Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7: Reboots after 1 minute, browser redirects, sirefef variants


  • This topic is locked This topic is locked
30 replies to this topic

#1 Punkrulz

Punkrulz

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 06 July 2012 - 12:07 PM

Hello all,

Through various Google searches involving my problem, this appears to be the best forum to post on, so here I go. I am running Windows 7 x64 and will outline the following:

1) I noted that I began getting various browser redirects from sites when searching through Google (I have not checked if this was elsewhere). The browser would redirect me to websites such as newsfudge.com.
2) From this point I decided to attempt to run some scans. I had Microsoft Security Essentials installed however noted that it claims the service isn't running. When attempting to enable the service, it stated the service was not installed.
- This was rectified. I uninstalled and reinstalled the application successfully.
3) Upon attempting to run both Malwarebytes and MSE (Security Essentials from here on out), I would reboot into the computer and began to notice that I would get a dialogue box that would explain my computer is about to be logged off because of a critical error.
- Attempting to restore "Last known good configuration" did not resolve this.
- This does not occur while in Safe Mode, which is where I am posting this topic.
- I haven't been able to find a specific error within the System Logs so if there should be one stated please tell me what to look for.
- I believe this occurs when MSE detects several infections, which appear to be different variants of sirefef.
-- The last two variants of sirefef detected by MSE are: Trojan:Win32/Sirefef.AB and Trojan:Win64/Sirefef.P
4) I'm getting numerous Adobe Flash 11.3 installation attempts, which is where this problem all leads back from.

Please help me save my computer from a reformat. :)

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:26 AM

Posted 06 July 2012 - 08:49 PM

Hi,

Please do the following:


download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 06 July 2012 - 09:32 PM

Scan result of Farbar Recovery Scan Tool Version: 07-07-2012 02
Ran by SYSTEM at 06-07-2012 22:37:10
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x]
HKU\Administrator\...\Run: [Project TINT] D:\Program Files (x86)\Project TINT\Standard\TINT_GUI_Std_TS3.exe [x]
HKU\Mcx1-DAN-PC\...\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized [26192168 2010-05-13] (Skype Technologies S.A.)
HKU\Mcx1-DAN-PC\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Mcx1-DAN-PC\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-17] (InstallShield Software Corporation)
HKU\Mcx1-DAN-PC\...\Run: [Project TINT] D:\Program Files (x86)\Project TINT\Standard\TINT_GUI_Std_TS.exe [x]
HKU\Mcx1-DAN-PC\...\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-14] (Google Inc.)
HKU\Mcx1-DAN-PC\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3082320 2012-01-23] ()
HKU\Mcx1-DAN-PC\...\Run: [EADM] "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart [x]
HKU\Mcx1-DAN-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe
HKU\Mcx2-DAN-PC\...\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized [26192168 2010-05-13] (Skype Technologies S.A.)
HKU\Mcx2-DAN-PC\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Mcx2-DAN-PC\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-17] (InstallShield Software Corporation)
HKU\Mcx2-DAN-PC\...\Run: [Project TINT] D:\Program Files (x86)\Project TINT\Standard\TINT_GUI_Std_TS.exe [x]
HKU\Mcx2-DAN-PC\...\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-14] (Google Inc.)
HKU\Mcx2-DAN-PC\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3082320 2012-01-23] ()
HKU\Mcx2-DAN-PC\...\Run: [EADM] "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart [x]
HKU\Mcx2-DAN-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe
HKU\Test\...\Run: [RoboForm] "D:\Program Files (x86)\Roboform\RoboTaskBarIcon.exe" [x]
HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized [26192168 2010-05-13] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\UpdatusUser\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-17] (InstallShield Software Corporation)
HKU\UpdatusUser\...\Run: [Project TINT] D:\Program Files (x86)\Project TINT\Standard\TINT_GUI_Std_TS.exe [x]
HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-14] (Google Inc.)
HKU\UpdatusUser\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3082320 2012-01-23] ()
HKU\UpdatusUser\...\Run: [EADM] "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart [x]
HKLM\...\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

4 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1191656 2011-06-22] (Acronis)
4 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2009-03-12] (Adobe Systems)
4 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [288112 2009-08-01] (Adobe Systems Incorporated)
3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
4 DES2 Service; "C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe" [57344 2011-08-22] ()
4 GEST Service; "C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe" [68136 2008-09-24] ()
4 gupdate1c999ece1d8959a; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-02-28] (Google Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-02] ()
4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)
3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [x]
2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [x]
2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [x]
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [x]
4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [x]
4 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [x]
4 TeamViewer5; "C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service [x]
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]

========================== Drivers (Whitelisted) =============

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
3 atidgllk; \??\C:\Program Files (x86)\GIGABYTE\ET6\atidgllk.sys [12048 2006-07-19] (ATI Technologies Inc.)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.)
3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-04-22] (EnTech Taiwan)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-07-06] (Windows ® Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2011-11-16] ()
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33344 2009-05-22] (LogMeIn, Inc.)
3 L8042Kbd; C:\Windows\System32\Drivers\L8042Kbd.sys [30736 2009-06-17] (Logitech, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
2 npf; C:\Windows\System32\Drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
0 snapman; C:\Windows\System32\Drivers\snapman.sys [275552 2011-11-02] (Acronis)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2009-02-14] (Duplex Secure Ltd.)
3 SRS_HDAL_Service; C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [525040 2010-07-02] ()
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [971360 2011-11-02] (Acronis)
0 vididr; C:\Windows\System32\Drivers\vididr.sys [210016 2011-11-02] (Acronis)
0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2011-11-02] (Acronis)
3 RivaTuner64; \??\D:\Program Files (x86)\RivaTuner v2.22\RivaTuner64.sys [x]
3 RTCore64; \??\D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [x]
1 SASDIFSV; \??\D:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [x]
3 SASENUM; \??\D:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [x]
1 SASKUTIL; \??\D:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-06 15:16 - 2012-07-06 15:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D792477B8ECE462
2012-07-06 12:55 - 2012-07-06 12:59 - 00416509 ____A C:\MGlogs.zip
2012-07-06 12:55 - 2012-07-06 12:59 - 00000000 ____D C:\MGtools
2012-07-06 12:46 - 2012-07-06 12:46 - 00000786 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 12:46 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-06 12:41 - 2012-07-06 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.944170F368898F0D
2012-07-06 12:40 - 2012-07-06 18:29 - 00153496 ____A C:\Windows\setupact.log
2012-07-06 12:40 - 2012-07-06 12:40 - 00001230 ____A C:\Windows\PFRO.log
2012-07-06 12:40 - 2012-07-06 12:40 - 00000000 ____A C:\Windows\setuperr.log
2012-07-06 12:16 - 2012-07-06 12:16 - 00000000 ____D C:\Program Files\HitmanPro
2012-07-06 12:15 - 2012-07-06 12:17 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-06 12:12 - 2012-07-06 12:12 - 01669667 ____A C:\MGtools.exe
2012-07-06 12:03 - 2012-07-06 12:03 - 00000000 ____D C:\Program Files\CCleaner
2012-07-06 12:02 - 2012-07-06 12:02 - 00000020 ____A C:\Users\Administrator\defogger_reenable
2012-07-06 11:47 - 2012-07-06 11:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E0A41A2332E2E886
2012-07-06 11:42 - 2012-07-06 11:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-06 09:43 - 2012-07-06 09:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50C63063FE2332D7
2012-07-06 09:32 - 2012-07-06 09:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCC4EF8701F46175
2012-07-06 09:27 - 2012-07-06 09:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5B4FDB0285B9D8F
2012-07-06 08:49 - 2012-07-06 08:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-06 08:49 - 2012-07-06 08:49 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-06 08:26 - 2012-07-06 08:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF60D5A5A4EB0427
2012-07-06 08:04 - 2012-07-06 08:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F7DFED64333D77
2012-07-06 08:04 - 2012-07-06 08:04 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xwimxvnr.sys
2012-07-06 08:03 - 2012-07-06 08:03 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tsgfbejk.sys
2012-07-06 08:03 - 2012-07-06 08:03 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ejtwatba.sys
2012-07-06 08:01 - 2012-07-06 08:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3681C9B1DBB53ACD
2012-07-06 07:57 - 2012-07-06 07:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9D8E3398A579729
2012-07-06 06:45 - 2012-07-06 06:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.111BCDDCEACAF69D
2012-07-06 06:44 - 2012-07-06 06:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-06 06:44 - 2012-07-06 06:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-07-06 06:33 - 2012-07-06 06:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-06 06:33 - 2012-07-06 06:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-06 06:29 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-06 06:29 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-05 20:22 - 2012-07-05 20:22 - 00000000 ____D C:\Users\All Users\ATI
2012-07-05 20:22 - 2012-07-05 20:22 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-07-05 14:19 - 2012-07-05 14:19 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-21 10:20 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 10:20 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 10:20 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 10:20 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 10:20 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 10:20 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 10:20 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 10:20 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 10:20 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-15 23:43 - 2012-06-15 23:43 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-15 23:43 - 2012-06-15 23:43 - 00000000 ____D C:\Program Files\iTunes
2012-06-15 23:43 - 2012-06-15 23:43 - 00000000 ____D C:\Program Files\iPod
2012-06-15 23:43 - 2012-06-15 23:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-14 20:17 - 2012-06-14 20:17 - 00000000 ____D C:\Program Files\Microsoft IntelliType Pro
2012-06-13 12:58 - 2012-06-13 12:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2012-06-13 09:36 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 09:36 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 09:36 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 09:36 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 09:36 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 09:36 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 09:36 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 09:36 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 09:36 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 09:36 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 09:36 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 09:36 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 09:36 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 09:36 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 09:36 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 09:36 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 09:36 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 09:36 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 09:36 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 09:36 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 09:36 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 09:36 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 09:36 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 09:36 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 09:36 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 09:36 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 09:36 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 09:36 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 09:31 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 09:31 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 09:31 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 09:31 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 09:31 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 09:31 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 09:31 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 09:31 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 09:31 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 09:31 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 09:31 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 09:31 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 09:31 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 09:31 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 09:31 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 09:31 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 09:31 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 09:50 - 2012-06-11 09:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 09:49 - 2012-06-11 09:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2012-06-11 09:24 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2012-06-11 09:16 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:43 - 2012-06-11 08:43 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll


============ 3 Months Modified Files ========================

2012-07-06 18:32 - 2010-07-17 13:36 - 01315628 ____A C:\Windows\WindowsUpdate.log
2012-07-06 18:32 - 2010-07-17 13:02 - 00009760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-06 18:32 - 2010-07-17 13:02 - 00009760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-06 18:29 - 2012-07-06 12:40 - 00153496 ____A C:\Windows\setupact.log
2012-07-06 18:29 - 2011-11-05 08:55 - 00025640 ____A (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-07-06 18:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-06 18:29 - 2009-06-29 19:48 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-06 18:14 - 2009-07-13 21:13 - 00733948 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-06 18:02 - 2011-04-24 21:13 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58142934-3021005339-2130339368-500UA.job
2012-07-06 18:02 - 2009-06-29 19:48 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-06 15:16 - 2012-07-06 15:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D792477B8ECE462
2012-07-06 15:14 - 2009-02-03 09:36 - 00000394 ____A C:\service.log
2012-07-06 12:59 - 2012-07-06 12:55 - 00416509 ____A C:\MGlogs.zip
2012-07-06 12:46 - 2012-07-06 12:46 - 00000786 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-06 12:44 - 2009-02-03 12:31 - 00000483 ____A C:\Users\Administrator\AppData\Roaming\SamsungLiveUpdateConfig.ini
2012-07-06 12:41 - 2012-07-06 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.944170F368898F0D
2012-07-06 12:40 - 2012-07-06 12:40 - 00001230 ____A C:\Windows\PFRO.log
2012-07-06 12:40 - 2012-07-06 12:40 - 00000000 ____A C:\Windows\setuperr.log
2012-07-06 12:12 - 2012-07-06 12:12 - 01669667 ____A C:\MGtools.exe
2012-07-06 12:03 - 2011-03-14 23:31 - 00000782 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-06 12:02 - 2012-07-06 12:02 - 00000020 ____A C:\Users\Administrator\defogger_reenable
2012-07-06 11:47 - 2012-07-06 11:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E0A41A2332E2E886
2012-07-06 11:16 - 2009-02-28 13:38 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-06 09:43 - 2012-07-06 09:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50C63063FE2332D7
2012-07-06 09:32 - 2012-07-06 09:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCC4EF8701F46175
2012-07-06 09:29 - 2012-04-16 20:46 - 00002243 ____A C:\Windows\epplauncher.mif
2012-07-06 09:27 - 2012-07-06 09:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5B4FDB0285B9D8F
2012-07-06 08:49 - 2012-07-06 08:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-06 08:49 - 2012-07-06 08:49 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-06 08:26 - 2012-07-06 08:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF60D5A5A4EB0427
2012-07-06 08:04 - 2012-07-06 08:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F7DFED64333D77
2012-07-06 08:04 - 2012-07-06 08:04 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xwimxvnr.sys
2012-07-06 08:03 - 2012-07-06 08:03 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tsgfbejk.sys
2012-07-06 08:03 - 2012-07-06 08:03 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ejtwatba.sys
2012-07-06 08:01 - 2012-07-06 08:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3681C9B1DBB53ACD
2012-07-06 07:57 - 2012-07-06 07:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9D8E3398A579729
2012-07-06 06:45 - 2012-07-06 06:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.111BCDDCEACAF69D
2012-07-06 06:34 - 2012-04-16 20:46 - 00747606 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-05 20:17 - 2011-06-02 07:48 - 00000362 _RASH C:\Users\All Users\ntuser.pol
2012-07-05 20:06 - 2011-04-24 21:13 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58142934-3021005339-2130339368-500Core.job
2012-06-22 19:24 - 2009-07-13 20:45 - 03027552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-15 23:43 - 2012-06-15 23:43 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 20:56 - 2010-07-17 13:59 - 00113840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-14 19:30 - 2009-02-27 13:53 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-06-14 19:30 - 2009-02-26 12:41 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-06-13 14:10 - 2009-02-26 12:41 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-06-13 09:38 - 2010-08-15 01:59 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 09:50 - 2012-06-11 09:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 09:50 - 2012-06-11 09:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 09:49 - 2012-06-11 09:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2012-06-11 09:24 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:23 - 2011-10-12 12:13 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2012-06-11 09:16 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 09:01 - 2011-10-12 11:54 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:43 - 2012-06-11 08:43 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:26 - 2011-07-28 12:54 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:25 - 2011-07-28 12:53 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-02 14:19 - 2012-06-21 10:20 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 10:20 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 10:20 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 10:20 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 10:20 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 10:20 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 10:20 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 10:20 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 10:20 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 11:27 - 2012-05-30 11:27 - 00000701 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-30 11:26 - 2011-05-26 20:54 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-05-30 11:26 - 2011-05-26 20:54 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-05-30 11:26 - 2011-05-26 20:54 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-30 11:26 - 2011-05-26 20:54 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-30 11:26 - 2007-10-19 17:37 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-05-30 11:26 - 2003-02-20 20:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-05-17 18:47 - 2012-06-13 09:36 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 09:36 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 09:36 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 09:36 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 09:36 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 09:36 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 09:36 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 09:36 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 09:36 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 09:36 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 09:36 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 09:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 09:36 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 09:36 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 09:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 09:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 09:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 09:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 09:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 09:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 09:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 09:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 09:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 09:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 09:36 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 09:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 09:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 09:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 09:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 14:18 - 2012-05-14 14:18 - 00000868 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-04 03:06 - 2012-06-13 09:31 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-07-06 06:29 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 09:31 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 09:31 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-07-06 06:29 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-30 21:40 - 2012-06-13 09:31 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 09:31 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:54 - 2011-02-22 06:35 - 00006656 ____A C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-25 21:54 - 2009-02-05 09:56 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-04-25 21:41 - 2012-06-13 09:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 09:31 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 09:31 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 09:31 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 09:31 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 09:31 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 09:31 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 09:31 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 09:31 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-12 11:30 - 2012-04-12 11:30 - 00637743 ____A C:\Windows\System32\atiicdxx.dat
2012-04-11 12:33 - 2011-09-18 11:47 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys

ZeroAccess:
C:\Windows\Installer\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41}
C:\Windows\Installer\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8109.12 MB
Available physical RAM: 7244.6 MB
Total Pagefile: 8107.27 MB
Available Pagefile: 7248.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:119.24 GB) (Free:45.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:596.17 GB) (Free:128.43 GB) NTFS
3 Drive e: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive f: (KINGSTON) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 119 GB 0 B
Disk 1 Online 596 GB 1024 KB *
Disk 2 Online 3852 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 119 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 119 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 596 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 42
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3851 MB 4096 B

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3851 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-06 13:45

======================= End Of Log ==========================

Edited by Punkrulz, 06 July 2012 - 09:40 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:26 AM

Posted 06 July 2012 - 09:44 PM

just noticed your edited post above


(note: please post another post rather than edit as I don't get notification of edits, thanks)

I'll just be checking the log now

Edited by CatByte, 06 July 2012 - 09:46 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:26 AM

Posted 06 July 2012 - 09:51 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\Installer\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 06 July 2012 - 10:11 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 07-07-2012 02
Ran by SYSTEM at 2012-07-06 22:59:09 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\Installer\{5efa2d27-76c5-fff1-abd3-fdc5fc0c9d41} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====







ComboFix 12-07-06.02 - Administrator 07/06/2012 23:03:18.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8109.6312 [GMT -4:00]
Running from: d:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tmp6F28.tmp
c:\windows\SysWow64\tmp6F39.tmp
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 06:37 . 2012-07-07 06:37 -------- d-----w- C:\FRST
2012-07-07 03:06 . 2012-07-07 03:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-07 03:06 . 2012-07-07 03:06 -------- d-----w- c:\users\Test\AppData\Local\temp
2012-07-07 03:06 . 2012-07-07 03:06 -------- d-----w- c:\users\Mcx2-DAN-PC\AppData\Local\temp
2012-07-07 03:06 . 2012-07-07 03:06 -------- d-----w- c:\users\Mcx1-DAN-PC\AppData\Local\temp
2012-07-06 23:16 . 2012-07-06 23:16 328704 ----a-w- c:\windows\system32\services.exe.9D792477B8ECE462
2012-07-06 20:55 . 2012-07-06 20:59 -------- d-----w- C:\MGtools
2012-07-06 20:46 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-06 20:41 . 2012-07-06 20:41 328704 ----a-w- c:\windows\system32\services.exe.944170F368898F0D
2012-07-06 20:16 . 2012-07-06 20:16 -------- d-----w- c:\program files\HitmanPro
2012-07-06 20:15 . 2012-07-06 20:17 -------- d-----w- c:\programdata\HitmanPro
2012-07-06 20:03 . 2012-07-06 20:03 -------- d-----w- c:\program files\CCleaner
2012-07-06 19:47 . 2012-07-06 19:47 328704 ----a-w- c:\windows\system32\services.exe.E0A41A2332E2E886
2012-07-06 19:42 . 2012-07-06 19:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-06 17:43 . 2012-07-06 17:43 328704 ----a-w- c:\windows\system32\services.exe.50C63063FE2332D7
2012-07-06 17:32 . 2012-07-06 17:32 328704 ----a-w- c:\windows\system32\services.exe.DCC4EF8701F46175
2012-07-06 17:27 . 2012-07-06 17:27 328704 ----a-w- c:\windows\system32\services.exe.D5B4FDB0285B9D8F
2012-07-06 16:49 . 2012-07-07 02:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 16:49 . 2012-07-07 02:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 16:26 . 2012-07-06 16:26 328704 ----a-w- c:\windows\system32\services.exe.AF60D5A5A4EB0427
2012-07-06 16:04 . 2012-07-06 16:04 50392 ----a-w- c:\windows\system32\drivers\xwimxvnr.sys
2012-07-06 16:04 . 2012-07-06 16:04 328704 ----a-w- c:\windows\system32\services.exe.49F7DFED64333D77
2012-07-06 16:03 . 2012-07-06 16:03 50392 ----a-w- c:\windows\system32\drivers\ejtwatba.sys
2012-07-06 16:03 . 2012-07-06 16:03 50392 ----a-w- c:\windows\system32\drivers\tsgfbejk.sys
2012-07-06 16:01 . 2012-07-06 16:01 328704 ----a-w- c:\windows\system32\services.exe.3681C9B1DBB53ACD
2012-07-06 15:57 . 2012-07-06 15:57 328704 ----a-w- c:\windows\system32\services.exe.A9D8E3398A579729
2012-07-06 14:45 . 2012-07-06 14:45 328704 ----a-w- c:\windows\system32\services.exe.111BCDDCEACAF69D
2012-07-06 14:44 . 2012-07-06 14:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-07-06 14:44 . 2012-07-06 14:44 -------- d-----w- c:\programdata\Malwarebytes
2012-07-06 14:34 . 2012-07-06 14:34 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C144B86E-1B95-4422-9CC0-9C14E3552266}\gapaengine.dll
2012-07-06 14:34 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D5D617D-73DB-4588-9F4C-5C93BDB97D70}\mpengine.dll
2012-07-06 14:33 . 2012-07-06 14:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-06 14:33 . 2012-07-06 14:34 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-06 14:29 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-06 14:29 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-06 04:22 . 2012-07-06 04:22 -------- d-----w- c:\programdata\ATI
2012-07-06 04:22 . 2012-07-06 04:22 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-05 22:19 . 2012-07-05 22:19 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 18:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 18:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 18:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 18:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 18:20 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 18:20 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 18:20 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 18:20 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 18:20 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 07:43 . 2012-06-16 07:43 -------- d-----w- c:\program files\iTunes
2012-06-16 07:43 . 2012-06-16 07:43 -------- d-----w- c:\program files (x86)\iTunes
2012-06-16 07:43 . 2012-06-16 07:43 -------- d-----w- c:\program files\iPod
2012-06-15 04:17 . 2012-06-15 04:17 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-06-13 20:58 . 2012-06-13 20:58 -------- d-----w- c:\users\Administrator\AppData\Local\Macromedia
2012-06-13 17:31 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-07 03:07 . 2011-11-05 16:55 25640 ----a-w- c:\windows\gdrv.sys
2012-07-06 20:59 . 2012-07-06 20:55 416509 ----a-w- C:\MGlogs.zip
2012-06-15 03:30 . 2009-02-27 21:53 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-15 03:30 . 2009-02-26 20:41 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-13 22:10 . 2009-02-26 20:41 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-11 17:23 . 2011-10-12 20:13 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:01 . 2011-10-12 19:54 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:26 . 2011-07-28 20:54 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:25 . 2011-07-28 20:53 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-05-30 19:26 . 2007-10-20 01:37 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-30 19:26 . 2003-02-21 04:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-11 20:33 . 2011-09-18 19:47 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="d:\program files (x86)\Roboform\RoboTaskBarIcon.exe" [2009-12-24 160592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-13 21:27 548352 ----a-w- d:\program files (x86)\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"
.
R1 SASDIFSV;SASDIFSV;d:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2012-07-06 12872]
R1 SASKUTIL;SASKUTIL;d:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2012-07-06 67656]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 atidgllk;atidgllk;c:\program files (x86)\GIGABYTE\ET6\atidgllk.sys [2006-07-19 12048]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-17 30528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 RivaTuner64;RivaTuner64;d:\program files (x86)\RivaTuner v2.22\RivaTuner64.sys [2009-02-04 19952]
R3 RTCore64;RTCore64;d:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-06-07 14648]
R3 SASENUM;SASENUM;d:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2012-07-06 12872]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-07-02 525040]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-18 1255736]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-08-02 288112]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
R4 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-08-22 57344]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-22 1436424]
R4 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-09-24 68136]
R4 gupdate1c999ece1d8959a;Google Update Service (gupdate1c999ece1d8959a);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-28 133104]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-28 133104]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;d:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
R4 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-14 868848]
R4 TeamViewer5;TeamViewer 5;d:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-11-03 210016]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2011-11-03 141920]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-28 06:09]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-28 21:38]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-28 21:38]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58142934-3021005339-2130339368-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 03:32]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58142934-3021005339-2130339368-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 03:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF19661.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 2552320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ja03k2d1.default\
FF - prefs.js: browser.startup.homepage - hxxp://prohockeytalk.nbcsports.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Project TINT - d:\program files (x86)\Project TINT\Standard\TINT_GUI_Std_TS3.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bf,0e,11,1b,31,5b,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,ca,93,95,a8,d5,b4,49,a3,ef,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,ca,93,95,a8,d5,b4,49,a3,ef,5e,\
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,2e,99,
5f,f6,81,43,0f,87,be,49,44,e0,a8,e9,8f
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c6,61,
49,94,b2,16,0b,aa,08,6a,0f,b4,51,da,db
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,3b,1b,69,56,47,
4d,e1,1a,f2,0e,bb,83,8e,98,36,00,0f,19
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,3b,1b,2e,d8,5d,
1b,51,d6,63,07,a7,1f,37,d5,36,73,29,7d
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,06,56,
1f,13,c2,fc,04,8c,6b,81,1f,96,de,27,0a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,13,c5,
00,9e,b9,e5,0c,bd,80,bb,0a,8e,6c,f8,df
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cf,2a,
88,31,1d,d9,04,96,da,10,39,74,4a,26,da
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cb,66,
b6,52,b9,29,06,9a,65,45,18,ec,54,5c,0c
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,c5,73,
b7,6b,2c,5e,08,ae,ec,8f,3b,b7,ef,65,41
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1b,d2,
c3,76,f5,3d,0d,a4,62,dd,78,c3,87,cd,b5
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,05,8d,
ec,93,8b,35,0e,81,72,27,00,8c,a4,e5,6b
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,3b,1b,ef,e4,e5,
e7,7d,9e,4d,01,a5,d4,4f,2f,e3,54,ed,4a
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,d8,53,
28,52,e5,a3,05,90,66,0d,54,16,23,d7,d6
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:51,bd,a7,1c,30,41,cc,01
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,e8,44,95,19,ee,26,4d,82,eb,84,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,e8,44,95,19,ee,26,4d,82,eb,84,\
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\EDITPLUS.EXE"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mov"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\SecuROM\License information*]
"datasecu"=hex:34,24,c2,b7,41,d4,8f,33,2a,c2,d3,d7,ef,d6,bb,ea,5f,cf,7e,0c,b0,
22,83,b6,6e,2c,a1,78,43,3a,7c,94,a9,8c,f0,49,fa,90,20,23,f9,c2,61,a0,ac,b1,\
"rkeysecu"=hex:4a,60,60,09,be,82,ba,fa,2e,a3,45,d0,89,46,86,cf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-06 23:08:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 03:08
.
Pre-Run: 49,121,300,480 bytes free
Post-Run: 48,682,979,328 bytes free
.
- - End Of File - - 763DC3FEFE87E18942AE5BB92CE3E6E8

Farbar recovery went smooth, although I do still see 2 hidden desktop.ini files on my desktop... unknown if they are in fact the virus or something else now. :) But they've been there for awhile today since beginning troubleshooting.

#7 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 06 July 2012 - 10:12 PM

Oh please note: My system is currently doing a "Clean Boot" by not running any additional services or programs from msconfig. This was to troubleshoot a connection issue with a game I play. I hope this doesn't alter the results in any way. I just realized that could potentially cause a problem.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:26 AM

Posted 06 July 2012 - 10:15 PM

hidden files and folders are probably showing, we will look after that when we are done

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:26 AM

Posted 06 July 2012 - 10:20 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:26 AM

Posted 06 July 2012 - 10:51 PM

Oh please note: My system is currently doing a "Clean Boot" by not running any additional services or programs from msconfig. This was to troubleshoot a connection issue with a game I play. I hope this doesn't alter the results in any way. I just realized that could potentially cause a problem.


This shouldn't cause an issue, but just as a precaution, reset it back to boot normally before running the above scans

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 07 July 2012 - 03:25 AM

Catbyte,

Unfortunately I was already running the scans and walked away prior to seeing your post, so I never had a chance to re-enable. Will do so if I continue to have a problem. Also note: This issue may have corrupted my Windows firewall. I found instructions for how to restore, just waiting until everything is cleaned.

Here are the logs:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: DAN-PC [administrator]

Protection: Disabled

7/6/2012 11:26:38 PM
mbam-log-2012-07-06 (23-26-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319981
Time elapsed: 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\MGtools\Process.exe Win32/PrcView application
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd5bcf2d20bb07.0000 Win64/Patched.B.Gen trojan
D:\ISOs\Revit 2012.iso Win32/Keygen.BL application
D:\Program Files (x86)\mektek.net\Mechwarrior Mercenaries - Mektek Mekpak\MW4Mercs.exe probably a variant of Win32/StartPage.DTUEQOY trojan
D:\Program Files (x86)\mektek.net\MTX\temp\games\mechwarrior4mercenaries.all.to.51.03.01.0017.mtx probably a variant of Win32/StartPage.ENQZNMK trojan
D:\Program Files (x86)\mektek.net\MTX\temp\games\backup\base\MW4Mercs.exe probably a variant of Win32/StartPage.ENQZNMK trojan
D:\Program Files (x86)\mektek.net\MTX\temp\games\base\MW4Mercs.exe probably a variant of Win32/StartPage.DTUEQOY trojan
D:\Software\IZArc\IZArc4.1.6.exe Win32/OpenCandy application
D:\Software\Piolet\PioletSetup.exe Win32/Toolbar.Widgi application
D:\Software\Program Cracks\CyberLink_PowerDVD_v5.0_by_CAFE.zip probably a variant of Win32/Agent.KJVNHOY trojan
D:\Software\Program Cracks\Getright 502 Keygen.zip a variant of Win32/Keygen.CY application
D:\Software\Program Cracks\SecureCRT_v4.0.9.460.zip a variant of Win32/HackTool.Patcher.X application
D:\Software\Program Cracks\SecureCRT_v4.x.x_by_Morglum.zip a variant of Win32/HackTool.Patcher.B application
D:\Software\Program Cracks\UiCE_2.6.1.1.zip Win32/Tool.TPE.A application
D:\Software\Program Cracks\Aric\Aric.zip probably a variant of Win32/TrojanDownloader.Agent.IPGQQOF trojan
D:\Software\Program Cracks\Aric\Photoshop_CS_by_Unknown.zip probably a variant of Win32/TrojanDownloader.Agent.IPGQQOF trojan
D:\Software\Program Cracks\Extracted Cracks\Keygen.exe a variant of Win32/Keygen.CY application
D:\Software\Program Cracks\SecureCRT_v4.0.9.460\Patch.exe a variant of Win32/HackTool.Patcher.X application
D:\Users\Administrator\Desktop\RK_Quarantine\00000008.@.vir Win64/Agent.BA trojan
D:\Users\Administrator\Desktop\RK_Quarantine\80000000.@.vir Win64/Sirefef.AE trojan
D:\Users\Administrator\Desktop\RK_Quarantine\80000032.@.vir a variant of Win32/Sirefef.FD trojan

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:26 AM

Posted 07 July 2012 - 08:54 AM

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd5bcf2d20bb07.0000 
D:\ISOs\Revit 2012.iso 
D:\Software\IZArc\IZArc4.1.6.exe 
D:\Software\Piolet\PioletSetup.exe 
D:\Software\Program Cracks\CyberLink_PowerDVD_v5.0_by_CAFE.zip 
D:\Software\Program Cracks\Getright 502 Keygen.zip 
D:\Software\Program Cracks\SecureCRT_v4.0.9.460.zip 
D:\Software\Program Cracks\SecureCRT_v4.x.x_by_Morglum.zip 
D:\Software\Program Cracks\UiCE_2.6.1.1.zip 
D:\Software\Program Cracks\Aric\Aric.zip 
D:\Software\Program Cracks\Aric\Photoshop_CS_by_Unknown.zip 
D:\Software\Program Cracks\Extracted Cracks\Keygen.exe 
D:\Software\Program Cracks\SecureCRT_v4.0.9.460\Patch.exe 
D:\Users\Administrator\Desktop\RK_Quarantine\00000008.@.vir 
D:\Users\Administrator\Desktop\RK_Quarantine\80000000.@.vir 
D:\Users\Administrator\Desktop\RK_Quarantine\80000032.@.vir 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Let's have a look at the services to see what's happening with the Firewall


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 07 July 2012 - 11:57 AM

Catbyte,

Attached are the logs you have requested. Also just a heads up those 2 hidden desktop.ini files are on my desktop, which weren't there until I began troubleshooting the problem. Show hidden files and folders was already enabled prior to this.

Also since I would be running FSS, I re-enabled all of my services through MSConfig. It appears the Firewall is now functioning as far as I can see. MSE was also restored when I disabled it to run scans. Please let me know if anything jumps out at you.

ComboFix 12-07-07.04 - Administrator 07/07/2012 12:37:34.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8109.6801 [GMT -4:00]
Running from: d:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: d:\users\Administrator\Desktop\2012-07-06 Virus Logs\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd5bcf2d20bb07.0000"
"d:\isos\Revit 2012.iso"
"d:\software\IZArc\IZArc4.1.6.exe"
"d:\software\Piolet\PioletSetup.exe"
"d:\software\Program Cracks\Aric\Aric.zip"
"d:\software\Program Cracks\Aric\Photoshop_CS_by_Unknown.zip"
"d:\software\Program Cracks\CyberLink_PowerDVD_v5.0_by_CAFE.zip"
"d:\software\Program Cracks\Extracted Cracks\Keygen.exe"
"d:\software\Program Cracks\Getright 502 Keygen.zip"
"d:\software\Program Cracks\SecureCRT_v4.0.9.460.zip"
"d:\software\Program Cracks\SecureCRT_v4.0.9.460\Patch.exe"
"d:\software\Program Cracks\SecureCRT_v4.x.x_by_Morglum.zip"
"d:\software\Program Cracks\UiCE_2.6.1.1.zip"
"d:\users\Administrator\Desktop\RK_Quarantine\00000008.@.vir"
"d:\users\Administrator\Desktop\RK_Quarantine\80000000.@.vir"
"d:\users\Administrator\Desktop\RK_Quarantine\80000032.@.vir"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd5bcf2d20bb07.0000
d:\isos\Revit 2012.iso
d:\software\IZArc\IZArc4.1.6.exe
d:\software\Piolet\PioletSetup.exe
d:\software\Program Cracks\Aric\Aric.zip
d:\software\Program Cracks\Aric\Photoshop_CS_by_Unknown.zip
d:\software\Program Cracks\CyberLink_PowerDVD_v5.0_by_CAFE.zip
d:\software\Program Cracks\Extracted Cracks\Keygen.exe
d:\software\Program Cracks\Getright 502 Keygen.zip
d:\software\Program Cracks\SecureCRT_v4.0.9.460.zip
d:\software\Program Cracks\SecureCRT_v4.0.9.460\Patch.exe
d:\software\Program Cracks\SecureCRT_v4.x.x_by_Morglum.zip
d:\software\Program Cracks\UiCE_2.6.1.1.zip
d:\users\Administrator\Desktop\RK_Quarantine\00000008.@.vir
d:\users\Administrator\Desktop\RK_Quarantine\80000000.@.vir
d:\users\Administrator\Desktop\RK_Quarantine\80000032.@.vir
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 16:40 . 2012-07-07 16:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-07 16:40 . 2012-07-07 16:40 -------- d-----w- c:\users\Test\AppData\Local\temp
2012-07-07 16:40 . 2012-07-07 16:40 -------- d-----w- c:\users\Mcx2-DAN-PC\AppData\Local\temp
2012-07-07 16:40 . 2012-07-07 16:40 -------- d-----w- c:\users\Mcx1-DAN-PC\AppData\Local\temp
2012-07-07 16:40 . 2012-07-07 16:40 -------- d-----w- c:\users\Jaime\AppData\Local\temp
2012-07-07 16:40 . 2012-07-07 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 16:40 . 2012-07-07 16:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-07 06:37 . 2012-07-07 06:37 -------- d-----w- C:\FRST
2012-07-07 03:28 . 2012-07-07 03:28 -------- d-----w- c:\program files (x86)\ESET
2012-07-06 23:16 . 2012-07-06 23:16 328704 ----a-w- c:\windows\system32\services.exe.9D792477B8ECE462
2012-07-06 20:55 . 2012-07-06 20:59 -------- d-----w- C:\MGtools
2012-07-06 20:46 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-06 20:41 . 2012-07-06 20:41 328704 ----a-w- c:\windows\system32\services.exe.944170F368898F0D
2012-07-06 20:16 . 2012-07-06 20:16 -------- d-----w- c:\program files\HitmanPro
2012-07-06 20:15 . 2012-07-06 20:17 -------- d-----w- c:\programdata\HitmanPro
2012-07-06 20:03 . 2012-07-06 20:03 -------- d-----w- c:\program files\CCleaner
2012-07-06 19:47 . 2012-07-06 19:47 328704 ----a-w- c:\windows\system32\services.exe.E0A41A2332E2E886
2012-07-06 19:42 . 2012-07-06 19:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-06 17:43 . 2012-07-06 17:43 328704 ----a-w- c:\windows\system32\services.exe.50C63063FE2332D7
2012-07-06 17:32 . 2012-07-06 17:32 328704 ----a-w- c:\windows\system32\services.exe.DCC4EF8701F46175
2012-07-06 17:27 . 2012-07-06 17:27 328704 ----a-w- c:\windows\system32\services.exe.D5B4FDB0285B9D8F
2012-07-06 16:49 . 2012-07-07 02:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 16:49 . 2012-07-07 02:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 16:26 . 2012-07-06 16:26 328704 ----a-w- c:\windows\system32\services.exe.AF60D5A5A4EB0427
2012-07-06 16:04 . 2012-07-06 16:04 50392 ----a-w- c:\windows\system32\drivers\xwimxvnr.sys
2012-07-06 16:04 . 2012-07-06 16:04 328704 ----a-w- c:\windows\system32\services.exe.49F7DFED64333D77
2012-07-06 16:03 . 2012-07-06 16:03 50392 ----a-w- c:\windows\system32\drivers\ejtwatba.sys
2012-07-06 16:03 . 2012-07-06 16:03 50392 ----a-w- c:\windows\system32\drivers\tsgfbejk.sys
2012-07-06 16:01 . 2012-07-06 16:01 328704 ----a-w- c:\windows\system32\services.exe.3681C9B1DBB53ACD
2012-07-06 15:57 . 2012-07-06 15:57 328704 ----a-w- c:\windows\system32\services.exe.A9D8E3398A579729
2012-07-06 14:45 . 2012-07-06 14:45 328704 ----a-w- c:\windows\system32\services.exe.111BCDDCEACAF69D
2012-07-06 14:44 . 2012-07-06 14:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-07-06 14:44 . 2012-07-06 14:44 -------- d-----w- c:\programdata\Malwarebytes
2012-07-06 14:34 . 2012-07-06 14:34 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C144B86E-1B95-4422-9CC0-9C14E3552266}\gapaengine.dll
2012-07-06 14:34 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D5D617D-73DB-4588-9F4C-5C93BDB97D70}\mpengine.dll
2012-07-06 14:33 . 2012-07-06 14:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-06 14:33 . 2012-07-06 14:34 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-06 14:29 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-06 14:29 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-06 04:22 . 2012-07-06 04:22 -------- d-----w- c:\programdata\ATI
2012-07-06 04:22 . 2012-07-06 04:22 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-05 22:19 . 2012-07-05 22:19 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 18:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 18:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 18:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 18:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 18:20 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 18:20 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 18:20 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 18:20 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 18:20 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 07:43 . 2012-06-16 07:43 -------- d-----w- c:\program files\iTunes
2012-06-16 07:43 . 2012-06-16 07:43 -------- d-----w- c:\program files (x86)\iTunes
2012-06-16 07:43 . 2012-06-16 07:43 -------- d-----w- c:\program files\iPod
2012-06-15 04:17 . 2012-06-15 04:17 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-06-13 20:58 . 2012-06-13 20:58 -------- d-----w- c:\users\Administrator\AppData\Local\Macromedia
2012-06-13 17:31 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-07 16:41 . 2011-11-05 16:55 25640 ----a-w- c:\windows\gdrv.sys
2012-07-06 20:59 . 2012-07-06 20:55 416509 ----a-w- C:\MGlogs.zip
2012-06-15 03:30 . 2009-02-27 21:53 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-15 03:30 . 2009-02-26 20:41 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-13 22:10 . 2009-02-26 20:41 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-11 17:23 . 2011-10-12 20:13 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:01 . 2011-10-12 19:54 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:26 . 2011-07-28 20:54 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:25 . 2011-07-28 20:53 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-05-31 16:25 . 2010-08-26 04:51 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 19:26 . 2007-10-20 01:37 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-30 19:26 . 2003-02-21 04:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-11 20:33 . 2011-09-18 19:47 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-07_03.07.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-07-07 16:42 51492 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-17 21:48 . 2012-07-07 16:42 17634 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-58142934-3021005339-2130339368-500_UserData.bin
+ 2010-09-08 04:38 . 2012-07-07 16:40 3734 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-07 16:40 . 2012-07-07 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-07 03:06 . 2012-07-07 03:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-07 16:40 . 2012-07-07 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-07 03:06 . 2012-07-07 03:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-18 16:22 . 2012-07-07 16:33 523822 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-07-07 03:04 629194 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-07 03:11 629194 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-07 03:11 108410 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-07 03:04 108410 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-07 03:06 472384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-07 16:40 472384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-20 15:38 . 2012-07-07 03:06 58956116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-58142934-3021005339-2130339368-500-12288.dat
+ 2010-05-20 15:38 . 2012-07-07 16:40 58956116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-58142934-3021005339-2130339368-500-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="d:\program files (x86)\Roboform\RoboTaskBarIcon.exe" [2009-12-24 160592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-13 21:27 548352 ----a-w- d:\program files (x86)\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"
.
R1 SASDIFSV;SASDIFSV;d:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2012-07-06 12872]
R1 SASKUTIL;SASKUTIL;d:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2012-07-06 67656]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 atidgllk;atidgllk;c:\program files (x86)\GIGABYTE\ET6\atidgllk.sys [2006-07-19 12048]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-17 30528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 RivaTuner64;RivaTuner64;d:\program files (x86)\RivaTuner v2.22\RivaTuner64.sys [2009-02-04 19952]
R3 RTCore64;RTCore64;d:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-06-07 14648]
R3 SASENUM;SASENUM;d:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2012-07-06 12872]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-07-02 525040]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-18 1255736]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-08-02 288112]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
R4 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-08-22 57344]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-22 1436424]
R4 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-09-24 68136]
R4 gupdate1c999ece1d8959a;Google Update Service (gupdate1c999ece1d8959a);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-28 133104]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-28 133104]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;d:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
R4 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-14 868848]
R4 TeamViewer5;TeamViewer 5;d:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-11-03 210016]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2011-11-03 141920]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-28 06:09]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-28 21:38]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-28 21:38]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58142934-3021005339-2130339368-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 03:32]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58142934-3021005339-2130339368-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 03:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 2552320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ja03k2d1.default\
FF - prefs.js: browser.startup.homepage - hxxp://prohockeytalk.nbcsports.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bf,0e,11,1b,31,5b,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,ca,93,95,a8,d5,b4,49,a3,ef,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,ca,93,95,a8,d5,b4,49,a3,ef,5e,\
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,2e,99,
5f,f6,81,43,0f,87,be,49,44,e0,a8,e9,8f
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c6,61,
49,94,b2,16,0b,aa,08,6a,0f,b4,51,da,db
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,3b,1b,69,56,47,
4d,e1,1a,f2,0e,bb,83,8e,98,36,00,0f,19
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,3b,1b,2e,d8,5d,
1b,51,d6,63,07,a7,1f,37,d5,36,73,29,7d
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,06,56,
1f,13,c2,fc,04,8c,6b,81,1f,96,de,27,0a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,13,c5,
00,9e,b9,e5,0c,bd,80,bb,0a,8e,6c,f8,df
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cf,2a,
88,31,1d,d9,04,96,da,10,39,74,4a,26,da
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cb,66,
b6,52,b9,29,06,9a,65,45,18,ec,54,5c,0c
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,c5,73,
b7,6b,2c,5e,08,ae,ec,8f,3b,b7,ef,65,41
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1b,d2,
c3,76,f5,3d,0d,a4,62,dd,78,c3,87,cd,b5
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,05,8d,
ec,93,8b,35,0e,81,72,27,00,8c,a4,e5,6b
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,3b,1b,ef,e4,e5,
e7,7d,9e,4d,01,a5,d4,4f,2f,e3,54,ed,4a
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,d8,53,
28,52,e5,a3,05,90,66,0d,54,16,23,d7,d6
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:51,bd,a7,1c,30,41,cc,01
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,e8,44,95,19,ee,26,4d,82,eb,84,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,e8,44,95,19,ee,26,4d,82,eb,84,\
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\EDITPLUS.EXE"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mov"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\Software\SecuROM\License information*]
"datasecu"=hex:34,24,c2,b7,41,d4,8f,33,2a,c2,d3,d7,ef,d6,bb,ea,5f,cf,7e,0c,b0,
22,83,b6,6e,2c,a1,78,43,3a,7c,94,a9,8c,f0,49,fa,90,20,23,f9,c2,61,a0,ac,b1,\
"rkeysecu"=hex:4a,60,60,09,be,82,ba,fa,2e,a3,45,d0,89,46,86,cf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-07 12:46:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 16:46
ComboFix2.txt 2012-07-07 03:08
.
Pre-Run: 48,595,714,048 bytes free
Post-Run: 43,920,257,024 bytes free
.
- - End Of File - - 5F213143AA48F579A535C7F273D81F84



Farbar Service Scanner Version: 02-07-2012
Ran by Administrator (administrator) on 07-07-2012 at 12:53:32
Running from "D:\Users\Administrator\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:26 AM

Posted 07 July 2012 - 12:05 PM

looks good

what are the properties of the desktop.ini files?

are you experiencing any other issues?

please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    desktop.ini
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 07 July 2012 - 02:21 PM

Both of the files are hidden. One is located at D:\Users\Administrator\Desktop (my current profile). The other is C:\Users\public\Public Desktop. One was created 8/15/09 and modified 2/15/12. The other created/modified/accessed 7/14/09. Any other information you want?

OTL Extras logfile created on: 7/7/2012 3:10:04 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = D:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 5.88 Gb Available Physical Memory | 74.26% Memory free
15.84 Gb Paging File | 13.11 Gb Available in Paging File | 82.80% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 40.54 Gb Free Space | 34.00% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 132.86 Gb Free Space | 22.29% Space Free | Partition Type: NTFS
Drive E: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 3.75 Gb Total Space | 3.75 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: DAN-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{909669B4-9A2D-40F1-8CE5-BE96FF4267C1}D:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\program files (x86)\trillian\trillian.exe |
"TCP Query User{91EDF5C3-6F14-45D7-B536-AF7F5BD4C84F}D:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\program files (x86)\xfire\xfire.exe |
"UDP Query User{428CA649-94F4-42B1-A5B8-2A926FC56081}D:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\program files (x86)\xfire\xfire.exe |
"UDP Query User{B077B745-E51D-4DBB-B326-A431E34C9AED}D:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\program files (x86)\trillian\trillian.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1324D89E-6452-A561-B97E-053C2AE6F7FF}" = AMD Drag and Drop Transcoding
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A90CB5C-A6D1-440F-A86D-7F32CEABE062}" = Image Resizer Powertoy Clone for Windows
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9609B6D-9532-E0F8-BE41-DFE18BFAEC22}" = AMD AVIVO64 Codecs
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Explorer Suite_is1" = Explorer Suite III
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TS3 Overlay" = TS3 Overlay

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{189B9ACF-DBA6-4F52-8726-2E11049FB1F7}" = HydraVision
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{25CA85B0-7CA9-4844-BF8A-4729E1ADA9FE}" = ConferenceManager Client Software
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{300A470B-681B-449F-82AE-6D19114702CE}" = PhysX Screen Saver
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0824.1
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0823.1
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57EF5EE1-E32B-4EDE-9D50-3A82126800EE}" = Batman: Arkham Asylum Demo
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{8651784F-123E-4E8F-A5AD-60B8BE121033}" = Nero 8 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907611B4-1B1B-4810-88CD-965FA49F35F6}" = C5200
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96B20C36-4F3E-4CA2-8583-FB2999E16A6E}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9650 smartphone
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB Updater
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Afterburner" = MSI Afterburner 1.6.1
"AI RoboForm" = AI RoboForm (All Users)
"Any Video Converter_is1" = Any Video Converter 3.0.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Battlelog Web Plugins" = Battlelog Web Plugins
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Diablo III" = Diablo III
"DiminHotkeys" = DIMIN Hotkeys (remove only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EditPlus 3" = EditPlus 3
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FileZilla Client" = FileZilla Client 3.5.3
"FormatFactory" = FormatFactory 1.85
"Foxit Reader" = Foxit Reader
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"Google Updater" = Google Updater
"GraphCalc v4.0.1_is1" = GraphCalc v4.0.1
"ImgBurn" = ImgBurn
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0823.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Standard)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 2.4 (remove only)
"MatrixWorld 3D Screensaver_is1" = MatrixWorld 3D Screensaver 1.5
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mozilla Firefox 9.0 (x86 en-US)" = Mozilla Firefox 9.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nmap" = Nmap 5.21
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PC Wizard 2010_is1" = PC Wizard 2010.1.94
"Piolet" = Piolet 3.0.7
"Precision" = EVGA Precision 1.3.3
"PRO" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"Qtracker" = Qtracker
"RealPlayer 15.0" = RealPlayer
"RivaTuner" = RivaTuner v2.22
"SeaStorm 3D Screensaver_is1" = SeaStorm 3D Screensaver 1.5
"Space Plasma 3D Screensaver_is1" = Space Plasma 3D Screensaver 1.5
"SpamBayes_is1" = SpamBayes 1.0.4
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = modemlogger
"Star Trek Online" = Star Trek Online
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 1250" = Killing Floor
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 24200" = DC Universe Online
"Steam App 25890" = Hearts of Iron III
"Steam App 25900" = King's Bounty: The Legend
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 39120" = RIFT
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"Steam App 63200" = Monday Night Combat
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak_is1" = TeamSpeak
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
"Trillian" = Trillian
"TSO_is1" = TSO 63
"TurboTax 2009" = TurboTax 2009
"Ultima Online Classic" = Ultima Online Classic Client
"Ultima Online Enhanced" = Ultima Online Enhanced Client
"UOAssist" = UOAssist
"UOCartographer 0.9" = UOCartographer 0.9
"UT2004" = Unreal Tournament 2004
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.3.2
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-58142934-3021005339-2130339368-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"FXAA Post Process Injector" = FXAA Post Process Injector
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2010 6:39:14 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3088

Error - 12/1/2010 6:39:15 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2010 6:39:15 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4102

Error - 12/1/2010 6:39:15 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4102

Error - 12/1/2010 6:39:16 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2010 6:39:16 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5101

Error - 12/1/2010 6:39:16 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5101

Error - 12/1/2010 6:39:17 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2010 6:39:17 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6099

Error - 12/1/2010 6:39:17 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6099

[ OSession Events ]
Error - 2/25/2009 6:23:29 PM | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 1:28:25 AM | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 1:28:51 AM | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 1:29:58 AM | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/17/2009 5:18:00 PM | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1195
seconds with 180 seconds of active time. This session ended with a crash.

Error - 1/10/2010 11:49:37 PM | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 316
seconds with 240 seconds of active time. This session ended with a crash.

Error - 6/3/2010 3:41:42 AM | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/1/2010 3:01:09 PM | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/1/2010 3:01:55 PM | Computer Name = Dan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/7/2012 12:40:59 PM | Computer Name = Dan-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/7/2012 12:41:00 PM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/7/2012 12:41:01 PM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 7/7/2012 12:45:23 PM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/7/2012 12:45:43 PM | Computer Name = Dan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.129.1102.0).

Error - 7/7/2012 12:50:11 PM | Computer Name = Dan-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/7/2012 12:50:11 PM | Computer Name = Dan-PC | Source = Application Popup | ID = 1060
Description = \??\D:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/7/2012 12:50:11 PM | Computer Name = Dan-PC | Source = Application Popup | ID = 1060
Description = \??\D:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/7/2012 12:50:22 PM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 7/7/2012 12:50:22 PM | Computer Name = Dan-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.


< End of report >




As per the issues I'm not noticing anything out of the blue. Redirects are gone, MSE is active, I haven't gotten the critical logoff error (haven't had that for awhile not sure which fixed that). Things are looking... normal. :)

OTL.txt was added as an attachment due to size of the post, even by itself.

Attached Files

  • Attached File  OTL.Txt   420.46KB   2 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users