Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

White screen of death on Gateway laptop [Closed]


  • This topic is locked This topic is locked

#1
spach79

spach79

    New Member

  • Member
  • Pip
  • 5 posts
Hello guys,

I have tried everything but I cannot get rid of the white screen that appears on my laptop (Gateway MS2273) right after the windows boot.

I cannot see anything nor can I do anything after it boots. I just see this white screen and nothing else, BUT when I click ctrl, alt, del I am able to log off and when I choose to log off I then see my desktop for a short time before the system restarts. I think that this is not a hardware failure since I do get to see the desktop for a short time before the system shuts down.

Whenever I try to boot the machine again, the white screen keeps coming up and i cannot do anything. I found a post here dealing with the similar issue by CompCavbut the issue was not resolved as the user got frustrated with the error and formated disk and re-installed windows. Here is the link to the post: http://www.geekstogo...t-run-anything/


I had followed the directions from CompCav and have the Frst.txt file on hand and i will paste it here just in case. Please help as I really don't know what to do and I would like to fix this without re-installing windows if possible. If not, i guess I will need to backup some files but I don't know how since I cannot get anywhere.
Thank you very much in advance and here is the log:

----------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2013 02
Ran by user at 29-01-2013 23:00:22
Running from E:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.
The operation completed successfully.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-04-26 17:32] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2011-05-25 17:36] - [2010-11-20 07:08] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

Edited by spach79, 29 January 2013 - 10:37 PM.

  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will post some instructions for you shortly.
  • 0

#3
spach79

spach79

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
THank you for replying and looking into this problem. I look forward to your instructions.

Thanks again
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi spach79,

Please don't follow instructions from other threads, as the fixes are often specific to each individual computer. We need to run the 64-bit version of FRST from the recovery environment. Please follow the instructions below.

Make sure you delete your current version of FRST and download the new one below. I am assuming you are running Windows 7. If this is not correct, please let me know.

Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.

Posted Image[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#5
spach79

spach79

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi BuddierdI,

Please see the pasted log file below:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-02-2013 03
Ran by SYSTEM at 31-01-2013 20:55:14
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2009-11-20] ()
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-09-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [600688 2009-12-03] (Chicony)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [RogersServicepointAgent.exe] "C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN [4318520 2011-01-04] (Rogers)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot [202256 2011-05-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~2\TELEVI~1\bar\1.bin\64srchmn.exe" /m=2 /w /h [42536 2012-08-02] (MindSpark)
HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~2\TELEVI~1\bar\1.bin\64brmon.exe [30096 2012-08-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\user\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\user\...\Run: [ALLUpdate] "C:\Program Files (x86)\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep" [x]
HKU\user\...\Run: [conhost] C:\Users\user\AppData\Roaming\Microsoft\conhost.exe [x]
HKU\user\...\Run: [PhotoJoy] C:\Program Files (x86)\PhotoJoy\bin\PhotoJoy.exe /c [x]
HKU\user\...\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKU\user\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\user\...\Winlogon: [Shell] explorer.exe,C:\Users\user\AppData\Roaming\skype.dat [87552 2011-11-16] ()
Tcpip\Parameters: [DhcpNameServer] 64.71.255.198

==================== Services (Whitelisted) ===================

3 PDAgent; "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" [1487624 2009-06-08] (Raxco Software, Inc.)
3 PDEngine; "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" [1481992 2009-06-08] (Raxco Software, Inc.)
2 Radialpoint Security Services; "C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe" [166944 2010-06-07] (Rogers)
2 RadialpointIDSAgent; "C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe" RadialpointIDSAgent [5832712 2009-11-02] (AVG Technologies CZ, s.r.o.)
2 RP_FWS; C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\Fws.exe [382208 2010-06-07] (Rogers)
3 scan; C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll [395264 2010-09-12] (S.C. BitDefender S.R.L)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
2 ServicepointService; "C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe" [689464 2011-01-04] (Radialpoint Inc.)
2 TelevisionFanaticService; C:\PROGRA~2\TELEVI~1\bar\1.bin\64barsvc.exe [42504 2012-08-02] (COMPANYVERS_NAME)
2 VaultClientSRV; C:\Program Files (x86)\Rogers Backup Manager\VaultClientSRV.exe [1053936 2010-06-07] (Radialpoint SafeCare Inc.)
2 VaultClientUpgrade; C:\Program Files (x86)\Rogers Backup Manager\VaultClientUpgrade.exe [120048 2010-06-07] (Radialpoint SafeCare Inc.)

==================== Drivers (Whitelisted) =====================

0 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [340488 2009-10-23] (BitDefender S.R.L. Bucharest, ROMANIA)
3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [29184 2011-12-19] (http://libusb-win32.sourceforge.net)
3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
3 nmwcdcx64; C:\Windows\System32\Drivers\nmwcdcx64.sys [12288 2007-06-28] (Nokia)
3 nmwcdx64; C:\Windows\System32\Drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia)
3 RadialpointIDSDriver; \??\C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [132616 2009-11-02] (AVG Technologies )
0 RadialpointIDSEH; C:\Windows\SysWow64\drivers\AVGIDSEH.sys [27144 2009-11-02] (AVG Technologies )
3 RadialpointIDSFilter; \??\C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [35848 2009-11-02] (AVG Technologies )
3 RPPKT; C:\Windows\System32\DRIVERS\rp_pkt64.sys [59136 2010-08-22] (Radialpoint, Inc.)
2 RPSKT; C:\Windows\System32\DRIVERS\rp_skt64.sys [71456 2010-08-22] (Radialpoint Inc.)
3 SMARTMouseFilterx64; C:\Windows\System32\Drivers\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC)
3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\Drivers\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC)
3 SMARTVTabletPCx64; C:\Windows\System32\Drivers\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 StarOpen; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-28 19:36 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-01-28 19:36 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-01-28 19:36 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-01-28 19:36 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-01-28 19:36 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-01-28 19:36 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-01-28 19:35 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-01-28 19:35 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-01-28 19:35 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-01-28 19:35 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-01-28 19:35 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-01-28 19:35 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-01-28 19:35 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-01-28 19:35 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-01-28 19:35 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-01-28 19:35 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-01-28 19:35 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-01-28 19:35 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-01-28 19:35 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-01-28 19:35 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-01-28 19:31 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-01-28 19:30 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-27 21:14 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-27 21:14 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-27 21:14 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-27 21:14 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-27 21:14 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-27 21:14 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-27 21:14 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-27 21:14 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-27 21:14 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-27 21:14 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-27 21:14 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-27 21:14 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-27 21:14 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-27 21:14 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-27 21:14 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-27 21:14 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-27 21:14 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-27 21:14 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-27 21:14 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-27 21:12 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-27 21:12 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-27 21:11 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-27 21:11 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-27 21:11 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-27 21:11 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-27 21:08 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-27 21:08 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-27 21:08 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-27 21:08 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-27 21:07 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-27 21:07 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-27 21:07 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-27 21:07 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-27 21:07 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-27 21:07 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-27 21:06 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-27 21:06 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-27 21:06 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-27 21:06 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-27 21:06 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-27 21:06 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-27 21:06 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-27 21:06 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-27 21:06 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-27 21:06 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-27 21:06 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-27 21:04 - 2013-01-27 21:04 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-01-27 21:01 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-27 20:57 - 2012-12-16 14:31 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-27 20:35 - 2013-01-31 17:41 - 00000896 ____A C:\Windows\setupact.log
2013-01-27 19:55 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20130127-225525.backup
2013-01-27 14:10 - 2013-01-27 14:10 - 00000000 ____D C:\Users\user\AppData\Local\Windows Live
2013-01-27 13:47 - 2013-01-27 13:47 - 00000000 ____D C:\Windows\System32\SPReview
2013-01-27 13:45 - 2013-01-27 13:45 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-27 13:39 - 2013-01-27 19:52 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2013-01-27 13:39 - 2013-01-27 13:39 - 00002180 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-01-27 13:39 - 2013-01-27 13:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-27 13:39 - 2009-01-25 09:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-01-09 22:03 - 2013-01-31 17:48 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini


==================== One Month Modified Files and Folders =======

2013-01-31 17:49 - 2012-08-17 10:44 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-425257738-1352695130-304375271-1001UA.job
2013-01-31 17:48 - 2013-01-09 22:03 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini
2013-01-31 17:48 - 2012-08-30 20:08 - 00000298 ___AH C:\Windows\Tasks\Dynamo Toolbar Helper.job
2013-01-31 17:48 - 2012-08-30 20:08 - 00000294 ___AH C:\Windows\Tasks\Dynamo Toolbar Updater.job
2013-01-31 17:48 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-31 17:48 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-31 17:45 - 2011-05-12 17:00 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-31 17:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-31 17:41 - 2013-01-27 20:35 - 00000896 ____A C:\Windows\setupact.log
2013-01-31 17:36 - 2010-03-05 03:48 - 01311797 ____A C:\Windows\WindowsUpdate.log
2013-01-31 17:29 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-31 17:27 - 2011-05-12 17:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-31 17:26 - 2012-08-17 10:44 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-425257738-1352695130-304375271-1001Core.job
2013-01-29 23:12 - 2010-06-25 04:44 - 00000000 __SHD C:\Recovery
2013-01-29 20:20 - 2010-07-05 12:13 - 00000000 ____D C:\Users\user\Tracing
2013-01-29 20:00 - 2013-01-29 19:57 - 00000000 ____D C:\FRST
2013-01-28 19:16 - 2009-07-13 20:45 - 00441360 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-27 21:19 - 2009-10-28 20:27 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-27 21:04 - 2013-01-27 21:04 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-01-27 20:17 - 2009-10-28 11:30 - 00206156 ____A C:\Windows\PFRO.log
2013-01-27 20:04 - 2009-10-28 11:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-01-27 20:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-01-27 20:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-01-27 20:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-01-27 20:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-01-27 20:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-01-27 20:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-01-27 20:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-01-27 20:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-01-27 20:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-01-27 20:04 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-01-27 20:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-01-27 20:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-01-27 20:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-01-27 20:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-01-27 20:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-01-27 20:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-01-27 20:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-01-27 20:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
2013-01-27 20:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2013-01-27 20:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-01-27 20:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-01-27 20:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-01-27 20:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-01-27 20:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-01-27 19:52 - 2013-01-27 13:39 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2013-01-27 19:22 - 2011-03-19 06:52 - 00000941 ____A C:\Windows\wininit.ini
2013-01-27 15:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-27 14:10 - 2013-01-27 14:10 - 00000000 ____D C:\Users\user\AppData\Local\Windows Live
2013-01-27 14:09 - 2009-10-28 20:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-01-27 14:06 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2013-01-27 14:06 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-01-27 13:47 - 2013-01-27 13:47 - 00000000 ____D C:\Windows\System32\SPReview
2013-01-27 13:45 - 2013-01-27 13:45 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-27 13:39 - 2013-01-27 13:39 - 00002180 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-01-27 13:39 - 2013-01-27 13:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-09 19:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-09 18:57 - 2009-07-13 21:08 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-09 18:55 - 2009-10-28 11:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-01-09 18:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-09 18:51 - 2010-06-26 18:26 - 00000000 ____D C:\Users\All Users\Real
2013-01-09 18:51 - 2009-10-28 11:20 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-09 16:44 - 2010-06-26 13:21 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype


ZeroAccess:
C:\Users\user\AppData\Local\{c60d1430-734f-fd1d-2598-d70c97516b7c}
C:\Users\user\AppData\Local\{c60d1430-734f-fd1d-2598-d70c97516b7c}\@
C:\Users\user\AppData\Local\{c60d1430-734f-fd1d-2598-d70c97516b7c}\L
C:\Users\user\AppData\Local\{c60d1430-734f-fd1d-2598-d70c97516b7c}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-27 13:47:04
Restore point made on: 2013-01-27 20:55:54
Restore point made on: 2013-01-27 21:47:02
Restore point made on: 2013-01-28 18:58:41
Restore point made on: 2013-01-31 17:29:26

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4024.93 MB
Available physical RAM: 3309.79 MB
Total Pagefile: 4023.07 MB
Available Pagefile: 3305.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (Gateway) (Fixed) (Total:453.94 GB) (Free:236.94 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:2.49 GB) NTFS
4 Drive g: (LaCie) (Removable) (Total:7.51 GB) (Free:6.26 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7701 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 368A368A

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 11 GB 1024 KB
Partition 2 Primary 100 MB 11 GB
Partition 3 Primary 453 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 11 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 453 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7701 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2013-01-27 14:48

==================== End Of Log =============================
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi spach79,

Note: You have a backdoor infection.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. There is no way for us to know exactly what the malware has done to your machine to give itself access, nor how it may have damaged critical files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. Many experts in the security community believe that once infected with this type of trojan, the best and safest course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That being said, I can still help you clean out the malware as best as I can without going that route (though there is no guarantee that it will work right or be totally safe after disinfection), so if you decide that you don't want to do a format and reinstall of Windows, then please follow the instructions below:

Please copy the attached fixlist.txt to your flash drive.

Now please enter System Recovery Options as before.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

If your computer will now boot, run this step:

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Attached Files


  • 0

#7
spach79

spach79

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks very much for the solution! I went ahead with the steps you provided and the desktop is now loading without problems.

I understand that there is a hight probability of backdoor hacking and I will most likely re-install OS and Clean Hard Drive but at least now I am able to save existing
material through windows, rather than dos.

I ran the FRST fix as well as RogueKiller after the computer loaded. Please see the attached files as per your request and let me know if I missed anything.

I have attached 4 files rather than post them here but if you prefer me pasting them within this post please let me know.

I look forward to your further instructions.

Attached Files


  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi spach79,

I'm glad we got it booting :). If you could please copy/paste the logs from now on, I would appreciate it. It makes it easier for me to review them. Let's get an OTL log to see how the system is doing.

Step 1:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Also, make sure the box is selected next to "Use SafeList" in the "Extra Registry" section.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    [list]
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 2: Run RogueKiller again.

Please start RogueKiller again and this time just click on the "ProxyFix" button. Please post the log that it produces.
  • 0

#9
spach79

spach79

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Buddierdl,

Please see the logs below. I did not know where to get the log from running proxy fix on Rogue Killer, I just got one line that i was not able to copy. Is there a log copied on my drive perhaps?

OTL logfile created on: 2/3/2013 9:05:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 42.26% Memory free
7.86 Gb Paging File | 5.67 Gb Available in Paging File | 72.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 236.06 Gb Free Space | 52.00% Space Free | Partition Type: NTFS

Computer Name: NOTEBOOK | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/03 21:02:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/08/28 18:48:12 | 000,528,944 | ---- | M] (Search Core System) -- C:\Program Files (x86)\Search Core Systems\Dynamo Toolbar\dtupdt.exe
PRC - [2011/11/29 11:29:06 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/13 21:26:47 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
PRC - [2011/01/04 16:51:14 | 004,318,520 | ---- | M] (Rogers) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
PRC - [2011/01/04 16:51:14 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/06/07 12:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Rogers Backup Manager\VaultClientUpgrade.exe
PRC - [2010/06/07 12:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Rogers Backup Manager\VaultClientSRV.exe
PRC - [2010/06/07 08:10:06 | 000,378,088 | ---- | M] (Rogers) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\RPS.exe
PRC - [2010/06/07 08:10:06 | 000,166,944 | ---- | M] (Rogers) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2010/06/07 08:09:06 | 000,382,208 | ---- | M] (Rogers) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/12/03 17:32:54 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009/11/20 18:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/02 09:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2009/11/02 09:26:48 | 000,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe
PRC - [2009/11/01 18:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/24 17:42:34 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/03 23:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/04 16:42:24 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\Windows7Features.dll
MOD - [2010/06/07 12:40:44 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Rogers Backup Manager\libexpat.dll
MOD - [2010/06/07 08:10:38 | 001,530,688 | ---- | M] () -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\toolsosxR.dll
MOD - [2009/11/20 18:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/11/02 09:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/11/02 09:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll
MOD - [2009/06/03 23:59:14 | 000,013,096 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 23:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/02/02 19:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/06/08 05:32:58 | 001,481,992 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2009/06/08 05:32:56 | 001,487,624 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/12 14:02:26 | 000,395,264 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Running] -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll -- (scan)
SRV - [2010/06/07 12:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files (x86)\Rogers Backup Manager\VaultClientUpgrade.exe -- (VaultClientUpgrade)
SRV - [2010/06/07 12:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files (x86)\Rogers Backup Manager\VaultClientSRV.exe -- (VaultClientSRV)
SRV - [2010/06/07 08:10:06 | 000,166,944 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/06/07 08:09:06 | 000,382,208 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 09:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 21:46:50 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/07/13 20:17:12 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2011/07/13 20:17:00 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2011/07/13 20:16:58 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/22 17:13:13 | 000,071,456 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rp_skt64.sys -- (RPSKT)
DRV:64bit: - [2010/08/22 17:13:08 | 000,059,136 | ---- | M] (Radialpoint, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rp_pkt64.sys -- (RPPKT)
DRV:64bit: - [2010/01/13 09:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/10/23 07:26:10 | 000,340,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2009/09/17 23:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 09:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/08 03:00:58 | 000,100,880 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/06/28 04:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV:64bit: - [2007/06/28 04:46:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcx64.sys -- (nmwcdcx64)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/12/19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/11/02 09:27:00 | 000,132,616 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 09:27:00 | 000,035,848 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...c0z155a44m1u31s
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...CtB&cr=20060476
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmood...CtB&cr=20060476
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - No CLSID value found
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}: "URL" = http://www.searchbro...q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{69DECFAB-ABA5-E88F-5E51-0C4FD872817C}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmood...CtB&cr=20060476
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3074349


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://home.mywebsea...
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...c0z155a44m1u31s
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - No CLSID value found
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\URLSearchHook: {f2c43291-151e-499c-98a7-923c120b88fa} - No CLSID value found
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes,DefaultScope = {0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}: "URL" = http://www.searchbro...q={searchTerms}
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{3E55BF5D-E208-4C46-AA1F-04A9EB89039B}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...ion=2.5.18000.3
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{64D342E0-7E6E-4730-AC1A-928F63A4418E}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.funmood...CtB&cr=20060476
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{69DECFAB-ABA5-E88F-5E51-0C4FD872817C}: "URL" = http://www.google.co...&rlz=1I7ACGW_en
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{9CC91A1B-E949-4802-B5D3-A121576289CA}: "URL" = http://websearch.ask...88-C9873DC62E5B
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3074349
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-425257738-1352695130-304375271-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49515


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll (Rogers)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@ei.VideoDownloadConverter_4z.com/Plugin: C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll (VideoDownloadConverter)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll (Rogers)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/01/09 21:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/25 15:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]levisionFanatic.com: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2013/02/02 05:09:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{425F6CC1-69CA-4604-BDC6-7EE7A066A843}: C:\Program Files (x86)\Search Core Systems\Dynamo Toolbar\ [2013/01/09 21:55:34 | 000,000,000 | ---D | M]

[2011/03/19 09:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2011/03/19 09:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\4FB1F9AD-0488-42C9-9F50-E37B8BD3
[2011/03/19 09:27:17 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = http://start.funmood...CtB&cr=20060476
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.funmood...CtB&cr=20060476
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Rogers Servicepoint Agent (Enabled) = C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - homepage: http://www.searchbrowsing.com
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/27 22:55:25 | 000,445,034 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15284 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (&Dynamo BHO) - {ACC01A56-70E3-472E-9C4F-83B1DA817DD8} - C:\Program Files (x86)\Search Core Systems\Dynamo Toolbar\browserhelper.dll (Search Core Systems)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {38542454-dfb6-44f5-b052-d4e071a3d073} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Dynamo Toolbar) - {3A6BE320-DC9B-4D24-A6E8-621B81544F4B} - C:\Program Files (x86)\Search Core Systems\Dynamo Toolbar\dynamotb.dll (Search Core Systems)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.
O3 - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-425257738-1352695130-304375271-1001\..\Toolbar\WebBrowser: (no name) - {F2C43291-151E-499C-98A7-923C120B88FA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-425257738-1352695130-304375271-1001..\Run: [ALLUpdate] "C:\Program Files (x86)\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep" File not found
O4 - HKU\S-1-5-21-425257738-1352695130-304375271-1001..\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-425257738-1352695130-304375271-1001..\Run: [PhotoJoy] C:\Program Files (x86)\PhotoJoy\bin\PhotoJoy.exe /c File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://virtualkitch...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimed...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0C65A8F-F54A-47D4-A598-94B17D32C9E7}: DhcpNameServer = 64.71.255.198
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1f61045c-a648-11df-884e-00262d9173aa}\Shell - "" = AutoRun
O33 - MountPoints2\{1f61045c-a648-11df-884e-00262d9173aa}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{599930fb-619f-11e1-8633-00262d9173aa}\Shell - "" = AutoRun
O33 - MountPoints2\{599930fb-619f-11e1-8633-00262d9173aa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 21:02:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/02 02:27:40 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013/02/02 02:20:07 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2013/01/29 22:57:21 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/28 22:36:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/01/28 22:36:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/01/28 22:36:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/01/28 22:36:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013/01/28 22:35:32 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/01/28 22:35:32 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/01/28 22:35:31 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/01/28 22:35:31 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/01/28 22:35:31 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/01/28 22:35:31 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/01/28 22:35:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/01/28 22:35:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/01/28 22:31:08 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013/01/28 22:30:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/28 00:14:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/28 00:14:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/28 00:14:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/28 00:14:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/28 00:14:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/28 00:14:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/28 00:14:38 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/28 00:14:38 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/28 00:14:38 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/28 00:14:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/28 00:14:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/28 00:14:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/28 00:14:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/28 00:14:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/28 00:14:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/28 00:14:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/28 00:14:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/28 00:14:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/28 00:14:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/28 00:14:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/28 00:14:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/28 00:14:32 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/28 00:14:32 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/28 00:14:31 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/28 00:14:29 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/28 00:14:28 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/28 00:14:28 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/28 00:14:28 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/28 00:14:28 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/28 00:14:28 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/28 00:14:27 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/28 00:14:27 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/28 00:12:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/28 00:08:33 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/28 00:08:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/28 00:08:15 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/28 00:07:11 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/28 00:07:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/28 00:06:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/28 00:06:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/28 00:06:57 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/28 00:06:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/28 00:06:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/28 00:06:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/28 00:06:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/28 00:06:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/28 00:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/28 00:06:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/28 00:06:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/28 00:06:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/28 00:06:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/28 00:06:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/28 00:06:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/28 00:06:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/28 00:06:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/28 00:06:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/28 00:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/28 00:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/28 00:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/28 00:06:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/28 00:06:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/28 00:06:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/28 00:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/28 00:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/28 00:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/28 00:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/28 00:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/28 00:06:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/28 00:06:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/28 00:06:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/28 00:06:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/28 00:06:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/28 00:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/28 00:06:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/28 00:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/28 00:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/28 00:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/28 00:06:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/28 00:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/28 00:06:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/28 00:06:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/28 00:06:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/28 00:06:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/28 00:06:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/28 00:06:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/28 00:06:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/28 00:06:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/28 00:06:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/28 00:06:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/28 00:06:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/28 00:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/28 00:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/28 00:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/28 00:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/28 00:06:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/28 00:06:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/28 00:06:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/28 00:06:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/28 00:06:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/28 00:06:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/28 00:06:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/28 00:06:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/28 00:06:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/28 00:06:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/28 00:06:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/28 00:04:56 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/01/27 17:10:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live
[2013/01/27 16:47:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/01/27 16:45:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/01/27 16:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/27 16:38:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs

========== Files - Modified Within 30 Days ==========

[2013/02/03 21:06:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/03 21:02:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/03 21:01:47 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\Dynamo Toolbar Helper.job
[2013/02/03 20:58:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/03 20:57:40 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-425257738-1352695130-304375271-1001UA.job
[2013/02/03 20:57:40 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-425257738-1352695130-304375271-1001Core.job
[2013/02/03 20:57:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/02 02:37:04 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 02:37:04 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 02:26:40 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\Dynamo Toolbar Updater.job
[2013/02/02 02:25:51 | 3165,327,360 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/02 02:24:28 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/02 02:24:28 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/02 02:24:27 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/28 22:16:53 | 000,441,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/27 22:55:25 | 000,445,034 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/27 22:22:23 | 000,000,941 | ---- | M] () -- C:\Windows\wininit.ini
[2013/01/27 17:06:36 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2013/01/27 17:06:35 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll

========== Files Created - No Company Name ==========

[2012/10/11 16:41:50 | 000,000,159 | ---- | C] () -- C:\Users\user\webutil.ercjpi.properties
[2012/08/28 17:26:25 | 000,384,844 | ---- | C] () -- C:\Users\user\AppData\Local\funmoods-speeddial.crx
[2012/08/28 17:26:24 | 000,031,465 | ---- | C] () -- C:\Users\user\AppData\Local\funmoods.crx
[2012/05/01 16:00:47 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 16:17:02 | 000,002,316 | ---- | C] () -- C:\Users\user\AppData\Roaming\1ABA.D08
[2011/05/28 11:54:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/05 19:46:09 | 000,000,148 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/05 19:41:22 | 000,360,448 | R--- | C] () -- C:\Windows\XNMBA458.DLL
[2011/05/05 19:41:22 | 000,092,672 | R--- | C] () -- C:\Windows\XNMHB458.DLL
[2011/05/05 19:41:22 | 000,064,512 | R--- | C] () -- C:\Windows\XNMTE458.DLL
[2011/05/05 19:41:22 | 000,025,600 | R--- | C] () -- C:\Windows\XNMHN458.DLL
[2011/03/19 09:52:52 | 000,000,941 | ---- | C] () -- C:\Windows\wininit.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >





OTL Extras logfile created on: 2/3/2013 9:05:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 42.26% Memory free
7.86 Gb Paging File | 5.67 Gb Available in Paging File | 72.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 236.06 Gb Free Space | 52.00% Space Free | Partition Type: NTFS

Computer Name: NOTEBOOK | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-425257738-1352695130-304375271-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D314F5E-1EE5-4203-AC4E-85D52FF6940B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28DC8FD0-94DD-45BB-BE57-2776C45DCA75}" = rport=139 | protocol=6 | dir=out | app=system |
"{37AEAC72-6976-4F1C-97F1-4C21EA40FFA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4399C7AF-86AC-4D46-BBB2-01C9189A3D41}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55348EC5-1693-4F09-98CD-8C2772F0058F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{55C2175B-22A6-4603-8F87-D65B9C4C42F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58F6B899-A66D-42E3-8B30-2D303A744118}" = rport=10243 | protocol=6 | dir=out | app=system |
"{630680EF-96A6-41FF-B69B-41FEEB82F7EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{64C649BE-B5AE-41E6-A23A-9F57718767F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E5F3637-F4DE-45F1-A9D1-F8E3340CBD92}" = lport=137 | protocol=17 | dir=in | app=system |
"{73D243DF-D111-4452-8B9C-87F8BD2BF772}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{74E064EA-9740-4AC5-B5DA-5C6C57BF0F62}" = rport=137 | protocol=17 | dir=out | app=system |
"{7A3F99AE-E313-48B5-9A6C-086125B67653}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{84B73415-F73F-42F5-B872-3D00EF6DB888}" = lport=445 | protocol=6 | dir=in | app=system |
"{85E53DFC-1CD1-4DC8-B4B1-D6F53D13D563}" = rport=138 | protocol=17 | dir=out | app=system |
"{886CF38F-D84B-4C39-9406-F36CA888D7FE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9DFD7B34-E4DA-4AF9-9CD1-81C7AD5855CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD6C06CB-5CD4-4C54-B0E5-A866B4513E6E}" = lport=138 | protocol=17 | dir=in | app=system |
"{C306C556-2F85-46E4-AE68-949FF8ABE383}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFCD716B-3233-490C-B550-C9CA2446564A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D35E5C0F-1D67-45F0-96E7-565C655E1C8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6AEC1B9-0F16-4BC0-B89E-54BCCCE7FCF6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{EBD16DB8-7066-46B6-8A4C-C577157CADC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0B5C8FF-CAEF-4759-A6E6-50BC6A05B4ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035D9DE0-1469-4822-9C10-92CF078D14E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{04FABBFC-CDB9-41F9-8292-89CF480E7D2D}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{0647350D-A04B-4AB0-8BF6-3D0724A0796A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0ABEC67D-82B6-435F-8853-D280A239DF79}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{11A2C4D1-585C-4428-899B-4E46E058372E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3705F635-EE18-4ADF-905F-13836C5F59BA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{370633EC-679D-44F3-A6FA-E054D2881B2C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{3AEF9249-E1B8-4B80-874F-DE6C2D92A41E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3C66B466-A117-44F5-BD08-F5472B5DFDCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CB6491C-9F2E-44D1-A1AD-68B34C83F4D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B1FEC75-87AD-40A9-9618-53C120FF58ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50698053-42F2-4141-9F22-3CD5A918FF7C}" = protocol=58 | dir=in | [email protected],-28545 |
"{576F3C80-17A7-4FA1-817F-AA8BCBA2E92A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{726828A6-A3A0-4C3B-9291-89874C29E1C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72A02107-2FED-4640-A218-1D15AE0306E4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E8852B5-F638-464C-B7C9-86B1CCEE57EF}" = protocol=1 | dir=in | [email protected],-28543 |
"{7F4B3F62-728D-4E34-B246-02E2D225419A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{877D432D-BFBC-4190-A972-A142C902B53C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8791F1C7-97E9-403D-8256-6FDD6AAAEE79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98638A94-DA29-45A4-9CE1-30A43D86EABA}" = protocol=1 | dir=out | [email protected],-28544 |
"{9981CF06-D46D-4693-A23F-4455A2D983A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A5A0862-B551-48B6-8421-50001EAF1945}" = protocol=58 | dir=out | [email protected],-28546 |
"{AA77A311-416E-443E-96D5-9D56A39615EB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC42B623-4B7E-4AF2-AF5F-04543ABAB5CD}" = protocol=6 | dir=in | app=c:\program files (x86)\rogers online protection\rogers servicepoint agent\servicepointservice.exe |
"{ADAB45C6-524D-4D67-B602-43818753F8E9}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{B2C4FFEE-EB5D-4FE9-8378-BCCB6B8E9374}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0C83482-600A-4958-9D97-7CB71757498C}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{D9626634-2D91-4635-9D2D-746B98244617}" = protocol=17 | dir=in | app=c:\program files (x86)\rogers online protection\rogers servicepoint agent\servicepointservice.exe |
"{DD325549-69D7-4D7C-9924-AC6FABF9E491}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DE74A7B3-C8F4-414D-A7EF-92712787A14D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6AE8713-914B-41CD-BC7C-C095CCF5E032}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7EDC5B6-655C-4052-9629-772F1E892B5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EAFF3337-CF7B-4F4C-8A87-01C030102F11}" = protocol=6 | dir=out | app=system |
"TCP Query User{45466EF3-0BEB-4689-A5CC-00819229B962}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{BE4DDB37-49EC-4B52-8846-6D9B72677682}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CF112A2F-79D4-4AF3-840F-7865E293826C}" = RPS RpsCore64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33A783E8-DC11-427F-A56C-8ED43EEC0695}" = RPS CRT
"{35AE9CC9-10A3-4A24-87DF-A6A99BDC1969}" = Rogers Online Protection
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548B7B4A-B4F6-4074-A2D2-40154DC906B5}" = RPS PerfectDiskStub
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E21DF1-1031-4297-B2C4-741AA435B583}" = Dynamo Toolbar
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DF4E551-4EC7-11E1-9BA3-B8AC6F97B88E}" = Google Earth Pro
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779C01A3-8466-499D-88FC-EB820EB3AC51}" = RPS RpsCore
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FB19E4A-93B3-4000-A7FF-4F76C931F12A}_is1" = FutureTax 2010 for NETFILE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5AF806E-AFB9-4B70-A4D4-D677D2D2BFFF}" = Bonzuna
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Accumulator Simulation Program" = Accumulator Simulation Program
"Adobe AIR" = Adobe AIR
"conduitEngine" = Conduit Engine
"Connect" = Connect
"DivX Setup" = DivX Setup
"Elf_1.12 Toolbar" = Elf 1.12 Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"Kobo" = Kobo
"LManager" = Launch Manager
"RadialpointClientGateway_is1" = Rogers Servicepoint Agent 3.7.44
"RealPlayer 12.0" = RealPlayer
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 2.0.3
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-425257738-1352695130-304375271-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2013 6:58:39 PM | Computer Name = Notebook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/27/2013 9:49:07 PM | Computer Name = Notebook | Source = Google Update | ID = 20
Description =

Error - 1/27/2013 10:24:16 PM | Computer Name = Notebook | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0x80072EE2

Error - 1/27/2013 10:24:16 PM | Computer Name = Notebook | Source = Software Protection Platform Service | ID = 8208
Description = Acquisition of genuine ticket failed (hr=0x80072EE2) for template
Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error - 1/28/2013 12:28:22 AM | Computer Name = Notebook | Source = ESENT | ID = 215
Description = WinMail (3288) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 1/28/2013 12:28:46 AM | Computer Name = Notebook | Source = ESENT | ID = 215
Description = WinMail (2720) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 1/28/2013 1:31:30 AM | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: msvcrt.dll, version: 7.0.7601.17744,
time stamp: 0x4eeb033f Exception code: 0xc0000005 Fault offset: 0x0000000000001049
Faulting
process id: 0x4bc Faulting application start time: 0x01cdfd18acc5743c Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\msvcrt.dll
Report
Id: f793d1ab-690b-11e2-b397-00262d9173aa

Error - 1/28/2013 11:18:01 PM | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000005124a
Faulting
process id: 0xc6c Faulting application start time: 0x01cdfdcf37d0c047 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 7c9323b8-69c2-11e2-b841-00262d9173aa

Error - 1/29/2013 11:39:24 PM | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 1/30/2013 12:01:14 AM | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

[ OSession Events ]
Error - 5/1/2012 5:05:39 PM | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 358 seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/29/2013 11:45:00 PM | Computer Name = Notebook | Source = Service Control Manager | ID = 7001
Description = The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 1/29/2013 11:45:00 PM | Computer Name = Notebook | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness service depends on the Network Store
Interface Service service which failed to start because of the following error:
%%1068

Error - 1/29/2013 11:45:09 PM | Computer Name = Notebook | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD bdfsfltr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr StarOpen tdx vwififlt Wanarpv6
WfpLwf

Error - 1/30/2013 12:21:10 AM | Computer Name = Notebook | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 1/31/2013 9:39:11 PM | Computer Name = Notebook | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 1/31/2013 9:44:30 PM | Computer Name = Notebook | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 2/2/2013 3:04:14 AM | Computer Name = Notebook | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 2/2/2013 3:16:21 AM | Computer Name = Notebook | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 2/2/2013 3:25:14 AM | Computer Name = Notebook | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 2/2/2013 3:27:25 AM | Computer Name = Notebook | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen


< End of report >
  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi spach79,

Please see the logs below. I did not know where to get the log from running proxy fix on Rogue Killer, I just got one line that i was not able to copy. Is there a log copied on my drive perhaps?


I just wanted to make sure it ran successfully. These logs will give me the info I need.

There still a little bit to get rid of.

Step 1:Create restore point.

To set up a restore point, follow these steps:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.

Step 2: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3: Run custom OTL scan.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    C:\Windows\SysWow64\%APPDATA%\*.* /S
  • Select the Scan All Users box in the middle on the top of the window
  • Click the Run Scan button. Post the log it produces in your next reply.

Please include the logs from both scans in your next reply and also tell me how the computer is working now.
  • 0

#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP