 21:15:04 | 480,811,008 | ---- | C] () -- C:\Users\Aaron\Desktop\rld-twdep1.iso
[2012/07/27 18:00:42 | 000,001,755 | ---- | C] () -- C:\Users\Aaron\Desktop\SSFIV - Shortcut.lnk
[2012/07/27 16:42:07 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\Super Street Fighter IV Arcade Edition.lnk
[2012/07/27 16:26:58 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012/07/22 19:58:30 | 000,000,990 | ---- | C] () -- C:\Users\Aaron\Desktop\75M.png
[2012/07/22 16:27:45 | 001,417,088 | ---- | C] () -- C:\Users\Aaron\Desktop\metroidtrainingSTGJUNGLE.pac
[2012/07/20 13:19:28 | 004,258,033 | ---- | C] () -- C:\Users\Aaron\Desktop\mu_menumain_en.pac
[2012/07/20 10:52:58 | 009,064,192 | ---- | C] () -- C:\Users\Aaron\Desktop\common5 - Copy.pac
[2012/07/20 00:01:08 | 003,565,262 | ---- | C] () -- C:\Users\Aaron\Desktop\sc_selcharacter2.pac
[2012/07/18 18:42:11 | 003,564,594 | ---- | C] () -- C:\Users\Aaron\Desktop\sc_selcharacter.pac
[2012/07/18 18:36:48 | 003,558,672 | ---- | C] () -- C:\Users\Aaron\Desktop\sc_selcharacter_enw.pac
[2012/07/18 18:27:46 | 001,135,635 | ---- | C] () -- C:\Users\Aaron\Desktop\sc_selmap_en.pac
[2012/07/18 17:00:09 | 000,012,589 | ---- | C] () -- C:\Users\Aaron\Desktop\RSBE01111
[2012/07/18 16:58:29 | 000,012,589 | ---- | C] () -- C:\Users\Aaron\Desktop\RSBE01111.gct
[2012/07/18 16:51:17 | 002,452,000 | ---- | C] () -- C:\Users\Aaron\Desktop\char_bust_tex_lz77a.pac
[2012/07/15 15:53:28 | 000,004,288 | ---- | C] () -- C:\Users\Aaron\Desktop\codehandler.bin
[2012/07/15 12:41:24 | 000,296,285 | ---- | C] () -- C:\Users\Aaron\Desktop\3dtemplate.psd
[2012/07/15 11:03:33 | 002,876,992 | ---- | C] () -- C:\Users\Aaron\Desktop\STGBATTLEFIELD_A.pac
[2012/07/13 12:06:56 | 000,002,456 | ---- | C] () -- C:\Users\Aaron\Desktop\code.gct
[2012/07/13 12:06:28 | 000,000,072 | ---- | C] () -- C:\Users\Aaron\Desktop\codee.gct
[2012/07/12 16:41:40 | 000,004,912 | ---- | C] () -- C:\Users\Aaron\Desktop\RSBE01.gct
[2012/07/12 16:38:30 | 000,000,120 | ---- | C] () -- C:\Users\Aaron\Desktop\NATE.gct
[2012/07/11 11:23:18 | 000,573,108 | ---- | C] () -- C:\Users\Aaron\Desktop\addin2d.psd
[2012/07/11 10:36:14 | 000,370,398 | ---- | C] () -- C:\Users\Aaron\Desktop\2d flat template.psd
[2012/07/11 10:24:38 | 000,349,305 | ---- | C] () -- C:\Users\Aaron\Desktop\tench2d.psd
[2012/07/11 09:01:26 | 013,090,624 | ---- | C] () -- C:\Users\Aaron\Desktop\F-Zero.wad
[2012/07/10 23:02:56 | 000,353,913 | ---- | C] () -- C:\Users\Aaron\Desktop\gametemplate.psd
[2012/07/10 22:58:58 | 000,888,061 | ---- | C] () -- C:\Users\Aaron\Desktop\Wii_Cover_Template___Hi_Res_by_StardogChampion.png
[2012/07/10 22:55:56 | 000,005,110 | ---- | C] () -- C:\Users\Aaron\Desktop\10-362-600-wii_game_box_cover-27_26_335_564.png
[2012/07/10 12:52:18 | 322,207,744 | ---- | C] () -- C:\Users\Aaron\Desktop\game.iso.bak
[2012/07/08 13:23:14 | 000,071,404 | ---- | C] () -- C:\Users\Aaron\Desktop\BSIC.jar
[2012/07/07 19:00:32 | 001,599,136 | ---- | C] () -- C:\Users\Aaron\Desktop\DIOS MIOS Lite v1.5.wad
[2012/07/07 11:33:49 | 002,837,440 | ---- | C] () -- C:\Users\Aaron\Desktop\char_bust_tex_lz77.pac
[2012/07/07 11:29:25 | 000,002,976 | ---- | C] () -- C:\Users\Aaron\Desktop\emptyu.png
[2012/06/29 10:14:50 | 000,000,132 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2012/06/01 15:00:47 | 000,000,132 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/05/31 11:13:47 | 000,010,892 | ---- | C] () -- C:\Users\Aaron\.recently-used.xbel
[2012/04/03 12:11:49 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012/02/10 20:17:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/10 20:15:45 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/02/10 20:11:32 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/28 07:49:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/06 13:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/18 02:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is Trend alerting you to a Zero access infection ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O4 - HKCU..\Run: [sp] C:\Users\Aaron\AppData\Roaming\Adobe\sp.DLL ()

    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{504b1c62-2ea9-2f1b-f726-110079e389e1}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thank you very much Essexboy. I am very appreciative you took the time out to help with my problem. I'm not quite sure what the means. But I havent been getting anything referring to that. Micro would pop up saying that it blocked and removed some threats. After I did the combofix things have been much better. Have not gotten any google redirects or pop ups. I hope i posted everything correctly.


My OTL log:


OTL logfile created on: 8/3/2012 6:25:59 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Aaron\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 70.67% Memory free
10.96 Gb Paging File | 9.07 Gb Available in Paging File | 82.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 570.42 Gb Total Space | 436.90 Gb Free Space | 76.59% Space Free | Partition Type: NTFS
Drive D: | 21.58 Gb Total Space | 2.32 Gb Free Space | 10.77% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32
Drive F: | 269.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AARON-HP | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 22:13:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.scr
PRC - [2012/07/28 00:07:25 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/22 19:59:36 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/04/25 16:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/31 22:21:18 | 001,304,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/07 20:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/28 16:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/08/26 15:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/08/26 04:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 04:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 04:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/28 00:07:25 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/22 19:59:36 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/05/09 14:01:50 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 14:01:42 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/03 14:34:10 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012/02/27 06:44:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
MOD - [2012/02/27 06:44:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/09/28 19:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/28 07:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/02 06:11:26 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 12:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/08/02 21:59:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 23:06:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/25 16:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/26 04:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/06/28 18:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/27 16:26:11 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/25 10:26:34 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/09 11:36:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/09 11:36:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/28 19:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 18:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/11 00:53:47 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/08/11 00:53:47 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/08/11 00:53:47 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/08/02 13:33:16 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/07/18 17:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/07/16 05:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/07/16 05:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/06/09 19:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/02 06:11:26 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/30 17:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 12:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 12:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/04/16 03:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 03:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/17 09:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 10:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{008F6831-ECBA-4246-911D-F1DF440F0458}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{008F6831-ECBA-4246-911D-F1DF440F0458}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{008F6831-ECBA-4246-911D-F1DF440F0458}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/22 11:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/08/02 16:41:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/08/02 16:42:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 00:07:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 11:40:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 00:07:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 11:40:44 | 000,000,000 | ---D | M]

[2012/03/20 21:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions
[2012/07/21 18:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/15 00:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/07/21 18:52:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
[2012/07/22 11:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\osqrsy1v.default\extensions
[2012/06/17 17:19:36 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\osqrsy1v.default\extensions\[email protected]
[2012/07/15 00:36:46 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\osqrsy1v.default\extensions\[email protected]
[2012/03/21 10:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/21 10:08:05 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/08/02 16:41:12 | 000,000,000 | ---D | M] (Trend Micro BEP Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.1.1102\7.1.1102\FIREFOXEXTENSION
[2012/07/22 11:31:02 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\AARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSQRSY1V.DEFAULT\EXTENSIONS\[email protected]
[1832/11/28 21:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\AARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSQRSY1V.DEFAULT\EXTENSIONS\[email protected]
[2012/07/28 00:07:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/28 00:07:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/28 00:07:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/03 18:17:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Apple Computer] C:\Users\Aaron\AppData\Local\CrashDumps\Apple Computer\bbuyfhcof.dll (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [sp] C:\Windows\sysWOW64\rundll32.exe "C:\Users\Aaron\AppData\Roaming\Adobe\sp.DLL",ServiceMain File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Symantec] C:\Users\Aaron\AppData\Local\Symantec\whgpxtwf.dll (Creative Technology Ltd)
O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FFB5237-8642-42B3-9D7E-6AE210979A6E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/31 19:38:13 | 000,880,432 | R--- | M] (Trend Micro Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/06/15 03:07:38 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5c565232-7378-11e1-8617-082e5f955586}\Shell - "" = AutoRun
O33 - MountPoints2\{5c565232-7378-11e1-8617-082e5f955586}\Shell\AutoRun\command - "" = G:\launcher.exe
O33 - MountPoints2\{c95e1bd6-7255-11e1-b111-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c95e1bd6-7255-11e1-b111-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2011/08/31 19:38:13 | 000,880,432 | R--- | M] (Trend Micro Inc.)
O34 - HKLM BootExecute: (C:\Windows\DCEBoot64.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (ngs...)
O34 - HKLM BootExecute: (ountPoints2\Q\Shell)
O34 - HKLM BootExecute: (nts2\H\Shell)
O34 - HKLM BootExecute: (hel)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/03 18:17:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/02 22:13:29 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.scr
[2012/08/02 16:41:20 | 000,000,000 | ---D | C] -- C:\temp
[2012/08/02 16:37:39 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2012
[2012/08/02 16:32:15 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2012/08/02 16:32:13 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/08/02 16:32:13 | 000,091,920 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2012/08/02 16:32:13 | 000,070,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2012/08/02 16:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/08/02 16:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/08/02 16:20:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\tdss
[2012/08/02 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\GooredFix Backups
[2012/08/02 16:17:54 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Aaron\Desktop\GooredFix.exe
[2012/08/02 16:10:29 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/02 16:09:29 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTM.exe
[2012/08/02 16:09:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/02 16:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/02 16:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/02 16:06:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\registry backup
[2012/08/02 16:05:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\erunt
[2012/08/01 20:05:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/31 20:54:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Symantec
[2012/07/30 21:46:30 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{66EB9E1B-D822-4285-856C-6ACD90D1DCDE}
[2012/07/27 23:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/07/27 23:27:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\Telltale Games
[2012/07/27 23:15:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Phx_data
[2012/07/27 23:15:30 | 006,801,763 | ---- | C] ($[email protected]!c_V()!D) -- C:\Users\Aaron\Desktop\Phoenix.exe
[2012/07/27 23:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/27 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/27 22:55:53 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\wd
[2012/07/27 22:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telltale Games
[2012/07/27 22:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Walking Dead
[2012/07/27 17:21:43 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Super.Street.Fighter.IV.Arcade.Edition.Update.1-SKIDROW
[2012/07/27 16:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Street Fighter IV Arcade Edition
[2012/07/27 16:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black_Box
[2012/07/27 16:27:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/07/27 16:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012/07/27 16:26:11 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/07/27 16:26:07 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\DAEMON Tools Pro
[2012/07/27 16:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012/07/27 16:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/07/27 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\sviv
[2012/07/27 14:21:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\CAPCOM
[2012/07/24 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\half life 2
[2012/07/24 18:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/07/22 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{88986852-0150-413A-B312-72B48EDC694F}
[2012/07/22 16:05:47 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{5614BC22-5D8F-4D81-8B56-9E3D2E61CD9D}
[2012/07/22 11:45:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\DDMSettings
[2012/07/22 11:40:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\DivX
[2012/07/22 11:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/07/22 11:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/07/22 11:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/07/22 11:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/07/22 11:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/07/22 11:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/07/15 00:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/07/15 00:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/07/15 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9D14FFC2-0A28-48F6-832F-3805890005FF}
[2012/07/15 00:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/07/15 00:36:12 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9993943D-C796-4BC9-963A-4828024381E2}
[2012/07/15 00:35:59 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Tracing
[2012/07/14 13:24:23 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7DAAF300-4921-4FBB-AA0A-C1D03A44E7FD}
[2012/07/14 13:24:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{CD00FFD8-9C89-44F9-92C1-AE80AA31B0FB}
[2012/07/13 10:52:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\asl
[2012/07/12 15:40:25 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Google
[2012/07/12 15:40:25 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\CRE
[2012/07/12 15:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/12 15:40:18 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Conduit
[2012/07/12 15:37:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\BitTorrent
[2012/07/11 08:55:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{FF5A7211-3D09-4D92-A1C7-4ECE1FCC10AC}
[2012/07/11 08:54:58 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D49B247A-16DB-4641-A5EB-6F503D4C4676}
[2012/07/09 20:31:12 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{3261AE3C-785F-4727-BEE5-161C71DAFFD3}
[2012/07/09 20:30:50 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4F080B28-D501-43CD-B274-BCADF1E236E8}

========== Files - Modified Within 30 Days ==========

[2012/08/03 18:31:06 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 18:31:06 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 18:25:57 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe
[2012/08/03 18:25:57 | 000,003,700 | ---- | M] () -- C:\Windows\DCEBOOT.CFG
[2012/08/03 18:21:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/03 18:21:52 | 116,842,495 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 18:17:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/03 17:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 22:13:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.scr
[2012/08/02 21:52:56 | 000,000,635 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmsshf.bin
[2012/08/02 16:38:16 | 000,001,445 | ---- | M] () -- C:\Users\Aaron\Desktop\Trend Micro Titanium 2012.lnk
[2012/08/02 16:32:11 | 000,797,136 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/02 16:32:11 | 000,672,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/02 16:32:11 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/02 16:30:10 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/08/02 16:29:59 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/02 16:19:55 | 002,117,108 | ---- | M] () -- C:\Users\Aaron\Desktop\tdsskiller.zip
[2012/08/02 16:17:57 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Aaron\Desktop\GooredFix.exe
[2012/08/02 16:09:29 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTM.exe
[2012/08/02 16:08:51 | 000,001,104 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/02 16:08:40 | 000,000,905 | ---- | M] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2012/08/02 16:05:35 | 000,513,320 | ---- | M] () -- C:\Users\Aaron\Desktop\erunt.zip
[2012/08/01 13:56:13 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAaron.job
[2012/07/28 18:11:55 | 000,092,815 | ---- | M] () -- C:\Users\Aaron\Desktop\roy announcer for ike.rar
[2012/07/28 16:52:38 | 191,488,000 | ---- | M] () -- C:\Users\Aaron\Desktop\Payday.The_heist.iso.part
[2012/07/28 11:00:42 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2012/07/28 11:00:34 | 000,168,423 | ---- | M] () -- C:\Users\Aaron\Desktop\306736_10150984640001633_47228775_n.jpg
[2012/07/28 09:57:14 | 000,272,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/27 23:55:11 | 000,000,447 | ---- | M] () -- C:\Users\Aaron\Desktop\Phx_settings.ini
[2012/07/27 23:55:01 | 000,001,494 | ---- | M] () -- C:\Users\Aaron\Desktop\WalkingDead101 - Shortcut.lnk
[2012/07/27 23:26:45 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\The Walking Dead.lnk
[2012/07/27 23:15:57 | 000,000,661 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix.lnk
[2012/07/27 23:05:24 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/27 22:33:11 | 480,811,008 | ---- | M] () -- C:\Users\Aaron\Desktop\rld-twdep1.iso
[2012/07/27 18:00:42 | 000,001,755 | ---- | M] () -- C:\Users\Aaron\Desktop\SSFIV - Shortcut.lnk
[2012/07/27 16:42:07 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\Super Street Fighter IV Arcade Edition.lnk
[2012/07/27 16:26:58 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012/07/27 16:26:11 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/07/22 19:58:30 | 000,000,990 | ---- | M] () -- C:\Users\Aaron\Desktop\75M.png
[2012/07/22 19:58:01 | 000,000,132 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/22 10:03:38 | 000,004,056 | ---- | M] () -- C:\Users\Aaron\Desktop\RSBE01oldonewitstagesontop.gct
[2012/07/20 13:19:28 | 004,258,033 | ---- | M] () -- C:\Users\Aaron\Desktop\mu_menumain_en.pac
[2012/07/20 00:01:13 | 003,565,262 | ---- | M] () -- C:\Users\Aaron\Desktop\sc_selcharacter2.pac
[2012/07/18 18:39:13 | 003,558,672 | ---- | M] () -- C:\Users\Aaron\Desktop\sc_selcharacter_enw.pac
[2012/07/18 18:27:46 | 001,135,635 | ---- | M] () -- C:\Users\Aaron\Desktop\sc_selmap_en.pac
[2012/07/18 17:00:09 | 000,012,589 | ---- | M] () -- C:\Users\Aaron\Desktop\RSBE01111
[2012/07/18 16:59:22 | 000,012,589 | ---- | M] () -- C:\Users\Aaron\Desktop\RSBE01111.gct
[2012/07/18 16:51:18 | 002,452,000 | ---- | M] () -- C:\Users\Aaron\Desktop\char_bust_tex_lz77a.pac
[2012/07/18 16:45:22 | 009,064,192 | ---- | M] () -- C:\Users\Aaron\Desktop\common5 - Copy.pac
[2012/07/18 16:37:20 | 003,564,594 | ---- | M] () -- C:\Users\Aaron\Desktop\sc_selcharacter.pac
[2012/07/18 16:35:04 | 000,978,004 | ---- | M] () -- C:\Users\Aaron\Desktop\chrselectports.psd
[2012/07/17 15:50:26 | 000,915,014 | ---- | M] () -- C:\Users\Aaron\Desktop\battleportraittemplate.psd
[2012/07/15 15:53:28 | 000,004,288 | ---- | M] () -- C:\Users\Aaron\Desktop\codehandler.bin
[2012/07/15 12:52:01 | 000,296,285 | ---- | M] () -- C:\Users\Aaron\Desktop\3dtemplate.psd
[2012/07/13 19:41:12 | 000,000,120 | ---- | M] () -- C:\Users\Aaron\Desktop\NATE.gct
[2012/07/13 12:06:29 | 000,000,072 | ---- | M] () -- C:\Users\Aaron\Desktop\codee.gct
[2012/07/12 17:27:04 | 000,370,398 | ---- | M] () -- C:\Users\Aaron\Desktop\2d flat template.psd
[2012/07/11 11:23:20 | 000,573,108 | ---- | M] () -- C:\Users\Aaron\Desktop\addin2d.psd
[2012/07/11 10:24:39 | 000,349,305 | ---- | M] () -- C:\Users\Aaron\Desktop\tench2d.psd
[2012/07/11 08:19:38 | 013,090,624 | ---- | M] () -- C:\Users\Aaron\Desktop\F-Zero.wad
[2012/07/10 23:18:34 | 000,353,913 | ---- | M] () -- C:\Users\Aaron\Desktop\gametemplate.psd
[2012/07/10 22:59:00 | 000,888,061 | ---- | M] () -- C:\Users\Aaron\Desktop\Wii_Cover_Template___Hi_Res_by_StardogChampion.png
[2012/07/10 22:55:58 | 000,005,110 | ---- | M] () -- C:\Users\Aaron\Desktop\10-362-600-wii_game_box_cover-27_26_335_564.png
[2012/07/08 13:23:15 | 000,071,404 | ---- | M] () -- C:\Users\Aaron\Desktop\BSIC.jar
[2012/07/07 20:42:38 | 322,207,744 | ---- | M] () -- C:\Users\Aaron\Desktop\game.iso.bak
[2012/07/07 19:00:32 | 001,599,136 | ---- | M] () -- C:\Users\Aaron\Desktop\DIOS MIOS Lite v1.5.wad
[2012/07/07 12:40:04 | 000,004,912 | ---- | M] () -- C:\Users\Aaron\Desktop\RSBE01.gct
[2012/07/07 11:33:49 | 002,837,440 | ---- | M] () -- C:\Users\Aaron\Desktop\char_bust_tex_lz77.pac
[2012/07/07 11:29:25 | 000,002,976 | ---- | M] () -- C:\Users\Aaron\Desktop\emptyu.png

========== Files Created - No Company Name ==========

[2012/08/03 18:25:37 | 000,003,700 | ---- | C] () -- C:\Windows\DCEBOOT.CFG
[2012/08/03 18:21:49 | 000,000,702 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2012/08/02 16:51:17 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2012/08/02 16:37:39 | 000,001,445 | ---- | C] () -- C:\Users\Aaron\Desktop\Trend Micro Titanium 2012.lnk
[2012/08/02 16:30:10 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/08/02 16:29:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/02 16:19:37 | 002,117,108 | ---- | C] () -- C:\Users\Aaron\Desktop\tdsskiller.zip
[2012/08/02 16:08:51 | 000,001,104 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/02 16:08:40 | 000,000,905 | ---- | C] () -- C:\Users\Aaron\Desktop\ERUNT.lnk
[2012/08/02 16:05:34 | 000,513,320 | ---- | C] () -- C:\Users\Aaron\Desktop\erunt.zip
[2012/07/29 20:06:49 | 000,167,789 | ---- | C] () -- C:\Users\Aaron\Desktop\FitMarth02zor.pcs
[2012/07/28 18:30:35 | 000,004,056 | ---- | C] () -- C:\Users\Aaron\Desktop\RSBE01oldonewitstagesontop.gct
[2012/07/28 18:11:51 | 000,092,815 | ---- | C] () -- C:\Users\Aaron\Desktop\roy announcer for ike.rar
[2012/07/28 15:06:04 | 191,488,000 | ---- | C] () -- C:\Users\Aaron\Desktop\Payday.The_heist.iso.part
[2012/07/28 11:00:33 | 000,168,423 | ---- | C] () -- C:\Users\Aaron\Desktop\306736_10150984640001633_47228775_n.jpg
[2012/07/27 23:55:01 | 000,001,494 | ---- | C] () -- C:\Users\Aaron\Desktop\WalkingDead101 - Shortcut.lnk
[2012/07/27 23:26:45 | 000,000,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Walking Dead.lnk
[2012/07/27 23:26:45 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\The Walking Dead.lnk
[2012/07/27 23:15:57 | 000,000,661 | ---- | C] () -- C:\Users\Public\Desktop\Phoenix.lnk
[2012/07/27 23:15:34 | 000,000,447 | ---- | C] () -- C:\Users\Aaron\Desktop\Phx_settings.ini
[2012/07/27 23:05:24 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/27 21:15:04 | 480,811,008 | ---- | C] () -- C:\Users\Aaron\Desktop\rld-twdep1.iso
[2012/07/27 18:00:42 | 000,001,755 | ---- | C] () -- C:\Users\Aaron\Desktop\SSFIV - Shortcut.lnk
[2012/07/27 16:42:07 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\Super Street Fighter IV Arcade Edition.lnk
[2012/07/27 16:26:58 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012/07/22 19:58:30 | 000,000,990 | ---- | C] () -- C:\Users\Aaron\Desktop\75M.png
[2012/07/22 16:27:45 | 001,417,088 | ---- | C] () -- C:\Users\Aaron\Desktop\metroidtrainingSTGJUNGLE.pac
[2012/07/20 13:19:28 | 004,258,033 | ---- | C] () -- C:\Users\Aaron\Desktop\mu_menumain_en.pac
[2012/07/20 10:52:58 | 009,064,192 | ---- | C] () -- C:\Users\Aaron\Desktop\common5 - Copy.pac
[2012/07/20 00:01:08 | 003,565,262 | ---- | C] () -- C:\Users\Aaron\Desktop\sc_selcharacter2.pac
[2012/07/18 18:42:11 | 003,564,594 | ---- | C] () -- C:\Users\Aaron\Desktop\sc_selcharacter.pac
[2012/07/18 18:36:48 | 003,558,672 | ---- | C] () -- C:\Users\Aaron\Desktop\sc_selcharacter_enw.pac
[2012/07/18 18:27:46 | 001,135,635 | ---- | C] () -- C:\Users\Aaron\Desktop\sc_selmap_en.pac
[2012/07/18 17:00:09 | 000,012,589 | ---- | C] () -- C:\Users\Aaron\Desktop\RSBE01111
[2012/07/18 16:58:29 | 000,012,589 | ---- | C] () -- C:\Users\Aaron\Desktop\RSBE01111.gct
[2012/07/18 16:51:17 | 002,452,000 | ---- | C] () -- C:\Users\Aaron\Desktop\char_bust_tex_lz77a.pac
[2012/07/15 15:53:28 | 000,004,288 | ---- | C] () -- C:\Users\Aaron\Desktop\codehandler.bin
[2012/07/15 12:41:24 | 000,296,285 | ---- | C] () -- C:\Users\Aaron\Desktop\3dtemplate.psd
[2012/07/15 11:03:33 | 002,876,992 | ---- | C] () -- C:\Users\Aaron\Desktop\STGBATTLEFIELD_A.pac
[2012/07/13 12:06:56 | 000,002,456 | ---- | C] () -- C:\Users\Aaron\Desktop\code.gct
[2012/07/13 12:06:28 | 000,000,072 | ---- | C] () -- C:\Users\Aaron\Desktop\codee.gct
[2012/07/12 16:41:40 | 000,004,912 | ---- | C] () -- C:\Users\Aaron\Desktop\RSBE01.gct
[2012/07/12 16:38:30 | 000,000,120 | ---- | C] () -- C:\Users\Aaron\Desktop\NATE.gct
[2012/07/11 11:23:18 | 000,573,108 | ---- | C] () -- C:\Users\Aaron\Desktop\addin2d.psd
[2012/07/11 10:36:14 | 000,370,398 | ---- | C] () -- C:\Users\Aaron\Desktop\2d flat template.psd
[2012/07/11 10:24:38 | 000,349,305 | ---- | C] () -- C:\Users\Aaron\Desktop\tench2d.psd
[2012/07/11 09:01:26 | 013,090,624 | ---- | C] () -- C:\Users\Aaron\Desktop\F-Zero.wad
[2012/07/10 23:02:56 | 000,353,913 | ---- | C] () -- C:\Users\Aaron\Desktop\gametemplate.psd
[2012/07/10 22:58:58 | 000,888,061 | ---- | C] () -- C:\Users\Aaron\Desktop\Wii_Cover_Template___Hi_Res_by_StardogChampion.png
[2012/07/10 22:55:56 | 000,005,110 | ---- | C] () -- C:\Users\Aaron\Desktop\10-362-600-wii_game_box_cover-27_26_335_564.png
[2012/07/10 12:52:18 | 322,207,744 | ---- | C] () -- C:\Users\Aaron\Desktop\game.iso.bak
[2012/07/08 13:23:14 | 000,071,404 | ---- | C] () -- C:\Users\Aaron\Desktop\BSIC.jar
[2012/07/07 19:00:32 | 001,599,136 | ---- | C] () -- C:\Users\Aaron\Desktop\DIOS MIOS Lite v1.5.wad
[2012/07/07 11:33:49 | 002,837,440 | ---- | C] () -- C:\Users\Aaron\Desktop\char_bust_tex_lz77.pac
[2012/07/07 11:29:25 | 000,002,976 | ---- | C] () -- C:\Users\Aaron\Desktop\emptyu.png
[2012/06/29 10:14:50 | 000,000,132 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2012/06/01 15:00:47 | 000,000,132 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/05/31 11:13:47 | 000,010,892 | ---- | C] () -- C:\Users\Aaron\.recently-used.xbel
[2012/04/03 12:11:49 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012/02/10 20:17:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/10 20:15:45 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/02/10 20:11:32 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/28 07:49:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/06 13:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/18 02:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/07/21 18:52:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\BitTorrent
[2012/07/27 16:27:25 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\DAEMON Tools Pro
[2012/03/21 23:50:49 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\DiskAid
[2012/05/31 11:13:47 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\gtk-2.0
[2012/07/21 18:54:01 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\IrfanView
[2012/06/21 15:47:27 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Ludia
[2012/05/19 19:35:21 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Mael
[2012/04/03 12:35:40 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\MotioninJoy
[2012/06/17 17:18:55 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SendSpace
[2012/07/08 23:59:58 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SoftGrid Client
[2012/03/19 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Synaptics
[2012/05/29 17:44:34 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\TP
[2012/04/06 18:24:18 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Windows Live Writer
[2012/06/26 07:40:47 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

My combofix log:

ComboFix 12-07-31.06 - Aaron 08/03/2012 18:41:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3842 [GMT -7:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DownloadnSave
c:\programdata\DownloadnSave\background.html
c:\programdata\DownloadnSave\content.js
c:\programdata\DownloadnSave\ddhbfejjbeajmnaplpemkoiiamdepapf.crx
c:\programdata\DownloadnSave\settings.ini
c:\programdata\DownloadnSave\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\DownloadnSave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\Uninstall.lnk
c:\users\Aaron\AppData\Local\CrashDumps\Apple Computer\bbuyfhcof.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 01:49 . 2012-08-04 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 01:17 . 2012-08-04 01:17 -------- d-----w- C:\_OTL
2012-08-03 04:52 . 2012-08-03 04:52 635 ----a-w- c:\windows\system32\drivers\etc\tmsshf.bin
2012-08-02 23:51 . 2012-08-04 01:25 21520 ----a-w- c:\windows\DCEBoot64.exe
2012-08-02 23:41 . 2012-08-02 23:41 -------- d-----w- C:\temp
2012-08-02 23:32 . 2011-08-02 20:33 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-08-02 23:32 . 2011-08-11 07:53 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-08-02 23:32 . 2011-08-11 07:53 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-08-02 23:32 . 2011-08-11 07:53 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-02 23:30 . 2012-08-02 23:30 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-08-02 23:28 . 2012-08-02 23:29 -------- d-----w- c:\program files\Trend Micro
2012-08-02 23:27 . 2012-08-02 23:38 -------- d-----w- c:\programdata\Trend Micro
2012-08-02 23:10 . 2012-08-02 23:10 -------- d-----w- C:\_OTM
2012-08-02 23:08 . 2012-08-02 23:08 -------- d-----w- c:\program files (x86)\ERUNT
2012-08-02 03:05 . 2012-08-02 03:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-01 03:54 . 2012-08-01 03:54 -------- d-----w- c:\users\Aaron\AppData\Local\Symantec
2012-07-31 18:08 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB63959F-F7A8-422A-AC86-94DA30C890F3}\mpengine.dll
2012-07-31 05:17 . 2012-07-31 05:17 110080 ----a-w- c:\programdata\Microsoft\Windows\DRM\8DCB.tmp.dat
2012-07-28 06:27 . 2012-07-28 06:27 -------- d-----w- c:\programdata\RELOADED
2012-07-28 06:05 . 2012-08-04 01:22 -------- d-----w- c:\program files (x86)\Steam
2012-07-28 05:33 . 2012-07-28 06:55 -------- d-----w- c:\program files (x86)\The Walking Dead
2012-07-27 23:29 . 2012-07-27 23:29 -------- d-----w- c:\program files (x86)\Black_Box
2012-07-27 23:26 . 2012-07-27 23:26 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-27 23:26 . 2012-07-27 23:27 -------- d-----w- c:\users\Aaron\AppData\Roaming\DAEMON Tools Pro
2012-07-27 23:26 . 2012-07-27 23:26 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2012-07-27 23:24 . 2012-07-27 23:27 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-07-27 20:06 . 2012-07-27 20:06 128512 ----a-w- c:\programdata\Microsoft\Windows\DRM\A2BE.tmp.dat
2012-07-26 21:04 . 2012-07-26 21:04 127488 ----a-w- c:\programdata\Microsoft\Windows\DRM\3504.tmp.dat
2012-07-25 01:13 . 2012-07-28 06:09 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-22 18:45 . 2012-07-22 18:45 -------- d-----w- c:\users\Aaron\AppData\Local\DDMSettings
2012-07-22 18:40 . 2012-07-22 18:40 -------- d-----w- c:\users\Aaron\AppData\Roaming\DivX
2012-07-22 18:40 . 2012-07-22 18:40 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-07-22 18:40 . 2012-07-22 18:40 -------- d-----w- c:\program files\DivX
2012-07-22 18:39 . 2012-07-22 18:40 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-07-22 18:38 . 2012-07-22 18:40 -------- d-----w- c:\program files (x86)\DivX
2012-07-22 18:36 . 2012-07-22 18:40 -------- d-----w- c:\programdata\DivX
2012-07-22 06:54 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-22 02:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-22 02:03 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-22 02:03 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-22 02:03 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-22 02:03 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-22 02:03 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-22 02:03 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-22 02:03 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-22 02:03 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-22 02:03 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-22 02:03 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-22 02:03 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-22 02:03 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-22 02:03 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-21 05:01 . 2012-07-21 05:00 114176 ----a-w- c:\programdata\Microsoft\Windows\DRM\DAB1.tmp.dat
2012-07-21 01:10 . 2012-07-21 01:10 114688 ----a-w- c:\programdata\Microsoft\Windows\DRM\FFF8.tmp.dat
2012-07-20 08:09 . 2012-07-20 08:09 114688 ----a-w- c:\programdata\Microsoft\Windows\DRM\7FF6.tmp.dat
2012-07-17 05:17 . 2012-07-17 05:17 113664 ----a-w- c:\programdata\Microsoft\Windows\DRM\6A50.tmp.dat
2012-07-15 07:36 . 2012-07-22 01:53 -------- d-----w- c:\program files (x86)\Yontoo
2012-07-15 07:36 . 2012-07-15 07:36 -------- d-----w- c:\programdata\Tarma Installer
2012-07-15 07:36 . 2012-07-15 16:10 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-07-15 07:35 . 2012-07-15 07:35 -------- d-----w- c:\users\Aaron\Tracing
2012-07-15 07:30 . 2012-07-15 07:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bfe6d0511cd625b01\DSETUP.dll
2012-07-12 22:40 . 2012-07-12 22:40 -------- d-----w- c:\users\Aaron\AppData\Local\Google
2012-07-12 22:40 . 2012-07-12 22:40 -------- d-----w- c:\users\Aaron\AppData\Local\CRE
2012-07-12 22:40 . 2012-07-12 22:40 -------- d-----w- c:\program files (x86)\Conduit
2012-07-12 22:40 . 2012-07-15 16:11 -------- d-----w- c:\users\Aaron\AppData\Local\Conduit
2012-07-12 22:37 . 2012-07-22 01:52 -------- d-----w- c:\users\Aaron\AppData\Roaming\BitTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 04:59 . 2012-04-06 23:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 04:59 . 2011-11-09 18:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 00:07 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 00:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 00:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 00:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 00:07 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 00:07 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 00:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 00:07 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 00:07 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-19 02:35 . 2012-05-19 02:35 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-06-08 192304]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-28 1242448]
"Symantec"="c:\users\Aaron\AppData\Local\Symantec\whgpxtwf.dll" [2012-02-16 331776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-03-25 115272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-27 283200]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-08-11 70928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-29 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-16 96896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-29 10210304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-29 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-16 214144]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:59]
.
2012-08-01 c:\windows\Tasks\HPCeeScheduleForAaron.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-02 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-04-01 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\osqrsy1v.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-Apple Computer - c:\users\Aaron\AppData\Local\CrashDumps\Apple Computer\bbuyfhcof.dll
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{A8B0DBDE-8119-48B0-8088-D12DA01C36BA} - c:\programdata\DownloadnSave\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-03 18:57:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 01:57
.
Pre-Run: 468,996,427,776 bytes free
Post-Run: 468,829,822,976 bytes free
.
- - End Of File - - 0C9E736C34C6443E0510857518DAC0F7

My FSS log:

Farbar Service Scanner Version: 04-08-2012 01
Ran by Aaron (administrator) on 03-08-2012 at 19:05:56
Running from "C:\Users\Aaron\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by tstumo, 03 August 2012 - 10:54 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once you have completed these tasks can you let me know what problems remain

Download the attached reg file to your desktop
https://dl.dropbox.c...555776/bits.reg
Right click the file and select merge
Accept the warnings and reboot

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey, I'm having a bit of trouble downloading the the .reg file you provided in the link. When i save it it saves as a .txt file. I've tried changing the extension to .reg also selecting "all fies". I also went to folder options and unchecked "hide extension for known file types" and still not able to get it. The merge option isn't available because it's a .txt file.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will use OTL to set the service

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Files
    sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • 0

#7
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey Essexboy. Just ran OTL and rebooted. Should I still do the malware bytes anti malware step as well?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please and let me know of any problems remaining
  • 0

#9
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Just ran malwarebytes. It detected and removed a pup downloader and I rebooted. My laptop froze and was unresponsive so i rebooted again. It seems to be working fine after the second reboot. Here's the log for the malwarebytes.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Aaron :: AARON-HP [administrator]

Protection: Enabled

8/4/2012 10:53:43 AM
mbam-log-2012-08-04 (10-53-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194577
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8B0DBDE-8119-48B0-8088-D12DA01C36BA} (PUP.DownloadnSave) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good any further problems ?
  • 0

Advertisements


#11
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Nope. Seems like things are back to normal. Thank you so much for your help. You're a lifesaver. Any recommendations in regards to what i should use? should i continue to run Micro trend and malware byte together? And Should i even continue to use Micro Trend?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I must admit that I am surprised trend did not detect zero access

Malwarebytes and trend run OK together so no problem there

You probably still have some licence on Trend so it may be worth revisiting once it runs out



Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
okay I will come back if there are any problems. good so far. Thank you! Thanks for the recommendations and for all of your help. I really am grateful for your time.
  • 0

#14
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey Essexboy. updating you on how everything is performing. No pop ups or redirects whatsoever. The only thing I have noticed is that files and such take longer to launch. Firefox takes a while. and when my Laptop boots up after the user name screen. There's a bit of delay for things to load. I'm thinking it has to do with the infection being removed thus causing slowdown. Is that normal? and if this is the case is there anyway to speed things back up?
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As we cleared a lot of temporary files/folders from the system hte first thing to do would be to defragment the drive

If that only makes a minor difference then we could look at reducing the items running at start up, so only the things you want running are
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP