Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef.AL and patched.B.Gen trojans infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 roguetrooper

roguetrooper

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 01 August 2012 - 11:16 AM

Hi...
I appear to be infected with another variant of the sirefef virus.... looking at my ESET antivirus logs it appears that there is also an issue a patched.B.Gen trojan too...

DDS logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by P1 at 16:28:13 on 2012-08-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2748 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
F:\Windows\system32\wininit.exe
F:\Windows\system32\lsm.exe
F:\Windows\system32\svchost.exe -k DcomLaunch
F:\Windows\system32\nvvsvc.exe
F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
F:\Windows\system32\svchost.exe -k RPCSS
F:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
F:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
F:\Windows\system32\svchost.exe -k netsvcs
F:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
F:\Windows\system32\svchost.exe -k LocalService
F:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
F:\Windows\system32\nvvsvc.exe
F:\Windows\system32\svchost.exe -k NetworkService
F:\Windows\System32\spoolsv.exe
F:\Windows\system32\taskhost.exe
F:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
F:\Windows\system32\Dwm.exe
F:\Windows\Explorer.EXE
F:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
F:\Windows\system32\lxczcoms.exe
F:\Windows\SysWOW64\PnkBstrA.exe
F:\Windows\system32\svchost.exe -k imgsvc
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
F:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
F:\Program Files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe
F:\Windows\SysWOW64\rundll32.exe
F:\Program Files\UltraMon\UltraMon.exe
F:\Program Files\UltraMon\UltraMonTaskbar.exe
F:\Windows\system32\wbem\wmiprvse.exe
F:\Windows\system32\SearchIndexer.exe
F:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
F:\Program Files\Windows Media Player\wmpnetwk.exe
F:\Windows\system32\wbem\wmiprvse.exe
F:\Windows\system32\msconfig.exe
F:\Program Files\UltraMon\UltraMonUiAcc.exe
F:\Windows\system32\SearchFilterHost.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
F:\Windows\system32\SearchProtocolHost.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Windows\SysWOW64\cmd.exe
F:\Windows\system32\conhost.exe
F:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - F:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - F:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - F:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
uRun: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [QuickTime Task] "F:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
StartupFolder: F:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KISSPC~1.LNK - F:\Program Files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe
StartupFolder: F:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - F:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - F:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/pcpitstop.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{173255B8-5F3A-456D-9D0A-44A5C7100E44} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - F:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [QuickTime Task] "F:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - F:\Users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: F:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: f:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: F:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: F:\Users\P1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: F:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: F:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SandBox;SandBox;F:\Windows\system32\drivers\SandBox64.sys --> F:\Windows\system32\drivers\SandBox64.sys [?]
R1 afw;Agnitum Firewall Driver;F:\Windows\system32\DRIVERS\afw.sys --> F:\Windows\system32\DRIVERS\afw.sys [?]
R1 SASDIFSV;SASDIFSV;F:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;F:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 ekrn;ESET Service;F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-2-6 727720]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UltraMonUtility;UltraMon Utility Driver;F:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 afwcore;afwcore;F:\Windows\system32\drivers\afwcore.sys --> F:\Windows\system32\drivers\afwcore.sys [?]
R3 MOSUMAC;USB-Ethernet Driver;F:\Windows\system32\DRIVERS\USBMAC64.SYS --> F:\Windows\system32\DRIVERS\USBMAC64.SYS [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;F:\Windows\system32\DRIVERS\yk62x64.sys --> F:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 acssrv;Agnitum Client Security Service;F:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe --> F:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;F:\Windows\system32\DRIVERS\epfwwfpr.sys --> F:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 1262400]
S3 ASWFilt;ASWFilt;\??\F:\Windows\system32\Filt\ASWFilt64.dll --> F:\Windows\system32\Filt\ASWFilt64.dll [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;F:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-20 79360]
S3 efavdrv;efavdrv;\??\F:\Windows\system32\drivers\efavdrv.sys --> F:\Windows\system32\drivers\efavdrv.sys [?]
S3 MBAMProtector;MBAMProtector;\??\F:\Windows\system32\drivers\mbam.sys --> F:\Windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-18 113120]
S3 Razerlow;Razer Pro|Solutions;F:\Windows\system32\drivers\DB3G.sys --> F:\Windows\system32\drivers\DB3G.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;F:\Windows\system32\drivers\rdpvideominiport.sys --> F:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;F:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 TsUsbFlt;TsUsbFlt;F:\Windows\system32\drivers\tsusbflt.sys --> F:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;F:\Windows\system32\Wat\WatAdminSvc.exe --> F:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 !SASCORE;SAS Core Service;F:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
S4 AdobeARMservice;Adobe Acrobat Update Service;F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S4 gupdate;Google Update Service (gupdate);F:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-16 136176]
S4 gupdatem;Google Update Service (gupdatem);F:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-16 136176]
S4 MBAMService;MBAMService;F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-11 654408]
S4 SophosVirusRemovalTool;Sophos Virus Removal Tool;F:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-4-16 151064]
S4 wlcrasvc;Windows Live Mesh remote connections service;F:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-01 14:57:47 -------- d-----w- F:\ProgramData\0C1D14A100001B0900089F29F875EF60
2012-08-01 08:03:31 -------- d-----w- F:\Users\P1\AppData\Local\{C8E4BE5F-0CEF-4DB1-A944-FFEB924D456B}
2012-08-01 08:03:29 -------- d-----w- F:\Users\P1\AppData\Local\{A2819871-C853-4F96-A205-DFEDCC208986}
2012-08-01 08:03:28 -------- d-----w- F:\Users\P1\AppData\Local\{B638FDE6-F26B-474D-823F-9ECA7239D972}
2012-08-01 08:03:15 -------- d-----w- F:\Users\P1\AppData\Local\{5A69A43E-2D01-4759-819C-6A708BA4C999}
2012-07-31 19:10:42 -------- d-----w- F:\Users\P1\AppData\Local\{D1D3DA5D-5E30-423E-9126-2C31858DA683}
2012-07-31 19:10:28 -------- d-----w- F:\Users\P1\AppData\Local\{B344E840-1CEC-41FB-891C-EA56CAA03567}
2012-07-31 07:10:16 9133488 ----a-w- F:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE655174-4FE7-4E94-8B1A-F436E301FA5E}\mpengine.dll
2012-07-31 07:10:00 -------- d-----w- F:\Users\P1\AppData\Local\{DCAB07A4-698B-4814-A8A3-C273FD4F2653}
2012-07-31 07:09:51 -------- d-----w- F:\Users\P1\AppData\Local\{9DEC382B-D9A5-4226-9774-9A7DDBE1428B}
2012-07-31 07:09:35 -------- d-----w- F:\Users\P1\AppData\Local\{1D6DEDF2-5052-4FF0-AE75-24EF266848DA}
2012-07-30 14:21:47 -------- d-----w- F:\Users\P1\AppData\Local\{24C59022-A942-4D6E-AF95-7ADE1682DB7C}
2012-07-30 14:21:43 -------- d-----w- F:\Users\P1\AppData\Local\{5566CF8D-C31E-47E9-A002-E9B6D8EB381E}
2012-07-30 14:21:40 -------- d-----w- F:\Users\P1\AppData\Local\{E1D05565-E5A9-4142-BAC9-1B41EF4D0084}
2012-07-30 14:21:23 -------- d-----w- F:\Users\P1\AppData\Local\{37C606FA-7012-40E8-8286-AB53A2A0E7FF}
2012-07-29 23:55:00 -------- d-----w- F:\Users\P1\AppData\Local\{24554ED0-7833-405D-AA58-54D8ADA280AD}
2012-07-29 23:54:47 -------- d-----w- F:\Users\P1\AppData\Local\{56809547-4C42-4240-8145-15DEA862E32E}
2012-07-29 11:54:27 -------- d-----w- F:\Users\P1\AppData\Local\{762EEBD1-C328-43B9-934D-860C14EBB949}
2012-07-29 11:54:13 -------- d-----w- F:\Users\P1\AppData\Local\{45E9C452-8C31-4997-80BB-3653D8CFC53C}
2012-07-28 22:26:35 -------- d-----w- F:\Users\P1\AppData\Local\{9A3679E5-B071-40CE-ACAA-7698A1AF2CF0}
2012-07-28 22:26:30 -------- d-----w- F:\Users\P1\AppData\Local\{749919C6-CAF2-4BBE-B996-9A38F3F8D313}
2012-07-28 22:26:27 -------- d-----w- F:\Users\P1\AppData\Local\{260BCAFB-8B8C-4708-A9BA-3B4FD2181A95}
2012-07-28 22:26:09 -------- d-----w- F:\Users\P1\AppData\Local\{000BEA3A-977F-4192-AEB1-2A679656D95C}
2012-07-28 09:00:04 -------- d-----w- F:\Users\P1\AppData\Local\{AC9304CE-928F-4853-8BD2-6C190501355E}
2012-07-28 09:00:02 -------- d-----w- F:\Users\P1\AppData\Local\{108C0F37-FC29-412D-BC27-64E76F48637C}
2012-07-28 09:00:00 -------- d-----w- F:\Users\P1\AppData\Local\{506E6200-6B61-43B6-992F-6C8E5D5FF199}
2012-07-28 08:59:47 -------- d-----w- F:\Users\P1\AppData\Local\{7A23CBC4-18B7-4D60-9776-FCEA9D09A5E1}
2012-07-27 16:51:29 -------- d-----w- F:\Users\P1\AppData\Local\{FDFF94F7-5AEE-4084-AE89-C418A59A4118}
2012-07-27 16:51:26 -------- d-----w- F:\Users\P1\AppData\Local\{EA3FE2E3-6BAD-4F51-AF4B-BD73243495DC}
2012-07-27 16:51:21 -------- d-----w- F:\Users\P1\AppData\Local\{6A9C2712-60F1-4673-B490-25D0D95C6A2F}
2012-07-27 16:51:05 -------- d-----w- F:\Users\P1\AppData\Local\{AD4F80AE-0946-4E83-A1AC-A1D036685156}
2012-07-27 00:36:12 -------- d-----w- F:\Users\P1\AppData\Local\{E9798E50-8878-4570-A8E4-15F7B3E34E5D}
2012-07-27 00:35:58 -------- d-----w- F:\Users\P1\AppData\Local\{295A97E6-F5FE-47C5-B13C-FDAAB6987A41}
2012-07-26 12:35:38 -------- d-----w- F:\Users\P1\AppData\Local\{7C487A08-2369-4316-B2C4-BEDB2609414C}
2012-07-26 12:35:21 -------- d-----w- F:\Users\P1\AppData\Local\{F1CF51BB-EEE8-435C-87EC-F1DC582F45C9}
2012-07-26 00:34:59 -------- d-----w- F:\Users\P1\AppData\Local\{3D6277D1-02DF-4EBD-8B3B-4B056A9D4EE8}
2012-07-25 12:34:38 -------- d-----w- F:\Users\P1\AppData\Local\{15173E05-886B-415A-9B12-0C7845DABFDF}
2012-07-25 12:34:25 -------- d-----w- F:\Users\P1\AppData\Local\{0D3EA84D-AD8F-4CCD-B8EA-850844BFE716}
2012-07-25 00:34:03 -------- d-----w- F:\Users\P1\AppData\Local\{ACDF21BB-8C74-4930-B6C1-D75E8DF64B2F}
2012-07-25 00:33:48 -------- d-----w- F:\Users\P1\AppData\Local\{70DC95F7-C364-418D-9B95-823B19ABFA39}
2012-07-24 08:13:18 -------- d-----w- F:\Users\P1\AppData\Local\{AC327645-3104-499B-B797-B24B0448CEA4}
2012-07-24 08:13:17 -------- d-----w- F:\Users\P1\AppData\Local\{307EFE32-A1AE-4AA8-9DF7-DBC7589225F4}
2012-07-24 08:13:15 -------- d-----w- F:\Users\P1\AppData\Local\{93412E8A-AAA9-4771-A2B4-B25B0229CA02}
2012-07-24 08:13:02 -------- d-----w- F:\Users\P1\AppData\Local\{FA268D4E-5C65-4FC6-96F5-D5EF641EC13A}
2012-07-23 14:54:38 -------- d-----w- F:\Users\P1\AppData\Local\{4DE44471-4C2A-47A9-BE6F-ECB059A61BAC}
2012-07-23 14:54:37 -------- d-----w- F:\Users\P1\AppData\Local\{1355615D-19A0-44B8-879A-CEF55135A436}
2012-07-23 14:54:35 -------- d-----w- F:\Users\P1\AppData\Local\{A11CBD02-E0F9-4389-8582-4DC2A55A8A32}
2012-07-23 14:54:21 -------- d-----w- F:\Users\P1\AppData\Local\{5FAFC5E1-72F0-4316-80F8-19E7C29947A9}
2012-07-22 23:44:14 -------- d-----w- F:\Users\P1\AppData\Local\{F80AC287-1102-4DD9-9FA9-2647F2184642}
2012-07-22 23:44:00 -------- d-----w- F:\Users\P1\AppData\Local\{0DA735E8-36BF-4279-B9E1-8AAE995CBAC9}
2012-07-22 11:43:42 -------- d-----w- F:\Users\P1\AppData\Local\{37815977-5BE2-403F-9AFB-82B2BC40A4B7}
2012-07-22 11:43:28 -------- d-----w- F:\Users\P1\AppData\Local\{2396A9DF-9EAB-45A5-85DF-8FE9CA087925}
2012-07-21 23:43:01 -------- d-----w- F:\Users\P1\AppData\Local\{A91145C8-5FF4-4DC8-B184-F7641EA7F17B}
2012-07-21 23:42:56 -------- d-----w- F:\Users\P1\AppData\Local\{3B82FF4A-EA44-42E0-AECE-BB3FE886439E}
2012-07-21 23:42:53 -------- d-----w- F:\Users\P1\AppData\Local\{9F9CDB43-8A24-4F33-8F0E-CEDCB1F15E5D}
2012-07-21 23:42:42 -------- d-----w- F:\Users\P1\AppData\Local\{8DEEDD9B-00E9-47EB-A66E-56D11095C6C7}
2012-07-21 11:33:03 -------- d-----w- F:\Users\P1\AppData\Local\{0886C110-3C47-4B60-A690-FE9F997FCC94}
2012-07-21 11:32:49 -------- d-----w- F:\Users\P1\AppData\Local\{16711AAB-140E-4201-A2EC-7157AD21E8F0}
2012-07-20 23:32:30 -------- d-----w- F:\Users\P1\AppData\Local\{E2B80095-2088-4A43-BE74-03934EB000B6}
2012-07-20 23:32:16 -------- d-----w- F:\Users\P1\AppData\Local\{ABBF0ED4-8FBA-4325-B5F1-28BB64688DC8}
2012-07-20 11:31:46 -------- d-----w- F:\Users\P1\AppData\Local\{7469BEEB-ED93-4017-9B7F-902AEC111EF4}
2012-07-20 11:31:24 -------- d-----w- F:\Users\P1\AppData\Local\{AB69291B-6DD3-4470-AC8E-71DA878B3A02}
2012-07-19 23:30:53 -------- d-----w- F:\Users\P1\AppData\Local\{8D29A7C3-302E-4328-8288-4196A10B2B3D}
2012-07-19 23:30:49 -------- d-----w- F:\Users\P1\AppData\Local\{D80D2A49-C952-4CF9-8D12-7DEB719F64FD}
2012-07-19 23:30:45 -------- d-----w- F:\Users\P1\AppData\Local\{ACB83FF0-CCE4-4C14-BF50-A55553597185}
2012-07-19 23:30:27 -------- d-----w- F:\Users\P1\AppData\Local\{D7A98C4F-1BDD-4A42-8185-CB3F85E242F7}
2012-07-19 01:23:50 -------- d-----w- F:\Users\P1\AppData\Local\{E4880BAA-0810-4B5B-BD3C-F5784842BF95}
2012-07-19 01:23:36 -------- d-----w- F:\Users\P1\AppData\Local\{9D949425-9EF3-4678-8698-8719701EEC91}
2012-07-18 19:57:12 -------- d-----w- F:\Program Files (x86)\Rovio
2012-07-18 14:46:08 -------- d-----w- F:\Program Files (x86)\Mozilla Maintenance Service
2012-07-18 14:45:56 624608 ----a-w- F:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-18 14:45:56 43488 ----a-w- F:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-07-18 14:45:56 157608 ----a-w- F:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-18 14:45:56 113120 ----a-w- F:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-18 14:45:55 770384 ----a-w- F:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-18 14:45:55 421200 ----a-w- F:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-18 13:28:57 -------- d-----w- F:\Program Files (x86)\DAEMON Tools Lite
2012-07-18 13:23:14 -------- d-----w- F:\Users\P1\AppData\Local\{1BCD139F-2473-4556-992A-27FEB4E77073}
2012-07-18 13:22:59 -------- d-----w- F:\Users\P1\AppData\Local\{0A611A47-2FF1-4365-B0D5-DF4EDC0D82FF}
2012-07-18 00:54:39 -------- d-----w- F:\Users\P1\AppData\Local\{4EB489B2-6F31-4DE7-8B3F-923E7BE95F1A}
2012-07-17 12:54:20 -------- d-----w- F:\Users\P1\AppData\Local\{031F4BA8-8DAB-4B8B-BB70-F0264251508B}
2012-07-17 12:54:14 -------- d-----w- F:\Users\P1\AppData\Local\{BB16E195-A580-497D-BA5F-671CAA658CC5}
2012-07-17 12:54:01 -------- d-----w- F:\Users\P1\AppData\Local\{DCDAAA5A-FF0F-49FA-9739-7076BEA0BB19}
2012-07-17 12:53:51 -------- d-----w- F:\Users\P1\AppData\Local\{A6AF296A-604E-46AA-B700-339E2E4F24D7}
2012-07-16 15:15:34 -------- d-----w- F:\Users\P1\AppData\Local\{9C166367-91DB-4E0E-9613-41B8979D700F}
2012-07-16 15:15:31 -------- d-----w- F:\Users\P1\AppData\Local\{5A19A718-2552-4C68-8BA4-4AC455F647AE}
2012-07-16 15:15:23 -------- d-----w- F:\Users\P1\AppData\Local\{DBBED7FB-2E73-4244-B915-1BBD40373DF2}
2012-07-16 15:15:06 -------- d-----w- F:\Users\P1\AppData\Local\{F217D181-5B68-4A49-B4D0-AC790BD6FAB4}
2012-07-16 00:36:35 -------- d-----w- F:\Users\P1\AppData\Local\{57D99CA8-442E-419B-9BB7-65C52105E3DD}
2012-07-16 00:36:33 -------- d-----w- F:\Users\P1\AppData\Local\{F2FDC838-8429-4124-AF2D-3772C93619A1}
2012-07-16 00:36:31 -------- d-----w- F:\Users\P1\AppData\Local\{A3DDF91C-5380-4A73-8290-BA5FC55A54CE}
2012-07-16 00:36:17 -------- d-----w- F:\Users\P1\AppData\Local\{F2ACB906-B08C-49A5-9D3B-B4159596C602}
2012-07-15 10:40:49 -------- d-----w- F:\Users\P1\AppData\Local\{2E7435FB-F0C4-4896-91C0-0889BCE2B6CB}
2012-07-15 10:40:35 -------- d-----w- F:\Users\P1\AppData\Local\{7866719A-E732-4BFB-B276-E06953F821FA}
2012-07-14 22:08:47 -------- d-----w- F:\Users\P1\AppData\Local\{20ADDA7D-F6F5-4CD7-A238-B3098D40159A}
2012-07-14 22:08:33 -------- d-----w- F:\Users\P1\AppData\Local\{7BF81C4B-200A-45D4-ACA3-EAF40D979B03}
2012-07-14 10:08:13 -------- d-----w- F:\Users\P1\AppData\Local\{AF940ED5-30CC-4142-A04E-1364EC4E86BC}
2012-07-14 10:08:08 -------- d-----w- F:\Users\P1\AppData\Local\{82E455DC-217D-41A5-8605-21C1C46E19DB}
2012-07-14 10:07:57 -------- d-----w- F:\Users\P1\AppData\Local\{ADB1B400-387F-4F11-9CD4-4FAE71143DA5}
2012-07-14 10:07:52 -------- d-----w- F:\Users\P1\AppData\Local\{A92E3F3F-7057-4030-AF5D-7B38944099E8}
2012-07-13 20:46:52 -------- d-----w- F:\Users\P1\AppData\Local\{4E99551F-5771-4D8E-8A42-15AE87A78647}
2012-07-13 20:46:39 -------- d-----w- F:\Users\P1\AppData\Local\{D594ADDC-4708-4405-9FAF-0E0566C91DDE}
2012-07-13 08:46:15 -------- d-----w- F:\Users\P1\AppData\Local\{EBEF386E-3B3C-435C-9BF4-780728C681DD}
2012-07-13 08:46:13 -------- d-----w- F:\Users\P1\AppData\Local\{6BFBCE06-BCBE-4369-A7C7-5F6E570EC96A}
2012-07-13 08:46:11 -------- d-----w- F:\Users\P1\AppData\Local\{954416F8-11AF-4EB9-A803-E4F5647FD6CA}
2012-07-13 08:45:58 -------- d-----w- F:\Users\P1\AppData\Local\{CA33EBDA-ABC9-4FBD-B8CA-71121B669B0F}
2012-07-12 20:45:31 -------- d-----w- F:\Users\P1\AppData\Local\{6DAD70D7-9026-439C-A453-9B83956E1AA8}
2012-07-12 20:45:17 -------- d-----w- F:\Users\P1\AppData\Local\{B5C4F0B7-9CA8-49DD-92F6-DB47E4455DB5}
2012-07-12 08:45:00 -------- d-----w- F:\Users\P1\AppData\Local\{CFFBBDE7-AA4D-487E-B8D3-7A284F9F9F0D}
2012-07-12 08:44:57 -------- d-----w- F:\Users\P1\AppData\Local\{1E69466D-4F57-4F34-8369-BC9CE52D99E9}
2012-07-12 08:44:50 -------- d-----w- F:\Users\P1\AppData\Local\{3484D303-4142-4C7B-A96D-410BFBF61CAE}
2012-07-12 08:44:34 -------- d-----w- F:\Users\P1\AppData\Local\{66001512-96BB-4027-A9E1-740FFA167E30}
2012-07-11 20:11:12 -------- d-----w- F:\Users\P1\AppData\Local\{EE55DE51-6BAD-4FB7-944B-8AED76DA9A11}
2012-07-11 20:10:59 -------- d-----w- F:\Users\P1\AppData\Local\{ECA72B2D-9E2B-4E90-9467-EF7BA9ECB66C}
2012-07-11 08:10:41 -------- d-----w- F:\Users\P1\AppData\Local\{7265256F-1015-41B7-9C6F-C76A8DB9C2E1}
2012-07-11 08:10:39 -------- d-----w- F:\Users\P1\AppData\Local\{1B5F8214-14D4-435F-87F7-9C39A71C9A42}
2012-07-11 08:10:36 -------- d-----w- F:\Users\P1\AppData\Local\{8B4A5683-5B0B-458E-9CBC-386A9F623704}
2012-07-11 08:10:22 -------- d-----w- F:\Users\P1\AppData\Local\{DC29A1D2-932B-4D1E-BF80-3EABBF963C4B}
2012-07-10 19:59:45 3148800 ----a-w- F:\Windows\System32\win32k.sys
2012-07-10 19:54:08 458704 ----a-w- F:\Windows\System32\drivers\cng.sys
2012-07-10 16:21:38 -------- d-----w- F:\Users\P1\AppData\Local\{A1AFEE27-4428-47B0-B30D-09BE2EB61D6E}
2012-07-10 16:21:36 -------- d-----w- F:\Users\P1\AppData\Local\{33F74923-1FE0-4011-8F15-393AD23A7955}
2012-07-10 16:21:33 -------- d-----w- F:\Users\P1\AppData\Local\{D283232E-E22E-42A8-924F-24D90B4683F2}
2012-07-10 16:21:16 -------- d-----w- F:\Users\P1\AppData\Local\{A8CF59F7-5798-4641-9FE7-B00847002FA2}
2012-07-09 23:17:09 -------- d-----w- F:\Users\P1\AppData\Local\{1AE0A3AA-773A-4C37-BA6D-A9EA81753BB1}
2012-07-09 23:16:56 -------- d-----w- F:\Users\P1\AppData\Local\{D32FBFA2-3804-40BD-934D-71F9C8DB7921}
2012-07-09 11:16:37 -------- d-----w- F:\Users\P1\AppData\Local\{D979E885-F767-493B-BE44-1642C6915D3D}
2012-07-09 11:16:23 -------- d-----w- F:\Users\P1\AppData\Local\{C6FD75D2-033B-42B1-A3A8-A6EEFF0EBC7A}
2012-07-08 23:02:54 -------- d-----w- F:\Users\P1\AppData\Local\{0F007ACF-E659-4194-9825-3807AE394AAC}
2012-07-08 23:02:53 -------- d-----w- F:\Users\P1\AppData\Local\{3A6C4CA1-5E47-417F-AB87-0323FDC22BF3}
2012-07-08 23:02:50 -------- d-----w- F:\Users\P1\AppData\Local\{B53315B3-9584-4186-B6C8-C6AD23E0ACDF}
2012-07-08 23:02:37 -------- d-----w- F:\Users\P1\AppData\Local\{969E35B3-D81E-4523-9EB4-3F82F525C9B9}
2012-07-08 17:37:49 82148 ----a-w- F:\Windows\SysWow64\drivers\VcommMgr.sys
2012-07-08 17:37:49 61312 ----a-w- F:\Windows\SysWow64\drivers\VComm.sys
2012-07-08 17:37:49 28207 ----a-w- F:\Windows\SysWow64\drivers\BTHidMgr.sys
2012-07-08 17:37:49 20096 ----a-w- F:\Windows\SysWow64\drivers\blueletaudio.sys
2012-07-08 17:37:49 148830 ----a-w- F:\Windows\SysWow64\drivers\bcbthub.sys
2012-07-08 17:37:49 13299 ----a-w- F:\Windows\SysWow64\drivers\packet.sys
2012-07-08 17:37:49 12504 ----a-w- F:\Windows\SysWow64\drivers\VHIDMini.sys
2012-07-08 17:37:49 11604 ----a-w- F:\Windows\SysWow64\drivers\VBTEnum.sys
2012-07-08 17:37:49 116021 ----a-w- F:\Windows\SysWow64\drivers\fw203x.sys
2012-07-08 17:37:49 10804 ----a-w- F:\Windows\SysWow64\drivers\BtNetDrv.sys
2012-07-08 17:37:48 7680 ----a-w- F:\Windows\SysWow64\btinstall.dll
2012-07-08 17:37:48 24152 ----a-w- F:\Windows\SysWow64\drivers\btcusb.sys
2012-07-08 17:36:52 77824 ----a-w- F:\Windows\SysWow64\drivers\SioUi2k.dll
2012-07-08 17:36:52 63488 ----a-w- F:\Windows\SysWow64\drivers\WSSBTR1F.SYS
2012-07-08 17:36:52 51169 ----a-w- F:\Windows\SysWow64\drivers\OXSER.SYS
2012-07-08 17:36:52 48556 ----a-w- F:\Windows\SysWow64\drivers\SktBt2k.sys
2012-07-08 17:36:52 48076 ----a-w- F:\Windows\SysWow64\drivers\Sio9502k.sys
2012-07-08 17:36:52 40960 ----a-w- F:\Windows\SysWow64\drivers\SCTray.exe
2012-07-08 17:34:58 -------- d-----w- F:\bluetooth
2012-07-08 11:02:17 -------- d-----w- F:\Users\P1\AppData\Local\{C2229D12-A64C-485C-AE64-1757E7DCC552}
2012-07-08 11:02:03 -------- d-----w- F:\Users\P1\AppData\Local\{A4A98507-0E5B-4EB9-914A-B8DAED3AA6D4}
2012-07-07 23:01:43 -------- d-----w- F:\Users\P1\AppData\Local\{31404107-A00D-48DB-AB3A-53384B34D36E}
2012-07-07 23:01:28 -------- d-----w- F:\Users\P1\AppData\Local\{B469F862-E9DE-45C7-8E19-4D1FF63E5C14}
2012-07-07 11:01:09 -------- d-----w- F:\Users\P1\AppData\Local\{860B05EF-CBC9-4A30-B451-9E6E0BDBC1DB}
2012-07-07 11:00:56 -------- d-----w- F:\Users\P1\AppData\Local\{2E136F16-22E1-4D9C-A49A-E8CFD5C42C6C}
2012-07-06 23:00:37 -------- d-----w- F:\Users\P1\AppData\Local\{C6E4914F-6893-408F-BF2B-7F94EFD6BB57}
2012-07-06 23:00:23 -------- d-----w- F:\Users\P1\AppData\Local\{D6895200-D3D4-4BF8-8429-51148B395072}
2012-07-06 11:00:01 -------- d-----w- F:\Users\P1\AppData\Local\{599362ED-35D7-4DFC-AAAE-F9AF4B6CB1F4}
2012-07-06 10:59:46 -------- d-----w- F:\Users\P1\AppData\Local\{2F45DE04-51A2-42B4-9756-0F9F88D5DBFD}
2012-07-05 22:48:29 -------- d-----w- F:\Users\P1\AppData\Local\{4CB38E6D-5183-4394-A86F-C096536976B1}
2012-07-05 10:48:09 -------- d-----w- F:\Users\P1\AppData\Local\{2CD645F0-DB13-4EA0-B372-558A8D3DB518}
2012-07-05 10:47:55 -------- d-----w- F:\Users\P1\AppData\Local\{8F441228-660E-4885-8922-F512709C9F49}
2012-07-04 22:47:28 -------- d-----w- F:\Users\P1\AppData\Local\{C1F93E0A-160C-4556-8D32-7036A840E064}
2012-07-04 10:46:58 -------- d-----w- F:\Users\P1\AppData\Local\{A48B2D2F-4B8E-4028-97C7-31C613CA3429}
2012-07-04 10:46:44 -------- d-----w- F:\Users\P1\AppData\Local\{AF580D92-CEB2-410A-AAF4-6EB7623644F0}
2012-07-03 22:46:26 -------- d-----w- F:\Users\P1\AppData\Local\{2A2187D8-5DC1-4D67-B307-3D55743F4F1B}
2012-07-03 22:46:12 -------- d-----w- F:\Users\P1\AppData\Local\{8F9930A8-9BF4-495C-908E-5163C8BD7DB0}
2012-07-03 10:45:53 -------- d-----w- F:\Users\P1\AppData\Local\{05D5E643-DE05-4DAD-8796-881F21802F2D}
2012-07-03 10:45:40 -------- d-----w- F:\Users\P1\AppData\Local\{E2586E2B-D800-4B7D-B326-4A235C9F4327}
2012-07-02 22:45:19 -------- d-----w- F:\Users\P1\AppData\Local\{D6E837AE-F114-4AC4-BDD1-046C4FBD8DC9}
.
==================== Find3M ====================
.
2012-07-27 17:03:15 70344 ----a-w- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 17:03:15 426184 ----a-w- F:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 13:29:25 560184 ----a-w- F:\Windows\System32\drivers\sptd.sys
2012-06-08 23:37:04 139704 ----a-w- F:\Windows\System32\drivers\efavdrv.sys
2012-06-06 06:06:16 2004480 ----a-w- F:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- F:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- F:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- F:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- F:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- F:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- F:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- F:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- F:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- F:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- F:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- F:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- F:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- F:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- F:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- F:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- F:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- F:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- F:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- F:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:48:16 95600 ----a-w- F:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- F:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- F:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- F:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- F:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- F:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- F:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- F:\Windows\SysWow64\sspicli.dll
2012-05-31 11:25:12 279656 ------w- F:\Windows\System32\MpSigStub.exe
2012-05-15 09:29:47 889664 ----a-w- F:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- F:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- F:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- F:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- F:\Windows\System32\nvcpl.dll
2012-05-15 01:21:50 423744 ----a-w- F:\Windows\SysWow64\nvStreaming.exe
2012-05-04 11:06:22 5559664 ----a-w- F:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- F:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- F:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 16:30:16.94 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 19/04/2011 23:04:36
System Uptime: 01/08/2012 16:22:26 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N4-SLI
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 77 GiB total, 18.72 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 18.965 GiB free.
E: is FIXED (NTFS) - 75 GiB total, 11.636 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 88.494 GiB free.
G: is FIXED (NTFS) - 38 GiB total, 7.901 GiB free.
H: is FIXED (NTFS) - 186 GiB total, 21.116 GiB free.
J: is FIXED (NTFS) - 466 GiB total, 62.892 GiB free.
K: is FIXED (NTFS) - 298 GiB total, 61.089 GiB free.
L: is CDROM ()
M: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: epfwwfpr
Device ID: ROOT\LEGACY_EPFWWFPR\0000
Manufacturer:
Name: epfwwfpr
PNP Device ID: ROOT\LEGACY_EPFWWFPR\0000
Service: epfwwfpr
.
==== System Restore Points ===================
.
RP269: 10/07/2012 09:04:13 - Windows Update
RP270: 10/07/2012 20:54:20 - Windows Update
RP271: 17/07/2012 22:38:38 - Windows Update
RP273: 18/07/2012 14:29:06 - SPTD setup V1.81
RP274: 24/07/2012 09:14:22 - Windows Update
RP275: 31/07/2012 08:08:56 - Windows Update
.
==== Installed Programs ======================
.
360Amigo System Speedup PRO
AC3Filter 1.63b
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Advanced CAB Repair v1.0
Angry Birds Space
Armada 2526 SuperNova
Assassin's Creed Brotherhood
Battlefield 2™
Battlefield 2: Special Forces
Brothers in Arms: Hell's Highway
Bulletstorm
Call of Duty® - World at War™
Call of Duty® - World at War™ 1.1 Patch
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.5 Patch
Call of Duty® - World at War™ 1.6 Patch
Call of Duty® - World at War™ 1.7 Patch
CDisplay 1.8
Company of Heroes
Company of Heroes - FAKEMSI
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Crysis® 2
D3DX10
DAEMON Tools Lite
DiRT 3
DivX H.264 decoder 8.2.0.26
DivX Setup
Easy Video Capture 1.30
ESET Online Scanner v3
F1 2010
F1 2011
FIFA 11
Flight Simulator X
Flight Simulator X Service Pack 1
Google Chrome
Google Earth
Google Update Helper
HiJackThis
IL-2 Sturmovik 1946
iprivobar Toolbar
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
K-Lite Codec Pack 8.0.0 (Full)
KiSS PC-Link 3.0.5
LG PC Suite II
LG USB Modem driver
Live Security Platinum
Malwarebytes Anti-Malware version 1.61.0.1400
Media Player Classic - Home Cinema v1.5.2.3456
Mesh Runtime
Messenger Companion
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X: Acceleration
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Monkey Island™ Special Edition Collection
Mount&Blade With Fire and Sword
Mozilla Firefox 13.0.1 (x86 en-GB)
Mozilla Maintenance Service
MP3 To Ringtone Gold 5.23
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MTXExtractor
Nero 7 Ultra Edition
neroxml
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.3
PunkBuster Services
Railworks 3 Train Simulator 2012 Deluxe
Rapture3D 2.4.9 Game
RCT3 Soaked
Revo Uninstaller 1.94
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
RollerCoaster Tycoon® 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Sophos Virus Removal Tool
SpeedFan (remove only)
Stellarium 0.11.2
TmNationsForever
Touchstone Installer
Turok
Ubisoft Game Launcher
Unity Web Player
Unreal Tournament G.O.T.Y. Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 OpenMP (x86) WinSXS MSM
Vuze
Western Railway NV 3D Screensaver 2.0
Winamp
Winamp Detector Plug-in
WinAVI All in One Converter
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
World of Tanks v.0.6.6
.
==== Event Viewer Messages From Past Week ========
.
25/07/2012 17:15:40, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk8\DR13.
01/08/2012 16:25:08, Error: Service Control Manager [7000] -
01/08/2012 15:59:35, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
01/08/2012 09:45:04, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: F:\Windows\System32\slui.exe -Embedding
.
==== End Of File ===========================


GMER results

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-01 17:14:41
Windows 6.1.7601 Service Pack 1
Running: dq3x4ke9.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f6052d0f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f6052d0f@001f6b25517a 0x73 0x2E 0x69 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0xCB 0xDD 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC9 0x5E 0x29 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xE8 0xC0 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f6052d0f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f6052d0f@001f6b25517a 0x73 0x2E 0x69 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0xCB 0xDD 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC9 0x5E 0x29 0x38 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xE8 0xC0 0x5E ...

---- Files - GMER 1.0.15 ----

File F:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5988UGBV\terms[1].htm 0 bytes
File F:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CACRUX5C.txt 0 bytes

---- EOF - GMER 1.0.15 ----

This infection has disabled access to my firewall settings also ...
I would appreciate any help you can give me ...
Thanks in advance

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:52 PM

Posted 01 August 2012 - 02:15 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 01 August 2012 - 04:25 PM

Hi...
Thanks for the prompt reply ... TDSS reports nothing found and plse find the logfiles for Combofix and checkup below...
System appears to be running 100% normally again now..



ComboFix 12-07-31.03 - P1 01/08/2012 21:38:54.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2931 [GMT 1:00]
Running from: f:\users\P1\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\programdata\Adobe\gccheck.exe
f:\users\P1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
f:\windows\Installer\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\@
f:\windows\Installer\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\U\00000001.@
f:\windows\Installer\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\U\800000cb.@
.
Infected copy of f:\windows\system32\services.exe was found and disinfected
Restored copy from - f:\windows\ERDNT\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 20:53 . 2012-08-01 20:53 -------- d-----w- f:\users\UpdatusUser\AppData\Local\temp
2012-08-01 20:53 . 2012-08-01 20:53 -------- d-----w- f:\users\Public\AppData\Local\temp
2012-08-01 20:53 . 2012-08-01 20:53 -------- d-----w- f:\users\Default\AppData\Local\temp
2012-08-01 14:57 . 2012-08-01 17:51 -------- d-----w- f:\programdata\0C1D14A100001B0900089F29F875EF60
2012-07-31 07:10 . 2012-06-29 10:04 9133488 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{CE655174-4FE7-4E94-8B1A-F436E301FA5E}\mpengine.dll
2012-07-20 00:51 . 2012-07-20 00:51 -------- d-----w- f:\program files (x86)\QuickTime
2012-07-18 19:57 . 2012-07-18 19:57 -------- d-----w- f:\program files (x86)\Rovio
2012-07-18 14:46 . 2012-07-18 14:46 -------- d-----w- f:\program files (x86)\Mozilla Maintenance Service
2012-07-18 14:45 . 2012-07-18 14:45 624608 ----a-w- f:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-18 14:45 . 2012-07-18 14:45 43488 ----a-w- f:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-07-18 14:45 . 2012-07-18 14:45 157608 ----a-w- f:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-18 14:45 . 2012-07-18 14:45 113120 ----a-w- f:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-18 14:45 . 2012-07-18 14:45 770384 ----a-w- f:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-18 14:45 . 2012-07-18 14:45 421200 ----a-w- f:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-18 13:28 . 2012-07-18 13:28 -------- d-----w- f:\program files (x86)\DAEMON Tools Lite
2012-07-10 19:59 . 2012-06-12 03:08 3148800 ----a-w- f:\windows\system32\win32k.sys
2012-07-10 19:54 . 2012-06-02 05:50 458704 ----a-w- f:\windows\system32\drivers\cng.sys
2012-07-10 19:53 . 2012-06-09 05:43 14172672 ----a-w- f:\windows\system32\shell32.dll
2012-07-08 17:37 . 2004-11-05 10:39 82148 ----a-w- f:\windows\SysWow64\drivers\VcommMgr.sys
2012-07-08 17:37 . 2004-10-19 12:40 28207 ----a-w- f:\windows\SysWow64\drivers\BTHidMgr.sys
2012-07-08 17:37 . 2004-10-19 12:37 61312 ----a-w- f:\windows\SysWow64\drivers\VComm.sys
2012-07-08 17:37 . 2004-10-19 10:39 20096 ----a-w- f:\windows\SysWow64\drivers\blueletaudio.sys
2012-07-08 17:37 . 2004-09-22 17:08 12504 ----a-w- f:\windows\SysWow64\drivers\VHIDMini.sys
2012-07-08 17:37 . 2004-09-21 17:18 148830 ----a-w- f:\windows\SysWow64\drivers\bcbthub.sys
2012-07-08 17:37 . 2004-09-21 17:18 13299 ----a-w- f:\windows\SysWow64\drivers\packet.sys
2012-07-08 17:37 . 2004-09-21 17:18 116021 ----a-w- f:\windows\SysWow64\drivers\fw203x.sys
2012-07-08 17:37 . 2004-09-21 17:18 11604 ----a-w- f:\windows\SysWow64\drivers\VBTEnum.sys
2012-07-08 17:37 . 2004-09-21 17:15 10804 ----a-w- f:\windows\SysWow64\drivers\BtNetDrv.sys
2012-07-08 17:37 . 2004-11-08 09:22 24152 ----a-w- f:\windows\SysWow64\drivers\btcusb.sys
2012-07-08 17:37 . 2004-09-21 17:18 7680 ----a-w- f:\windows\SysWow64\btinstall.dll
2012-07-08 17:36 . 2004-03-22 18:26 48556 ----a-w- f:\windows\SysWow64\drivers\SktBt2k.sys
2012-07-08 17:36 . 2004-02-10 21:29 48076 ----a-w- f:\windows\SysWow64\drivers\Sio9502k.sys
2012-07-08 17:36 . 2003-07-03 10:58 63488 ----a-w- f:\windows\SysWow64\drivers\WSSBTR1F.SYS
2012-07-08 17:36 . 2003-04-28 09:31 51169 ----a-w- f:\windows\SysWow64\drivers\OXSER.SYS
2012-07-08 17:36 . 2002-09-22 15:30 40960 ----a-w- f:\windows\SysWow64\drivers\SCTray.exe
2012-07-08 17:36 . 2002-09-17 15:11 77824 ----a-w- f:\windows\SysWow64\drivers\SioUi2k.dll
2012-07-08 17:34 . 2012-07-08 17:34 -------- d-----w- F:\bluetooth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 17:03 . 2012-04-18 09:16 426184 ----a-w- f:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 17:03 . 2011-05-13 08:39 70344 ----a-w- f:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 13:29 . 2011-04-29 21:50 560184 ----a-w- f:\windows\system32\drivers\sptd.sys
2012-07-10 19:56 . 2009-10-14 12:51 59701280 ----a-w- f:\windows\system32\MRT.exe
2012-06-11 17:02 . 2012-06-11 17:02 388096 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-08 23:37 . 2012-06-08 23:33 139704 ----a-w- f:\windows\system32\drivers\efavdrv.sys
2012-06-02 22:19 . 2012-06-22 08:57 38424 ----a-w- f:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 08:58 2428952 ----a-w- f:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 08:58 57880 ----a-w- f:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 08:58 44056 ----a-w- f:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:57 701976 ----a-w- f:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 08:58 2622464 ----a-w- f:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 08:57 99840 ----a-w- f:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 08:57 186752 ----a-w- f:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-22 08:57 36864 ----a-w- f:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2009-10-14 12:52 279656 ------w- f:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2012-05-23 01:56 8139072 ----a-w- f:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 01:56 5982528 ----a-w- f:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 01:56 2881856 ----a-w- f:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 01:56 2681664 ----a-w- f:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 01:56 25743168 ----a-w- f:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 01:56 2524992 ----a-w- f:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 01:56 25248064 ----a-w- f:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 01:56 2445120 ----a-w- f:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 01:56 2368832 ----a-w- f:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-23 01:56 19607872 ----a-w- f:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 01:56 17551680 ----a-w- f:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 01:56 15322432 ----a-w- f:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-23 01:56 14298944 ----a-w- f:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-04-23 11:21 68928 ----a-w- f:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-23 11:21 61248 ----a-w- f:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-21 22:01 8105280 ----a-w- f:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-02-21 22:01 18044224 ----a-w- f:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-21 22:01 10194752 ----a-w- f:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-02-21 22:01 2741568 ----a-w- f:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-09-24 12:40 1738048 ----a-w- f:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-09-24 12:40 1468224 ----a-w- f:\windows\system32\nvgenco64.dll
2012-05-15 09:29 . 2011-06-21 00:23 889664 ----a-w- f:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-06-21 00:23 63296 ----a-w- f:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-06-21 00:23 118080 ----a-w- f:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-06-21 00:23 3149632 ----a-w- f:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-06-21 00:23 6151488 ----a-w- f:\windows\system32\nvcpl.dll
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- f:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-12 17:54 5559664 ----a-w- f:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 17:54 3968368 ----a-w- f:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 17:54 3913072 ----a-w- f:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="f:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="f:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"QuickTime Task"="f:\program files (x86)\QuickTime\qttask.exe" [2012-07-20 421888]
.
f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
KiSS PC-Link.lnk - f:\program files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe [2011-4-28 651776]
UltraMon.lnk - f:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2011-4-28 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 acssrv;Agnitum Client Security Service;f:\progra~1\Agnitum\OUTPOS~1\acs.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;f:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;f:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 ASWFilt;ASWFilt;f:\windows\system32\Filt\ASWFilt64.dll [2011-06-15 66184]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;f:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-20 79360]
R3 efavdrv;efavdrv;f:\windows\system32\drivers\efavdrv.sys [2012-06-08 139704]
R3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;f:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 Razerlow;Razer Pro|Solutions;f:\windows\system32\drivers\DB3G.sys [2005-11-07 21120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;f:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RivaTuner64;RivaTuner64;f:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-04-08 19952]
R3 Synth3dVsc;Synth3dVsc;f:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;f:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;f:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;f:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]
R4 !SASCORE;SAS Core Service;f:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 AdobeARMservice;Adobe Acrobat Update Service;f:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R4 gupdate;Google Update Service (gupdate);f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R4 gupdatem;Google Update Service (gupdatem);f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R4 MBAMService;MBAMService;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 SophosVirusRemovalTool;Sophos Virus Removal Tool;f:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-04-16 151064]
R4 wlcrasvc;Windows Live Mesh remote connections service;f:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SandBox;SandBox;f:\windows\system32\drivers\SandBox64.sys [2011-06-15 1250088]
S0 sptd;sptd;f:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 afw;Agnitum Firewall Driver;f:\windows\system32\DRIVERS\afw.sys [2011-03-28 38488]
S1 ehdrv;ehdrv;f:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 132464]
S1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 ekrn;ESET Service;f:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;f:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 120128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;f:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UltraMonUtility;UltraMon Utility Driver;f:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 afwcore;afwcore;f:\windows\system32\drivers\afwcore.sys [2011-06-15 444504]
S3 MOSUMAC;USB-Ethernet Driver;f:\windows\system32\DRIVERS\USBMAC64.SYS [2009-12-07 55296]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;f:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 17:03]
.
2012-08-01 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 19:03]
.
2012-08-01 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 19:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2680696]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - f:\users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{81d24ea1-3106-46a5-a324-fa96b8178519} - f:\program files (x86)\iprivobar\prxtbipri.dll
Toolbar-{81d24ea1-3106-46a5-a324-fa96b8178519} - f:\program files (x86)\iprivobar\prxtbipri.dll
ShellIconOverlayIdentifiers-{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} - f:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll
HKLM-Run-OutpostMonitor - f:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
AddRemove-iprivobar Toolbar - f:\program files (x86)\iprivobar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{81D24EA1-3106-46A5-A324-FA96B8178519}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4d,c1,
85,34,7f,cb,03,dc,32,b9,d6,bd,49,c1,0d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{A1A7E22D-1587-4230-8F16-081C68D21448}"=hex:51,66,7a,6c,4c,1d,38,12,43,e1,b4,
a5,b5,5b,5e,07,f0,00,4b,5c,6d,8c,50,5c
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:33,ca,9b,97,15,47,cd,01
.
[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="f:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="f:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{A23953CB-3147-45D6-A396-992B0666610B}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.314.0"
"UniqueId"="000C4BD34DB9A803"
"ScannerBuild"=dword:000023cf
"ScannerVersionId"=dword:000017bf
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\0e:\0ds"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
f:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
f:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-08-01 22:02:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 21:02
.
Pre-Run: 93,561,163,776 bytes free
Post-Run: 93,652,193,280 bytes free
.
- - End Of File - - 4B358D2A09B417DF42F5994923A693FE



Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Reader X (10.1.0)
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive F: 0%
````````````````````End of Log``````````````````````



Thanks again for your help :)

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:52 PM

Posted 01 August 2012 - 08:34 PM

For now, let's clear the main infection. We'll leave the Firewall settings for later.

----------Step 1----------------
Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::
f:\programdata\0C1D14A100001B0900089F29F875EF60
f:\Windows\Installer\0C1D14A100001B0900089F29F875EF60

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)


----------Step 2----------------
We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 01 August 2012 - 09:38 PM

Log files as requested...
System all still appears to be running normally


ComboFix 12-07-31.03 - P1 02/08/2012 2:50.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2394 [GMT 1:00]
Running from: f:\users\P1\Desktop\ComboFix.exe
Command switches used :: f:\users\P1\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\programdata\0C1D14A100001B0900089F29F875EF60
f:\programdata\0C1D14A100001B0900089F29F875EF60\0C1D14A100001B0900089F29F875EF60
f:\programdata\0C1D14A100001B0900089F29F875EF60\0C1D14A100001B0900089F29F875EF60.ico
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 01:59 . 2012-08-02 01:59 -------- d-----w- f:\users\UpdatusUser\AppData\Local\temp
2012-08-02 01:59 . 2012-08-02 01:59 -------- d-----w- f:\users\Public\AppData\Local\temp
2012-08-02 01:59 . 2012-08-02 01:59 -------- d-----w- f:\users\Default\AppData\Local\temp
2012-07-31 07:10 . 2012-06-29 10:04 9133488 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{CE655174-4FE7-4E94-8B1A-F436E301FA5E}\mpengine.dll
2012-07-20 00:51 . 2012-07-20 00:51 -------- d-----w- f:\program files (x86)\QuickTime
2012-07-18 19:57 . 2012-07-18 19:57 -------- d-----w- f:\program files (x86)\Rovio
2012-07-18 14:46 . 2012-07-18 14:46 -------- d-----w- f:\program files (x86)\Mozilla Maintenance Service
2012-07-18 14:45 . 2012-07-18 14:45 624608 ----a-w- f:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-18 14:45 . 2012-07-18 14:45 43488 ----a-w- f:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-07-18 14:45 . 2012-07-18 14:45 157608 ----a-w- f:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-18 14:45 . 2012-07-18 14:45 113120 ----a-w- f:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-18 14:45 . 2012-07-18 14:45 770384 ----a-w- f:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-18 14:45 . 2012-07-18 14:45 421200 ----a-w- f:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-18 13:28 . 2012-07-18 13:28 -------- d-----w- f:\program files (x86)\DAEMON Tools Lite
2012-07-10 19:59 . 2012-06-12 03:08 3148800 ----a-w- f:\windows\system32\win32k.sys
2012-07-10 19:54 . 2012-06-02 05:50 458704 ----a-w- f:\windows\system32\drivers\cng.sys
2012-07-10 19:53 . 2012-06-09 05:43 14172672 ----a-w- f:\windows\system32\shell32.dll
2012-07-08 17:37 . 2004-11-05 10:39 82148 ----a-w- f:\windows\SysWow64\drivers\VcommMgr.sys
2012-07-08 17:37 . 2004-10-19 12:40 28207 ----a-w- f:\windows\SysWow64\drivers\BTHidMgr.sys
2012-07-08 17:37 . 2004-10-19 12:37 61312 ----a-w- f:\windows\SysWow64\drivers\VComm.sys
2012-07-08 17:37 . 2004-10-19 10:39 20096 ----a-w- f:\windows\SysWow64\drivers\blueletaudio.sys
2012-07-08 17:37 . 2004-09-22 17:08 12504 ----a-w- f:\windows\SysWow64\drivers\VHIDMini.sys
2012-07-08 17:37 . 2004-09-21 17:18 148830 ----a-w- f:\windows\SysWow64\drivers\bcbthub.sys
2012-07-08 17:37 . 2004-09-21 17:18 13299 ----a-w- f:\windows\SysWow64\drivers\packet.sys
2012-07-08 17:37 . 2004-09-21 17:18 116021 ----a-w- f:\windows\SysWow64\drivers\fw203x.sys
2012-07-08 17:37 . 2004-09-21 17:18 11604 ----a-w- f:\windows\SysWow64\drivers\VBTEnum.sys
2012-07-08 17:37 . 2004-09-21 17:15 10804 ----a-w- f:\windows\SysWow64\drivers\BtNetDrv.sys
2012-07-08 17:37 . 2004-11-08 09:22 24152 ----a-w- f:\windows\SysWow64\drivers\btcusb.sys
2012-07-08 17:37 . 2004-09-21 17:18 7680 ----a-w- f:\windows\SysWow64\btinstall.dll
2012-07-08 17:36 . 2004-03-22 18:26 48556 ----a-w- f:\windows\SysWow64\drivers\SktBt2k.sys
2012-07-08 17:36 . 2004-02-10 21:29 48076 ----a-w- f:\windows\SysWow64\drivers\Sio9502k.sys
2012-07-08 17:36 . 2003-07-03 10:58 63488 ----a-w- f:\windows\SysWow64\drivers\WSSBTR1F.SYS
2012-07-08 17:36 . 2003-04-28 09:31 51169 ----a-w- f:\windows\SysWow64\drivers\OXSER.SYS
2012-07-08 17:36 . 2002-09-22 15:30 40960 ----a-w- f:\windows\SysWow64\drivers\SCTray.exe
2012-07-08 17:36 . 2002-09-17 15:11 77824 ----a-w- f:\windows\SysWow64\drivers\SioUi2k.dll
2012-07-08 17:34 . 2012-07-08 17:34 -------- d-----w- F:\bluetooth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 22:54 . 2012-04-18 09:16 426184 ----a-w- f:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 22:54 . 2011-05-13 08:39 70344 ----a-w- f:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 13:29 . 2011-04-29 21:50 560184 ----a-w- f:\windows\system32\drivers\sptd.sys
2012-07-10 19:56 . 2009-10-14 12:51 59701280 ----a-w- f:\windows\system32\MRT.exe
2012-06-11 17:02 . 2012-06-11 17:02 388096 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-08 23:37 . 2012-06-08 23:33 139704 ----a-w- f:\windows\system32\drivers\efavdrv.sys
2012-06-02 22:19 . 2012-06-22 08:57 38424 ----a-w- f:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 08:58 2428952 ----a-w- f:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 08:58 57880 ----a-w- f:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 08:58 44056 ----a-w- f:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:57 701976 ----a-w- f:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 08:58 2622464 ----a-w- f:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 08:57 99840 ----a-w- f:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 08:57 186752 ----a-w- f:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-22 08:57 36864 ----a-w- f:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2009-10-14 12:52 279656 ------w- f:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2012-05-23 01:56 8139072 ----a-w- f:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 01:56 5982528 ----a-w- f:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 01:56 2881856 ----a-w- f:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 01:56 2681664 ----a-w- f:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 01:56 25743168 ----a-w- f:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 01:56 2524992 ----a-w- f:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 01:56 25248064 ----a-w- f:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 01:56 2445120 ----a-w- f:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 01:56 2368832 ----a-w- f:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-23 01:56 19607872 ----a-w- f:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 01:56 17551680 ----a-w- f:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 01:56 15322432 ----a-w- f:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-23 01:56 14298944 ----a-w- f:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-04-23 11:21 68928 ----a-w- f:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-23 11:21 61248 ----a-w- f:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-21 22:01 8105280 ----a-w- f:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-02-21 22:01 18044224 ----a-w- f:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-21 22:01 10194752 ----a-w- f:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-02-21 22:01 2741568 ----a-w- f:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-09-24 12:40 1738048 ----a-w- f:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-09-24 12:40 1468224 ----a-w- f:\windows\system32\nvgenco64.dll
2012-05-15 09:29 . 2011-06-21 00:23 889664 ----a-w- f:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-06-21 00:23 63296 ----a-w- f:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-06-21 00:23 118080 ----a-w- f:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-06-21 00:23 3149632 ----a-w- f:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-06-21 00:23 6151488 ----a-w- f:\windows\system32\nvcpl.dll
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- f:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-12 17:54 5559664 ----a-w- f:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 17:54 3968368 ----a-w- f:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 17:54 3913072 ----a-w- f:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-01_20.56.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-20 00:57 . 2012-08-02 02:02 51516 f:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-08-01 20:57 48668 f:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-02 02:02 48668 f:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 00:50 . 2012-08-02 02:02 16274 f:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-818302674-3230007097-328040447-1001_UserData.bin
+ 2012-08-02 02:00 . 2012-08-02 02:00 2048 f:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-01 20:55 . 2012-08-01 20:55 2048 f:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 02:00 . 2012-08-02 02:00 2048 f:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-01 20:55 . 2012-08-01 20:55 2048 f:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-27 11:03 . 2012-08-01 22:54 686792 f:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
- 2012-07-27 11:03 . 2012-07-27 11:03 686792 f:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
+ 2012-07-27 11:03 . 2012-08-01 22:54 466632 f:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
- 2012-07-27 11:03 . 2012-07-27 11:03 466632 f:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
- 2012-04-18 09:16 . 2012-07-27 17:03 250056 f:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-18 09:16 . 2012-08-01 22:54 250056 f:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-27 11:03 . 2012-08-01 22:54 417992 f:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
- 2012-07-27 11:03 . 2012-07-27 11:03 417992 f:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
+ 2012-07-27 11:03 . 2012-08-01 22:54 513224 f:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.dll
- 2012-07-27 11:03 . 2012-07-27 11:03 513224 f:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.dll
- 2011-04-19 22:02 . 2012-08-01 20:22 409600 f:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-19 22:02 . 2012-08-01 21:30 409600 f:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-08-01 20:54 284448 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-02 01:59 284448 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-19 22:02 . 2012-08-01 20:22 2408448 f:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-19 22:02 . 2012-08-01 21:30 2408448 f:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-01 20:22 8962048 f:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-01 21:30 8962048 f:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-08 18:27 . 2012-08-01 20:30 10186408 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-818302674-3230007097-328040447-1001-8192.dat
+ 2012-06-08 18:27 . 2012-08-02 01:59 10186408 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-818302674-3230007097-328040447-1001-8192.dat
+ 2012-06-08 18:27 . 2012-08-02 01:59 14117643 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-818302674-3230007097-328040447-1001-4096.dat
+ 2011-04-20 01:41 . 2012-08-02 01:59 56279176 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-818302674-3230007097-328040447-1001-12288.dat
- 2011-04-20 01:41 . 2012-08-01 17:52 56279176 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-818302674-3230007097-328040447-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{81d24ea1-3106-46a5-a324-fa96b8178519}]
f:\program files (x86)\iprivobar\prxtbipri.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{81d24ea1-3106-46a5-a324-fa96b8178519}"= "f:\program files (x86)\iprivobar\prxtbipri.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{81d24ea1-3106-46a5-a324-fa96b8178519}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="f:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="f:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"QuickTime Task"="f:\program files (x86)\QuickTime\qttask.exe" [2012-07-20 421888]
.
f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
KiSS PC-Link.lnk - f:\program files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe [2011-4-28 651776]
UltraMon.lnk - f:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2011-4-28 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 acssrv;Agnitum Client Security Service;f:\progra~1\Agnitum\OUTPOS~1\acs.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;f:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;f:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 ASWFilt;ASWFilt;f:\windows\system32\Filt\ASWFilt64.dll [2011-06-15 66184]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;f:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-20 79360]
R3 efavdrv;efavdrv;f:\windows\system32\drivers\efavdrv.sys [2012-06-08 139704]
R3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;f:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 Razerlow;Razer Pro|Solutions;f:\windows\system32\drivers\DB3G.sys [2005-11-07 21120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;f:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RivaTuner64;RivaTuner64;f:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-04-08 19952]
R3 Synth3dVsc;Synth3dVsc;f:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;f:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;f:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;f:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]
R4 !SASCORE;SAS Core Service;f:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 AdobeARMservice;Adobe Acrobat Update Service;f:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 gupdate;Google Update Service (gupdate);f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R4 gupdatem;Google Update Service (gupdatem);f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R4 MBAMService;MBAMService;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 SophosVirusRemovalTool;Sophos Virus Removal Tool;f:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-04-16 151064]
R4 wlcrasvc;Windows Live Mesh remote connections service;f:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SandBox;SandBox;f:\windows\system32\drivers\SandBox64.sys [2011-06-15 1250088]
S0 sptd;sptd;f:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 afw;Agnitum Firewall Driver;f:\windows\system32\DRIVERS\afw.sys [2011-03-28 38488]
S1 ehdrv;ehdrv;f:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 132464]
S1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 ekrn;ESET Service;f:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;f:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 120128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;f:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UltraMonUtility;UltraMon Utility Driver;f:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 afwcore;afwcore;f:\windows\system32\drivers\afwcore.sys [2011-06-15 444504]
S3 MOSUMAC;USB-Ethernet Driver;f:\windows\system32\DRIVERS\USBMAC64.SYS [2009-12-07 55296]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;f:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 19:03]
.
2012-08-02 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 19:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
f:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2680696]
"OutpostMonitor"="f:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - f:\users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{81D24EA1-3106-46A5-A324-FA96B8178519}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4d,c1,
85,34,7f,cb,03,dc,32,b9,d6,bd,49,c1,0d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{A1A7E22D-1587-4230-8F16-081C68D21448}"=hex:51,66,7a,6c,4c,1d,38,12,43,e1,b4,
a5,b5,5b,5e,07,f0,00,4b,5c,6d,8c,50,5c
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:33,ca,9b,97,15,47,cd,01
.
[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="f:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="f:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{A23953CB-3147-45D6-A396-992B0666610B}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.314.0"
"UniqueId"="000C4BD34DB9A803"
"ScannerBuild"=dword:000023cf
"ScannerVersionId"=dword:000017bf
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\0e:\0ds"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
f:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
f:\windows\SysWOW64\PnkBstrA.exe
f:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-08-02 03:08:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 02:08
ComboFix2.txt 2012-08-01 21:02
.
Pre-Run: 99,101,495,296 bytes free
Post-Run: 98,687,418,368 bytes free
.
- - End Of File - - CEE7022D7B71B8FA697BCC206F10675A





OTL logfile created on: 02/08/2012 03:14:09 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = F:\Users\P1\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 64.30% Memory free
8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 76.68 Gb Total Space | 18.72 Gb Free Space | 24.41% Space Free | Partition Type: NTFS
Drive D: | 38.33 Gb Total Space | 18.96 Gb Free Space | 49.47% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 11.64 Gb Free Space | 15.61% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 91.99 Gb Free Space | 39.50% Space Free | Partition Type: NTFS
Drive G: | 38.28 Gb Total Space | 7.90 Gb Free Space | 20.64% Space Free | Partition Type: NTFS
Drive H: | 186.31 Gb Total Space | 21.11 Gb Free Space | 11.33% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 62.89 Gb Free Space | 13.50% Space Free | Partition Type: NTFS
Drive K: | 298.09 Gb Total Space | 61.09 Gb Free Space | 20.49% Space Free | Partition Type: NTFS

Computer Name: P1-PC | User Name: P1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 03:12:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- F:\Users\P1\Desktop\OTL.exe
PRC - [2012/08/01 23:54:55 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/17 16:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/04/17 16:19:32 | 002,614,080 | ---- | M] (DT Soft Ltd) -- F:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2011/05/10 12:40:52 | 000,075,136 | ---- | M] () -- F:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- F:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- F:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/01/12 13:50:30 | 000,651,776 | ---- | M] () -- F:\Program Files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/10 09:07:18 | 000,166,912 | ---- | M] () -- F:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- F:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2007/01/12 13:50:30 | 000,651,776 | ---- | M] () -- F:\Program Files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe
MOD - [2006/08/25 11:07:12 | 000,153,088 | ---- | M] () -- F:\Program Files (x86)\Linksys\KiSS PC-Link\imageformats\qjpeg1.dll
MOD - [2006/08/25 10:56:52 | 000,454,656 | ---- | M] () -- F:\Program Files (x86)\Linksys\KiSS PC-Link\QtNetwork4.dll
MOD - [2006/08/25 10:55:42 | 005,784,576 | ---- | M] () -- F:\Program Files (x86)\Linksys\KiSS PC-Link\QtGui4.dll
MOD - [2006/08/25 10:44:12 | 000,343,552 | ---- | M] () -- F:\Program Files (x86)\Linksys\KiSS PC-Link\QtXml4.dll
MOD - [2006/08/25 10:43:54 | 002,170,368 | ---- | M] () -- F:\Program Files (x86)\Linksys\KiSS PC-Link\QtCore4.dll
MOD - [2005/01/13 21:19:50 | 000,015,960 | ---- | M] () -- F:\Program Files (x86)\Linksys\KiSS PC-Link\mingwm10.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- F:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/02/06 14:27:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- F:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2012/07/18 15:45:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/16 11:15:58 | 000,151,064 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- F:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/10 12:40:52 | 000,075,136 | ---- | M] () [Auto | Running] -- F:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/04/20 01:57:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- F:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- F:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- F:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/18 14:29:25 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/06/09 00:37:04 | 000,139,704 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\efavdrv.sys -- (efavdrv)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/15 14:22:08 | 000,066,184 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\Filt\ASWFilt64.dll -- (ASWFilt)
DRV:64bit: - [2011/06/15 14:22:04 | 001,250,088 | ---- | M] (Agnitum Ltd.) [File_System | Boot | Running] -- F:\Windows\SysNative\drivers\SandBox64.sys -- (SandBox)
DRV:64bit: - [2011/06/15 14:21:42 | 000,444,504 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2011/04/26 10:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/03/28 18:53:54 | 000,038,488 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\afw.sys -- (afw)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/12/07 11:39:24 | 000,055,296 | ---- | M] (--) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\USBMAC64.SYS -- (MOSUMAC)
DRV:64bit: - [2009/10/16 06:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/06 14:24:50 | 000,120,128 | ---- | M] (ESET) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/02/06 14:23:20 | 000,132,464 | ---- | M] (ESET) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/02/06 14:19:56 | 000,141,728 | ---- | M] (ESET) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2005/11/07 06:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012/04/08 02:04:05 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- F:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {81d24ea1-3106-46a5-a324-fa96b8178519} - SOFTWARE\Classes\CLSID\{81d24ea1-3106-46a5-a324-fa96b8178519}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-818302674-3230007097-328040447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\downloads
IE - HKU\S-1-5-21-818302674-3230007097-328040447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-818302674-3230007097-328040447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-818302674-3230007097-328040447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 AC DC ED F7 FE CB 01 [binary data]
IE - HKU\S-1-5-21-818302674-3230007097-328040447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-818302674-3230007097-328040447-1001\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKU\S-1-5-21-818302674-3230007097-328040447-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-818302674-3230007097-328040447-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: f:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: F:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: f:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: F:\Users\P1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: F:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/20 11:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 15:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/11 17:40:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: F:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/28 18:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: F:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2011/04/20 02:46:47 | 000,000,000 | ---D | M] (No name found) -- F:\Users\P1\AppData\Roaming\Mozilla\Extensions
[2012/07/16 12:16:19 | 000,000,000 | ---D | M] (No name found) -- F:\Users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\extensions
[2012/07/16 12:16:19 | 000,000,000 | ---D | M] (iprivobar Community Toolbar) -- F:\Users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\extensions\{81d24ea1-3106-46a5-a324-fa96b8178519}
[2012/06/21 18:57:44 | 000,000,000 | ---D | M] (LavaFox V2) -- F:\Users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\extensions\info@djzig.com
[2011/04/29 23:00:32 | 000,002,059 | ---- | M] () -- F:\Users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\searchplugins\daemon-search.xml
[2012/02/12 22:17:05 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/10 20:24:25 | 000,010,390 | ---- | M] () (No name found) -- F:\USERS\P1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B1ZPUZCK.DEFAULT\EXTENSIONS\{6E764C17-863A-450F-BDD0-6772BD5AAA18}.XPI
[2012/07/18 15:45:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/07/18 15:45:54 | 000,001,525 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/07/18 15:45:54 | 000,002,252 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/18 15:45:54 | 000,000,935 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/07/18 15:45:54 | 000,001,166 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/07/18 15:45:54 | 000,002,040 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/07/18 15:45:54 | 000,001,121 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = F:\Users\P1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = f:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = F:\Users\P1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = F:\Users\P1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = F:\Users\P1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = F:\Users\P1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/08/02 03:01:23 | 000,000,027 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (iprivobar Toolbar) - {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (iprivobar Toolbar) - {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll File not found
O4:64bit: - HKLM..\Run: [egui] F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [OutpostMonitor] "F:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice File not found
O4 - HKLM..\Run: [P17RunE] F:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-818302674-3230007097-328040447-1001..\Run: [DAEMON Tools Lite] F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-818302674-3230007097-328040447-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-818302674-3230007097-328040447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-818302674-3230007097-328040447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u24-windows-i586.cab (Java Plug-in 1.6.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{173255B8-5F3A-456D-9D0A-44A5C7100E44}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/04 18:53:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 03:13:58 | 000,597,504 | ---- | C] (OldTimer Tools) -- F:\Users\P1\Desktop\OTL.exe
[2012/08/02 03:11:12 | 000,000,000 | -HSD | C] -- F:\$RECYCLE.BIN
[2012/08/02 03:08:35 | 000,000,000 | ---D | C] -- F:\Windows\temp
[2012/08/01 21:36:32 | 000,518,144 | ---- | C] (SteelWerX) -- F:\Windows\SWREG.exe
[2012/08/01 21:36:32 | 000,406,528 | ---- | C] (SteelWerX) -- F:\Windows\SWSC.exe
[2012/08/01 21:36:32 | 000,060,416 | ---- | C] (NirSoft) -- F:\Windows\NIRCMD.exe
[2012/08/01 21:25:09 | 004,722,680 | R--- | C] (Swearware) -- F:\Users\P1\Desktop\ComboFix.exe
[2012/08/01 21:20:25 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- F:\Users\P1\Desktop\tdsskiller.exe
[2012/08/01 21:19:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0E72E996-4967-49C9-8960-E7EE95B54156}
[2012/08/01 21:19:25 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C0EB5F4E-D15A-47AB-ADF6-E20C01F6D9E1}
[2012/08/01 09:03:31 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C8E4BE5F-0CEF-4DB1-A944-FFEB924D456B}
[2012/08/01 09:03:29 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A2819871-C853-4F96-A205-DFEDCC208986}
[2012/08/01 09:03:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B638FDE6-F26B-474D-823F-9ECA7239D972}
[2012/08/01 09:03:15 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{5A69A43E-2D01-4759-819C-6A708BA4C999}
[2012/07/31 20:10:42 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D1D3DA5D-5E30-423E-9126-2C31858DA683}
[2012/07/31 20:10:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B344E840-1CEC-41FB-891C-EA56CAA03567}
[2012/07/31 08:10:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{DCAB07A4-698B-4814-A8A3-C273FD4F2653}
[2012/07/31 08:09:51 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9DEC382B-D9A5-4226-9774-9A7DDBE1428B}
[2012/07/31 08:09:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1D6DEDF2-5052-4FF0-AE75-24EF266848DA}
[2012/07/30 15:21:47 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{24C59022-A942-4D6E-AF95-7ADE1682DB7C}
[2012/07/30 15:21:43 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{5566CF8D-C31E-47E9-A002-E9B6D8EB381E}
[2012/07/30 15:21:40 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E1D05565-E5A9-4142-BAC9-1B41EF4D0084}
[2012/07/30 15:21:23 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{37C606FA-7012-40E8-8286-AB53A2A0E7FF}
[2012/07/30 00:55:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{24554ED0-7833-405D-AA58-54D8ADA280AD}
[2012/07/30 00:54:47 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{56809547-4C42-4240-8145-15DEA862E32E}
[2012/07/29 12:54:27 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{762EEBD1-C328-43B9-934D-860C14EBB949}
[2012/07/29 12:54:13 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{45E9C452-8C31-4997-80BB-3653D8CFC53C}
[2012/07/28 23:26:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9A3679E5-B071-40CE-ACAA-7698A1AF2CF0}
[2012/07/28 23:26:30 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{749919C6-CAF2-4BBE-B996-9A38F3F8D313}
[2012/07/28 23:26:27 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{260BCAFB-8B8C-4708-A9BA-3B4FD2181A95}
[2012/07/28 23:26:09 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{000BEA3A-977F-4192-AEB1-2A679656D95C}
[2012/07/28 10:00:04 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AC9304CE-928F-4853-8BD2-6C190501355E}
[2012/07/28 10:00:02 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{108C0F37-FC29-412D-BC27-64E76F48637C}
[2012/07/28 10:00:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{506E6200-6B61-43B6-992F-6C8E5D5FF199}
[2012/07/28 09:59:47 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7A23CBC4-18B7-4D60-9776-FCEA9D09A5E1}
[2012/07/27 17:51:29 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{FDFF94F7-5AEE-4084-AE89-C418A59A4118}
[2012/07/27 17:51:26 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{EA3FE2E3-6BAD-4F51-AF4B-BD73243495DC}
[2012/07/27 17:51:21 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{6A9C2712-60F1-4673-B490-25D0D95C6A2F}
[2012/07/27 17:51:05 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AD4F80AE-0946-4E83-A1AC-A1D036685156}
[2012/07/27 12:10:25 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2012/07/27 01:36:12 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E9798E50-8878-4570-A8E4-15F7B3E34E5D}
[2012/07/27 01:35:58 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{295A97E6-F5FE-47C5-B13C-FDAAB6987A41}
[2012/07/26 13:35:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7C487A08-2369-4316-B2C4-BEDB2609414C}
[2012/07/26 13:35:21 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F1CF51BB-EEE8-435C-87EC-F1DC582F45C9}
[2012/07/26 01:34:59 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{3D6277D1-02DF-4EBD-8B3B-4B056A9D4EE8}
[2012/07/25 13:34:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{15173E05-886B-415A-9B12-0C7845DABFDF}
[2012/07/25 13:34:25 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0D3EA84D-AD8F-4CCD-B8EA-850844BFE716}
[2012/07/25 01:34:03 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ACDF21BB-8C74-4930-B6C1-D75E8DF64B2F}
[2012/07/25 01:33:48 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{70DC95F7-C364-418D-9B95-823B19ABFA39}
[2012/07/24 09:13:18 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AC327645-3104-499B-B797-B24B0448CEA4}
[2012/07/24 09:13:17 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{307EFE32-A1AE-4AA8-9DF7-DBC7589225F4}
[2012/07/24 09:13:15 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{93412E8A-AAA9-4771-A2B4-B25B0229CA02}
[2012/07/24 09:13:02 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{FA268D4E-5C65-4FC6-96F5-D5EF641EC13A}
[2012/07/23 18:57:50 | 000,000,000 | ---D | C] -- F:\ProgramData\Real
[2012/07/23 18:46:02 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\RailSimulator.com
[2012/07/23 15:54:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{4DE44471-4C2A-47A9-BE6F-ECB059A61BAC}
[2012/07/23 15:54:37 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1355615D-19A0-44B8-879A-CEF55135A436}
[2012/07/23 15:54:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A11CBD02-E0F9-4389-8582-4DC2A55A8A32}
[2012/07/23 15:54:21 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{5FAFC5E1-72F0-4316-80F8-19E7C29947A9}
[2012/07/23 00:44:14 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F80AC287-1102-4DD9-9FA9-2647F2184642}
[2012/07/23 00:44:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0DA735E8-36BF-4279-B9E1-8AAE995CBAC9}
[2012/07/22 12:43:42 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{37815977-5BE2-403F-9AFB-82B2BC40A4B7}
[2012/07/22 12:43:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2396A9DF-9EAB-45A5-85DF-8FE9CA087925}
[2012/07/22 00:43:01 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A91145C8-5FF4-4DC8-B184-F7641EA7F17B}
[2012/07/22 00:42:56 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{3B82FF4A-EA44-42E0-AECE-BB3FE886439E}
[2012/07/22 00:42:53 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9F9CDB43-8A24-4F33-8F0E-CEDCB1F15E5D}
[2012/07/22 00:42:42 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8DEEDD9B-00E9-47EB-A66E-56D11095C6C7}
[2012/07/21 12:33:03 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0886C110-3C47-4B60-A690-FE9F997FCC94}
[2012/07/21 12:32:49 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{16711AAB-140E-4201-A2EC-7157AD21E8F0}
[2012/07/21 00:32:30 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E2B80095-2088-4A43-BE74-03934EB000B6}
[2012/07/21 00:32:16 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ABBF0ED4-8FBA-4325-B5F1-28BB64688DC8}
[2012/07/20 12:31:46 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7469BEEB-ED93-4017-9B7F-902AEC111EF4}
[2012/07/20 12:31:24 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AB69291B-6DD3-4470-AC8E-71DA878B3A02}
[2012/07/20 01:51:31 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\QuickTime
[2012/07/20 00:30:53 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8D29A7C3-302E-4328-8288-4196A10B2B3D}
[2012/07/20 00:30:49 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D80D2A49-C952-4CF9-8D12-7DEB719F64FD}
[2012/07/20 00:30:45 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ACB83FF0-CCE4-4C14-BF50-A55553597185}
[2012/07/20 00:30:27 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D7A98C4F-1BDD-4A42-8185-CB3F85E242F7}
[2012/07/19 02:23:50 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E4880BAA-0810-4B5B-BD3C-F5784842BF95}
[2012/07/19 02:23:36 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9D949425-9EF3-4678-8698-8719701EEC91}
[2012/07/18 20:57:12 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Rovio
[2012/07/18 15:46:08 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/18 15:46:08 | 000,000,000 | ---D | C] -- F:\ProgramData\Mozilla
[2012/07/18 14:29:26 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/07/18 14:28:57 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\DAEMON Tools Lite
[2012/07/18 14:23:14 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1BCD139F-2473-4556-992A-27FEB4E77073}
[2012/07/18 14:22:59 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0A611A47-2FF1-4365-B0D5-DF4EDC0D82FF}
[2012/07/18 01:54:39 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{4EB489B2-6F31-4DE7-8B3F-923E7BE95F1A}
[2012/07/17 13:54:20 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{031F4BA8-8DAB-4B8B-BB70-F0264251508B}
[2012/07/17 13:54:14 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{BB16E195-A580-497D-BA5F-671CAA658CC5}
[2012/07/17 13:54:01 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{DCDAAA5A-FF0F-49FA-9739-7076BEA0BB19}
[2012/07/17 13:53:51 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A6AF296A-604E-46AA-B700-339E2E4F24D7}
[2012/07/16 16:15:34 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9C166367-91DB-4E0E-9613-41B8979D700F}
[2012/07/16 16:15:31 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{5A19A718-2552-4C68-8BA4-4AC455F647AE}
[2012/07/16 16:15:23 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{DBBED7FB-2E73-4244-B915-1BBD40373DF2}
[2012/07/16 16:15:06 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F217D181-5B68-4A49-B4D0-AC790BD6FAB4}
[2012/07/16 01:36:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{57D99CA8-442E-419B-9BB7-65C52105E3DD}
[2012/07/16 01:36:33 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F2FDC838-8429-4124-AF2D-3772C93619A1}
[2012/07/16 01:36:31 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A3DDF91C-5380-4A73-8290-BA5FC55A54CE}
[2012/07/16 01:36:17 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F2ACB906-B08C-49A5-9D3B-B4159596C602}
[2012/07/15 11:40:49 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2E7435FB-F0C4-4896-91C0-0889BCE2B6CB}
[2012/07/15 11:40:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7866719A-E732-4BFB-B276-E06953F821FA}
[2012/07/14 23:08:47 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{20ADDA7D-F6F5-4CD7-A238-B3098D40159A}
[2012/07/14 23:08:33 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7BF81C4B-200A-45D4-ACA3-EAF40D979B03}
[2012/07/14 11:08:13 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AF940ED5-30CC-4142-A04E-1364EC4E86BC}
[2012/07/14 11:08:08 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{82E455DC-217D-41A5-8605-21C1C46E19DB}
[2012/07/14 11:07:57 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ADB1B400-387F-4F11-9CD4-4FAE71143DA5}
[2012/07/14 11:07:52 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A92E3F3F-7057-4030-AF5D-7B38944099E8}
[2012/07/13 21:46:52 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{4E99551F-5771-4D8E-8A42-15AE87A78647}
[2012/07/13 21:46:39 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D594ADDC-4708-4405-9FAF-0E0566C91DDE}
[2012/07/13 09:46:15 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{EBEF386E-3B3C-435C-9BF4-780728C681DD}
[2012/07/13 09:46:13 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{6BFBCE06-BCBE-4369-A7C7-5F6E570EC96A}
[2012/07/13 09:46:11 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{954416F8-11AF-4EB9-A803-E4F5647FD6CA}
[2012/07/13 09:45:58 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{CA33EBDA-ABC9-4FBD-B8CA-71121B669B0F}
[2012/07/12 21:45:31 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{6DAD70D7-9026-439C-A453-9B83956E1AA8}
[2012/07/12 21:45:17 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B5C4F0B7-9CA8-49DD-92F6-DB47E4455DB5}
[2012/07/12 09:45:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{CFFBBDE7-AA4D-487E-B8D3-7A284F9F9F0D}
[2012/07/12 09:44:57 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1E69466D-4F57-4F34-8369-BC9CE52D99E9}
[2012/07/12 09:44:50 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{3484D303-4142-4C7B-A96D-410BFBF61CAE}
[2012/07/12 09:44:34 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{66001512-96BB-4027-A9E1-740FFA167E30}
[2012/07/11 21:11:12 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{EE55DE51-6BAD-4FB7-944B-8AED76DA9A11}
[2012/07/11 21:10:59 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ECA72B2D-9E2B-4E90-9467-EF7BA9ECB66C}
[2012/07/11 09:10:41 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7265256F-1015-41B7-9C6F-C76A8DB9C2E1}
[2012/07/11 09:10:39 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1B5F8214-14D4-435F-87F7-9C39A71C9A42}
[2012/07/11 09:10:36 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8B4A5683-5B0B-458E-9CBC-386A9F623704}
[2012/07/11 09:10:22 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{DC29A1D2-932B-4D1E-BF80-3EABBF963C4B}
[2012/07/10 20:55:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\mshtmled.dll
[2012/07/10 20:55:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmled.dll
[2012/07/10 20:55:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\url.dll
[2012/07/10 20:55:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\url.dll
[2012/07/10 20:55:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\ieui.dll
[2012/07/10 20:55:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2012/07/10 20:55:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\ieUnatt.exe
[2012/07/10 20:55:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieUnatt.exe
[2012/07/10 20:55:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\jscript9.dll
[2012/07/10 20:55:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\inetcpl.cpl
[2012/07/10 20:55:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\inetcpl.cpl
[2012/07/10 20:55:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\jscript.dll
[2012/07/10 20:55:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2012/07/10 20:54:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\ncrypt.dll
[2012/07/10 20:54:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msxml3r.dll
[2012/07/10 20:54:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\msxml3r.dll
[2012/07/10 20:53:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\cdosys.dll
[2012/07/10 20:53:48 | 001,133,568 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysNative\cdosys.dll
[2012/07/10 17:21:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A1AFEE27-4428-47B0-B30D-09BE2EB61D6E}
[2012/07/10 17:21:36 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{33F74923-1FE0-4011-8F15-393AD23A7955}
[2012/07/10 17:21:33 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D283232E-E22E-42A8-924F-24D90B4683F2}
[2012/07/10 17:21:16 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A8CF59F7-5798-4641-9FE7-B00847002FA2}
[2012/07/10 00:17:09 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1AE0A3AA-773A-4C37-BA6D-A9EA81753BB1}
[2012/07/10 00:16:56 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D32FBFA2-3804-40BD-934D-71F9C8DB7921}
[2012/07/09 12:16:37 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D979E885-F767-493B-BE44-1642C6915D3D}
[2012/07/09 12:16:23 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C6FD75D2-033B-42B1-A3A8-A6EEFF0EBC7A}
[2012/07/09 00:02:54 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0F007ACF-E659-4194-9825-3807AE394AAC}
[2012/07/09 00:02:53 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{3A6C4CA1-5E47-417F-AB87-0323FDC22BF3}
[2012/07/09 00:02:50 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B53315B3-9584-4186-B6C8-C6AD23E0ACDF}
[2012/07/09 00:02:37 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{969E35B3-D81E-4523-9EB4-3F82F525C9B9}
[2012/07/08 18:37:49 | 000,148,830 | ---- | C] (Broadcom Corporation) -- F:\Windows\SysWow64\drivers\bcbthub.sys
[2012/07/08 18:37:49 | 000,116,021 | ---- | C] (Broadcom) -- F:\Windows\SysWow64\drivers\fw203x.sys
[2012/07/08 18:37:49 | 000,082,148 | ---- | C] (IVT Corporation) -- F:\Windows\SysWow64\drivers\VcommMgr.sys
[2012/07/08 18:37:49 | 000,061,312 | ---- | C] (IVT Corporation) -- F:\Windows\SysWow64\drivers\VComm.sys
[2012/07/08 18:37:49 | 000,028,207 | ---- | C] (IVT Corporation) -- F:\Windows\SysWow64\drivers\BTHidMgr.sys
[2012/07/08 18:37:49 | 000,020,096 | ---- | C] (IVT Corporation) -- F:\Windows\SysWow64\drivers\blueletaudio.sys
[2012/07/08 18:37:49 | 000,012,504 | ---- | C] (IVT Corporation) -- F:\Windows\SysWow64\drivers\VHIDMini.sys
[2012/07/08 18:37:49 | 000,010,804 | ---- | C] (IVT Corporation) -- F:\Windows\SysWow64\drivers\BtNetDrv.sys
[2012/07/08 18:37:48 | 000,024,152 | ---- | C] (IVT Corporation) -- F:\Windows\SysWow64\drivers\btcusb.sys
[2012/07/08 18:37:48 | 000,007,680 | ---- | C] (IVT Corporation) -- F:\Windows\SysWow64\btinstall.dll
[2012/07/08 18:36:52 | 000,086,016 | ---- | C] (Socket Communications Inc.) -- F:\Windows\SysWow64\drivers\SCBaud.w9x
[2012/07/08 18:36:52 | 000,077,824 | ---- | C] (Socket Communications Inc.) -- F:\Windows\SysWow64\drivers\SioUi2k.dll
[2012/07/08 18:36:52 | 000,073,728 | ---- | C] (Socket Communications Inc.) -- F:\Windows\SysWow64\drivers\SCBaud.cpl
[2012/07/08 18:36:52 | 000,063,488 | ---- | C] (National Semiconductor Sweden AB) -- F:\Windows\SysWow64\drivers\WSSBTR1F.SYS
[2012/07/08 18:36:52 | 000,051,169 | ---- | C] (OEM) -- F:\Windows\SysWow64\drivers\OXSER.SYS
[2012/07/08 18:36:52 | 000,048,556 | ---- | C] (Socket Communications, Inc. ) -- F:\Windows\SysWow64\drivers\SktBt2k.sys
[2012/07/08 18:36:52 | 000,048,076 | ---- | C] (Socket Communications, Inc. ) -- F:\Windows\SysWow64\drivers\Sio9502k.sys
[2012/07/08 18:36:52 | 000,040,960 | ---- | C] (Socket Communications Inc.) -- F:\Windows\SysWow64\drivers\SCTray.exe
[2012/07/08 18:34:58 | 000,000,000 | ---D | C] -- F:\bluetooth
[2012/07/08 12:02:17 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C2229D12-A64C-485C-AE64-1757E7DCC552}
[2012/07/08 12:02:03 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A4A98507-0E5B-4EB9-914A-B8DAED3AA6D4}
[2012/07/08 00:01:43 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{31404107-A00D-48DB-AB3A-53384B34D36E}
[2012/07/08 00:01:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B469F862-E9DE-45C7-8E19-4D1FF63E5C14}
[2012/07/07 12:01:09 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{860B05EF-CBC9-4A30-B451-9E6E0BDBC1DB}
[2012/07/07 12:00:56 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2E136F16-22E1-4D9C-A49A-E8CFD5C42C6C}
[2012/07/07 00:00:37 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C6E4914F-6893-408F-BF2B-7F94EFD6BB57}
[2012/07/07 00:00:23 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D6895200-D3D4-4BF8-8429-51148B395072}
[2012/07/06 12:00:01 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{599362ED-35D7-4DFC-AAAE-F9AF4B6CB1F4}
[2012/07/06 11:59:46 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2F45DE04-51A2-42B4-9756-0F9F88D5DBFD}
[2012/07/05 23:48:29 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{4CB38E6D-5183-4394-A86F-C096536976B1}
[2012/07/05 11:48:09 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2CD645F0-DB13-4EA0-B372-558A8D3DB518}
[2012/07/05 11:47:55 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8F441228-660E-4885-8922-F512709C9F49}
[2012/07/04 23:47:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C1F93E0A-160C-4556-8D32-7036A840E064}
[2012/07/04 11:46:58 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A48B2D2F-4B8E-4028-97C7-31C613CA3429}
[2012/07/04 11:46:44 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AF580D92-CEB2-410A-AAF4-6EB7623644F0}
[2012/07/03 23:46:26 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2A2187D8-5DC1-4D67-B307-3D55743F4F1B}
[2012/07/03 23:46:12 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8F9930A8-9BF4-495C-908E-5163C8BD7DB0}
[2012/07/03 11:45:53 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{05D5E643-DE05-4DAD-8796-881F21802F2D}
[2012/07/03 11:45:40 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E2586E2B-D800-4B7D-B326-4A235C9F4327}

========== Files - Modified Within 30 Days ==========

[2012/08/02 03:12:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- F:\Users\P1\Desktop\OTL.exe
[2012/08/02 03:11:00 | 000,000,886 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 03:10:47 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/08/02 03:10:42 | 3220,037,632 | -HS- | M] () -- F:\hiberfil.sys
[2012/08/02 03:01:23 | 000,000,027 | ---- | M] () -- F:\Windows\SysNative\drivers\etc\hosts
[2012/08/02 02:38:00 | 000,000,890 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/01 23:54:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/01 23:54:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/01 21:25:17 | 004,722,680 | R--- | M] (Swearware) -- F:\Users\P1\Desktop\ComboFix.exe
[2012/08/01 21:20:33 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- F:\Users\P1\Desktop\tdsskiller.exe
[2012/08/01 15:59:47 | 000,013,904 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 15:59:47 | 000,013,904 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 18:57:28 | 000,001,857 | ---- | M] () -- F:\Users\P1\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/07/18 14:29:25 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- F:\Windows\SysNative\drivers\sptd.sys
[2012/07/12 18:37:51 | 000,732,638 | ---- | M] () -- F:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 18:37:51 | 000,632,556 | ---- | M] () -- F:\Windows\SysNative\perfh009.dat
[2012/07/12 18:37:51 | 000,112,542 | ---- | M] () -- F:\Windows\SysNative\perfc009.dat
[2012/07/10 21:20:08 | 000,299,304 | ---- | M] () -- F:\Windows\SysNative\FNTCACHE.DAT
[2012/07/08 18:39:49 | 000,039,257 | ---- | M] () -- F:\Users\P1\Documents\P060612_13.05.JPG

========== Files Created - No Company Name ==========

[2012/08/01 21:36:32 | 000,256,000 | ---- | C] () -- F:\Windows\PEV.exe
[2012/08/01 21:36:32 | 000,208,896 | ---- | C] () -- F:\Windows\MBR.exe
[2012/08/01 21:36:32 | 000,098,816 | ---- | C] () -- F:\Windows\sed.exe
[2012/08/01 21:36:32 | 000,080,412 | ---- | C] () -- F:\Windows\grep.exe
[2012/08/01 21:36:32 | 000,068,096 | ---- | C] () -- F:\Windows\zip.exe
[2012/07/08 18:39:48 | 000,039,257 | ---- | C] () -- F:\Users\P1\Documents\P060612_13.05.JPG
[2012/07/08 18:37:49 | 000,013,299 | ---- | C] () -- F:\Windows\SysWow64\drivers\packet.sys
[2012/07/08 18:37:49 | 000,011,604 | ---- | C] () -- F:\Windows\SysWow64\drivers\VBTEnum.sys
[2012/07/08 18:36:52 | 000,016,486 | ---- | C] () -- F:\Windows\SysWow64\drivers\SKTSIO9X.VXD
[2012/07/08 18:36:52 | 000,014,380 | ---- | C] () -- F:\Windows\SysWow64\drivers\OXSER.VXD
[2012/07/08 18:36:52 | 000,005,787 | ---- | C] () -- F:\Windows\SysWow64\drivers\SCTB.VXD
[2012/06/12 18:14:39 | 000,000,116 | ---- | C] () -- F:\Windows\Lexstat.ini
[2012/06/12 18:13:27 | 001,224,704 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczserv.dll
[2012/06/12 18:13:27 | 000,991,232 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczusb1.dll
[2012/06/12 18:13:27 | 000,696,320 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczhbn3.dll
[2012/06/12 18:13:27 | 000,684,032 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczcomc.dll
[2012/06/12 18:13:27 | 000,643,072 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczpmui.dll
[2012/06/12 18:13:27 | 000,585,728 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczlmpm.dll
[2012/06/12 18:13:27 | 000,537,520 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczcoms.exe
[2012/06/12 18:13:27 | 000,421,888 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczcomm.dll
[2012/06/12 18:13:27 | 000,413,696 | ---- | C] () -- F:\Windows\SysWow64\lxczutil.dll
[2012/06/12 18:13:27 | 000,413,696 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczinpa.dll
[2012/06/12 18:13:27 | 000,397,312 | ---- | C] ( ) -- F:\Windows\SysWow64\lxcziesc.dll
[2012/06/12 18:13:27 | 000,385,968 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczih.exe
[2012/06/12 18:13:27 | 000,381,872 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczcfg.exe
[2012/06/12 18:13:27 | 000,274,432 | ---- | C] () -- F:\Windows\SysWow64\LXCZinst.dll
[2012/06/12 18:13:27 | 000,181,168 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczppls.exe
[2012/06/12 18:13:27 | 000,163,840 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczprox.dll
[2012/06/12 18:13:27 | 000,094,208 | ---- | C] ( ) -- F:\Windows\SysWow64\lxczpplc.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- F:\Windows\SysWow64\nvStreaming.exe
[2012/01/11 08:39:39 | 000,002,048 | -HS- | C] () -- F:\Users\P1\AppData\Local\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\@
[2011/12/24 01:29:27 | 000,074,752 | ---- | C] () -- F:\Windows\SysWow64\ff_vfw.dll
[2011/11/21 21:20:06 | 000,000,771 | ---- | C] () -- F:\Windows\disney.ini
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- F:\Windows\SysWow64\xlive.dll.cat
[2011/08/23 01:23:11 | 000,650,752 | ---- | C] () -- F:\Windows\SysWow64\xvidcore.dll
[2011/08/23 01:23:11 | 000,243,200 | ---- | C] () -- F:\Windows\SysWow64\xvidvfw.dll
[2011/08/03 00:39:50 | 000,197,120 | ---- | C] () -- F:\Windows\patchw32.dll
[2011/07/20 18:39:55 | 000,004,608 | ---- | C] () -- F:\Users\P1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 00:05:50 | 000,000,419 | ---- | C] () -- F:\Users\P1\AppData\Roaming\All CPU Meter_Settings.ini
[2011/06/09 14:42:28 | 000,000,281 | ---- | C] () -- F:\Users\P1\AppData\Roaming\Network Meter_Settings.ini
[2011/05/27 12:13:49 | 000,000,193 | ---- | C] () -- F:\Windows\WORDPAD.INI
[2011/05/16 20:59:09 | 000,303,104 | ---- | C] () -- F:\Windows\SysWow64\qscl.dll
[2011/05/16 20:59:09 | 000,303,104 | ---- | C] () -- F:\Windows\SysWow64\ammpp.dll
[2011/05/16 20:59:09 | 000,233,472 | ---- | C] () -- F:\Windows\SysWow64\lame_enc.dll
[2011/05/16 20:59:09 | 000,212,992 | ---- | C] () -- F:\Windows\SysWow64\amrdec.dll
[2011/05/16 20:59:09 | 000,081,920 | ---- | C] () -- F:\Windows\SysWow64\qcpsdk.dll
[2011/05/16 20:59:09 | 000,073,728 | ---- | C] () -- F:\Windows\SysWow64\a1.dll
[2011/05/02 14:53:20 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\unrar.dll
[2011/05/02 01:17:23 | 000,000,017 | ---- | C] () -- F:\Users\P1\AppData\Local\resmon.resmoncfg
[2011/05/01 21:17:52 | 000,000,022 | ---- | C] () -- F:\Windows\brassi.dat
[2011/04/30 18:09:48 | 000,270,776 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrB.exe
[2011/04/30 18:09:46 | 000,075,136 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrA.exe
[2011/04/30 18:09:45 | 000,682,280 | ---- | C] () -- F:\Windows\SysWow64\pbsvc.exe
[2011/04/28 20:07:18 | 000,735,176 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/20 02:46:38 | 000,000,000 | ---- | C] () -- F:\Windows\nsreg.dat
[2011/04/20 01:53:49 | 000,166,912 | ---- | C] () -- F:\Windows\SysWow64\APOMngr.DLL
[2011/04/20 01:53:49 | 000,073,728 | ---- | C] () -- F:\Windows\SysWow64\CmdRtr.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> F:\ProgramData\TEMP:76650B61

< End of report >



OTL Extras logfile created on: 02/08/2012 03:14:09 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = F:\Users\P1\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 64.30% Memory free
8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 76.68 Gb Total Space | 18.72 Gb Free Space | 24.41% Space Free | Partition Type: NTFS
Drive D: | 38.33 Gb Total Space | 18.96 Gb Free Space | 49.47% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 11.64 Gb Free Space | 15.61% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 91.99 Gb Free Space | 39.50% Space Free | Partition Type: NTFS
Drive G: | 38.28 Gb Total Space | 7.90 Gb Free Space | 20.64% Space Free | Partition Type: NTFS
Drive H: | 186.31 Gb Total Space | 21.11 Gb Free Space | 11.33% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 62.89 Gb Free Space | 13.50% Space Free | Partition Type: NTFS
Drive K: | 298.09 Gb Total Space | 61.09 Gb Free Space | 20.49% Space Free | Partition Type: NTFS

Computer Name: P1-PC | User Name: P1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- F:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- F:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "F:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SpaceMonger] -- "C:\Program Files (x86)\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "F:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SpaceMonger] -- "C:\Program Files (x86)\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1457565E-11B6-48FF-A80B-B0E7BA09E33E}F:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{7860C432-37D5-49DD-A6BE-1C089A3E3898}F:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=f:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{E8BE0C88-E464-4B2E-8329-CE8B75815A36}F:\program files (x86)\linksys\kiss pc-link\kiss_pc-link.exe" = protocol=6 | dir=in | app=f:\program files (x86)\linksys\kiss pc-link\kiss_pc-link.exe |
"TCP Query User{F02EA614-E5A7-4B5B-A1DE-3EF146F13E18}H:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=h:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{3046DED6-4901-43F5-9B7A-954005A9B50D}H:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=h:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{390301FB-BC4E-49A1-AD19-37EA3FA66119}F:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{6C8CE2F0-DFA8-40F0-9C89-C4B36E65E6C1}F:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=f:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{890083FA-DD68-4503-B190-B977853EB073}F:\program files (x86)\linksys\kiss pc-link\kiss_pc-link.exe" = protocol=17 | dir=in | app=f:\program files (x86)\linksys\kiss pc-link\kiss_pc-link.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java™ 6 Update 26 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A23953CB-3147-45D6-A396-992B0666610B}" = ESET NOD32 Antivirus
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AC3ACM" = AC-3 ACM Codec x64 2.1
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Agnitum Outpost Firewall Pro_is1" = Outpost Firewall Pro 7.5.1
"CCleaner" = CCleaner
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-bit)
"Xvid_is1" = Xvid MPEG-4 Video Codec

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BC3AF44-D80E-4744-A8E1-9BC540424AC9}" = Turok
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C33D2A4-7375-49A1-B32E-1ECD544ADA3C}" = MTXExtractor
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45410935-B52C-468A-A836-0D1000018202}" = BulletStorm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773421E8-AD7B-4DC8-AED1-9300D69E1659}" = Touchstone Installer
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C727EDE-3619-4A51-82D9-01D7BF1CBFAD}" = LG PC Suite II
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA1BD6B7-9740-4C9A-81EA-42D5196FA592}" = Angry Birds Space
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"360Amigo" = 360Amigo System Speedup PRO
"8461-7759-5462-8226" = Vuze
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced CAB Repair v1.0" = Advanced CAB Repair v1.0
"Armada 2526 SuperNova_is1" = Armada 2526 SuperNova
"AudioCS" = Creative Audio Control Panel
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"CDisplay_is1" = CDisplay 1.8
"Company of Heroes" = Company of Heroes
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"divxh264_is1" = DivX H.264 decoder 8.2.0.26
"Easy Video Capture_is1" = Easy Video Capture 1.30
"ESET Online Scanner" = ESET Online Scanner v3
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Google Chrome" = Google Chrome
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"iprivobar Toolbar" = iprivobar Toolbar
"KiSS PC-Link" = KiSS PC-Link 3.0.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MISEC" = Monkey Island™ Special Edition Collection
"Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword
"Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 5.23
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Railworks 3 Train Simulator 2012 Deluxe_is1" = Railworks 3 Train Simulator 2012 Deluxe
"Revo Uninstaller" = Revo Uninstaller 1.94
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"SpeedFan" = SpeedFan (remove only)
"Stellarium_is1" = Stellarium 0.11.2
"TmNationsForever_is1" = TmNationsForever
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"Western Railway NV 3D Screensaver_is1" = Western Railway NV 3D Screensaver 2.0
"Winamp" = Winamp
"WinAVI All in One Converter" = WinAVI All in One Converter
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/07/2012 12:16:17 | Computer Name = P1-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "E:\games\F1 2011\CustomActionOnFinishInst.exe".Error
in manifest or policy file "E:\games\F1 2011\CustomActionOnFinishInst.exe" on line
1. Multiple requestedPrivileges elements are not allowed in manifest.

Error - 30/07/2012 05:26:38 | Computer Name = P1-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 30/07/2012 10:17:12 | Computer Name = P1-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 31/07/2012 03:02:05 | Computer Name = P1-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 31/07/2012 03:34:09 | Computer Name = P1-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "f:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: F:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: F:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2012 03:35:08 | Computer Name = P1-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "E:\games\F1 2011\CustomActionOnFinishInst.exe".Error
in manifest or policy file "E:\games\F1 2011\CustomActionOnFinishInst.exe" on line
1. Multiple requestedPrivileges elements are not allowed in manifest.

Error - 31/07/2012 08:11:25 | Computer Name = P1-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 31/07/2012 12:00:18 | Computer Name = P1-PC | Source = Application Hang | ID = 1002
Description = The program WOTLauncher.exe version 0.7.4.98 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13c8 Start
Time: 01cd6f358793220a Termination Time: 16 Application Path: H:\Games\World_of_Tanks\WOTLauncher.exe

Report
Id: d08e14b1-db28-11e1-91eb-00133b000364

Error - 01/08/2012 03:59:09 | Computer Name = P1-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 01/08/2012 04:23:44 | Computer Name = P1-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "f:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: F:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: F:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 01/08/2012 04:24:40 | Computer Name = P1-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "E:\games\F1 2011\CustomActionOnFinishInst.exe".Error
in manifest or policy file "E:\games\F1 2011\CustomActionOnFinishInst.exe" on line
1. Multiple requestedPrivileges elements are not allowed in manifest.

Error - 01/08/2012 04:45:04 | Computer Name = P1-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

[ System Events ]
Error - 01/08/2012 22:11:27 | Computer Name = P1-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 01/08/2012 22:11:27 | Computer Name = P1-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 01/08/2012 22:11:37 | Computer Name = P1-PC | Source = PNRPSvc | ID = 102
Description =

Error - 01/08/2012 22:11:37 | Computer Name = P1-PC | Source = PNRPSvc | ID = 102
Description =

Error - 01/08/2012 22:11:37 | Computer Name = P1-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 01/08/2012 22:11:37 | Computer Name = P1-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 01/08/2012 22:11:37 | Computer Name = P1-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 01/08/2012 22:11:37 | Computer Name = P1-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 01/08/2012 22:13:06 | Computer Name = P1-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 01/08/2012 22:13:06 | Computer Name = P1-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:52 PM

Posted 01 August 2012 - 11:13 PM

We need to run an OTL Fix. This, among taking care of some remnants of the infection, will also clean up some unnecessary junk leftover by unused programs.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    @Alternate Data Stream - 113 bytes -> F:\ProgramData\TEMP:76650B61
    [2012/07/08 12:02:17 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C2229D12-A64C-485C-AE64-1757E7DCC552}
    [2012/07/08 12:02:03 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A4A98507-0E5B-4EB9-914A-B8DAED3AA6D4}
    [2012/07/08 00:01:43 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{31404107-A00D-48DB-AB3A-53384B34D36E}
    [2012/07/08 00:01:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B469F862-E9DE-45C7-8E19-4D1FF63E5C14}
    [2012/07/07 12:01:09 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{860B05EF-CBC9-4A30-B451-9E6E0BDBC1DB}
    [2012/07/07 12:00:56 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2E136F16-22E1-4D9C-A49A-E8CFD5C42C6C}
    [2012/07/07 00:00:37 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C6E4914F-6893-408F-BF2B-7F94EFD6BB57}
    [2012/07/07 00:00:23 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D6895200-D3D4-4BF8-8429-51148B395072}
    [2012/07/06 12:00:01 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{599362ED-35D7-4DFC-AAAE-F9AF4B6CB1F4}
    [2012/07/06 11:59:46 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2F45DE04-51A2-42B4-9756-0F9F88D5DBFD}
    [2012/07/05 23:48:29 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{4CB38E6D-5183-4394-A86F-C096536976B1}
    [2012/07/05 11:48:09 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2CD645F0-DB13-4EA0-B372-558A8D3DB518}
    [2012/07/05 11:47:55 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8F441228-660E-4885-8922-F512709C9F49}
    [2012/07/04 23:47:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C1F93E0A-160C-4556-8D32-7036A840E064}
    [2012/07/04 11:46:58 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A48B2D2F-4B8E-4028-97C7-31C613CA3429}
    [2012/07/04 11:46:44 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AF580D92-CEB2-410A-AAF4-6EB7623644F0}
    [2012/07/03 23:46:26 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2A2187D8-5DC1-4D67-B307-3D55743F4F1B}
    [2012/07/03 23:46:12 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8F9930A8-9BF4-495C-908E-5163C8BD7DB0}
    [2012/07/03 11:45:53 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{05D5E643-DE05-4DAD-8796-881F21802F2D}
    [2012/07/03 11:45:40 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E2586E2B-D800-4B7D-B326-4A235C9F4327}
    [2012/07/10 17:21:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A1AFEE27-4428-47B0-B30D-09BE2EB61D6E}
    [2012/07/10 17:21:36 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{33F74923-1FE0-4011-8F15-393AD23A7955}
    [2012/07/10 17:21:33 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D283232E-E22E-42A8-924F-24D90B4683F2}
    [2012/07/10 17:21:16 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A8CF59F7-5798-4641-9FE7-B00847002FA2}
    [2012/07/10 00:17:09 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1AE0A3AA-773A-4C37-BA6D-A9EA81753BB1}
    [2012/07/10 00:16:56 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D32FBFA2-3804-40BD-934D-71F9C8DB7921}
    [2012/07/09 12:16:37 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D979E885-F767-493B-BE44-1642C6915D3D}
    [2012/07/09 12:16:23 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C6FD75D2-033B-42B1-A3A8-A6EEFF0EBC7A}
    [2012/07/09 00:02:54 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0F007ACF-E659-4194-9825-3807AE394AAC}
    [2012/07/09 00:02:53 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{3A6C4CA1-5E47-417F-AB87-0323FDC22BF3}
    [2012/07/09 00:02:50 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B53315B3-9584-4186-B6C8-C6AD23E0ACDF}
    [2012/07/09 00:02:37 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{969E35B3-D81E-4523-9EB4-3F82F525C9B9}
    [2012/07/18 14:23:14 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1BCD139F-2473-4556-992A-27FEB4E77073}
    [2012/07/18 14:22:59 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0A611A47-2FF1-4365-B0D5-DF4EDC0D82FF}
    [2012/07/18 01:54:39 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{4EB489B2-6F31-4DE7-8B3F-923E7BE95F1A}
    [2012/07/17 13:54:20 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{031F4BA8-8DAB-4B8B-BB70-F0264251508B}
    [2012/07/17 13:54:14 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{BB16E195-A580-497D-BA5F-671CAA658CC5}
    [2012/07/17 13:54:01 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{DCDAAA5A-FF0F-49FA-9739-7076BEA0BB19}
    [2012/07/17 13:53:51 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A6AF296A-604E-46AA-B700-339E2E4F24D7}
    [2012/07/16 16:15:34 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9C166367-91DB-4E0E-9613-41B8979D700F}
    [2012/07/16 16:15:31 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{5A19A718-2552-4C68-8BA4-4AC455F647AE}
    [2012/07/16 16:15:23 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{DBBED7FB-2E73-4244-B915-1BBD40373DF2}
    [2012/07/16 16:15:06 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F217D181-5B68-4A49-B4D0-AC790BD6FAB4}
    [2012/07/16 01:36:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{57D99CA8-442E-419B-9BB7-65C52105E3DD}
    [2012/07/16 01:36:33 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F2FDC838-8429-4124-AF2D-3772C93619A1}
    [2012/07/16 01:36:31 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A3DDF91C-5380-4A73-8290-BA5FC55A54CE}
    [2012/07/16 01:36:17 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F2ACB906-B08C-49A5-9D3B-B4159596C602}
    [2012/07/15 11:40:49 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2E7435FB-F0C4-4896-91C0-0889BCE2B6CB}
    [2012/07/15 11:40:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7866719A-E732-4BFB-B276-E06953F821FA}
    [2012/07/14 23:08:47 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{20ADDA7D-F6F5-4CD7-A238-B3098D40159A}
    [2012/07/14 23:08:33 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7BF81C4B-200A-45D4-ACA3-EAF40D979B03}
    [2012/07/14 11:08:13 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AF940ED5-30CC-4142-A04E-1364EC4E86BC}
    [2012/07/14 11:08:08 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{82E455DC-217D-41A5-8605-21C1C46E19DB}
    [2012/07/14 11:07:57 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ADB1B400-387F-4F11-9CD4-4FAE71143DA5}
    [2012/07/14 11:07:52 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A92E3F3F-7057-4030-AF5D-7B38944099E8}
    [2012/07/13 21:46:52 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{4E99551F-5771-4D8E-8A42-15AE87A78647}
    [2012/07/13 21:46:39 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D594ADDC-4708-4405-9FAF-0E0566C91DDE}
    [2012/07/13 09:46:15 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{EBEF386E-3B3C-435C-9BF4-780728C681DD}
    [2012/07/13 09:46:13 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{6BFBCE06-BCBE-4369-A7C7-5F6E570EC96A}
    [2012/07/13 09:46:11 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{954416F8-11AF-4EB9-A803-E4F5647FD6CA}
    [2012/07/13 09:45:58 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{CA33EBDA-ABC9-4FBD-B8CA-71121B669B0F}
    [2012/07/12 21:45:31 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{6DAD70D7-9026-439C-A453-9B83956E1AA8}
    [2012/07/12 21:45:17 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B5C4F0B7-9CA8-49DD-92F6-DB47E4455DB5}
    [2012/07/12 09:45:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{CFFBBDE7-AA4D-487E-B8D3-7A284F9F9F0D}
    [2012/07/12 09:44:57 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1E69466D-4F57-4F34-8369-BC9CE52D99E9}
    [2012/07/12 09:44:50 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{3484D303-4142-4C7B-A96D-410BFBF61CAE}
    [2012/07/12 09:44:34 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{66001512-96BB-4027-A9E1-740FFA167E30}
    [2012/07/11 21:11:12 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{EE55DE51-6BAD-4FB7-944B-8AED76DA9A11}
    [2012/07/11 21:10:59 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ECA72B2D-9E2B-4E90-9467-EF7BA9ECB66C}
    [2012/07/11 09:10:41 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7265256F-1015-41B7-9C6F-C76A8DB9C2E1}
    [2012/07/11 09:10:39 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1B5F8214-14D4-435F-87F7-9C39A71C9A42}
    [2012/07/11 09:10:36 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8B4A5683-5B0B-458E-9CBC-386A9F623704}
    [2012/07/11 09:10:22 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{DC29A1D2-932B-4D1E-BF80-3EABBF963C4B}
    [2012/07/20 00:30:53 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8D29A7C3-302E-4328-8288-4196A10B2B3D}
    [2012/07/20 00:30:49 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D80D2A49-C952-4CF9-8D12-7DEB719F64FD}
    [2012/07/20 00:30:45 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ACB83FF0-CCE4-4C14-BF50-A55553597185}
    [2012/07/20 00:30:27 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D7A98C4F-1BDD-4A42-8185-CB3F85E242F7}
    [2012/07/19 02:23:50 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E4880BAA-0810-4B5B-BD3C-F5784842BF95}
    [2012/07/19 02:23:36 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9D949425-9EF3-4678-8698-8719701EEC91}
    [2012/07/23 15:54:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{4DE44471-4C2A-47A9-BE6F-ECB059A61BAC}
    [2012/07/23 15:54:37 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1355615D-19A0-44B8-879A-CEF55135A436}
    [2012/07/23 15:54:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A11CBD02-E0F9-4389-8582-4DC2A55A8A32}
    [2012/07/23 15:54:21 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{5FAFC5E1-72F0-4316-80F8-19E7C29947A9}
    [2012/07/23 00:44:14 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F80AC287-1102-4DD9-9FA9-2647F2184642}
    [2012/07/23 00:44:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0DA735E8-36BF-4279-B9E1-8AAE995CBAC9}
    [2012/07/22 12:43:42 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{37815977-5BE2-403F-9AFB-82B2BC40A4B7}
    [2012/07/22 12:43:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{2396A9DF-9EAB-45A5-85DF-8FE9CA087925}
    [2012/07/22 00:43:01 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A91145C8-5FF4-4DC8-B184-F7641EA7F17B}
    [2012/07/22 00:42:56 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{3B82FF4A-EA44-42E0-AECE-BB3FE886439E}
    [2012/07/22 00:42:53 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9F9CDB43-8A24-4F33-8F0E-CEDCB1F15E5D}
    [2012/07/22 00:42:42 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{8DEEDD9B-00E9-47EB-A66E-56D11095C6C7}
    [2012/07/21 12:33:03 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0886C110-3C47-4B60-A690-FE9F997FCC94}
    [2012/07/21 12:32:49 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{16711AAB-140E-4201-A2EC-7157AD21E8F0}
    [2012/07/21 00:32:30 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E2B80095-2088-4A43-BE74-03934EB000B6}
    [2012/07/21 00:32:16 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ABBF0ED4-8FBA-4325-B5F1-28BB64688DC8}
    [2012/07/20 12:31:46 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7469BEEB-ED93-4017-9B7F-902AEC111EF4}
    [2012/07/20 12:31:24 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AB69291B-6DD3-4470-AC8E-71DA878B3A02}
    [2012/07/27 01:36:12 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E9798E50-8878-4570-A8E4-15F7B3E34E5D}
    [2012/07/27 01:35:58 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{295A97E6-F5FE-47C5-B13C-FDAAB6987A41}
    [2012/07/26 13:35:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7C487A08-2369-4316-B2C4-BEDB2609414C}
    [2012/07/26 13:35:21 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{F1CF51BB-EEE8-435C-87EC-F1DC582F45C9}
    [2012/07/26 01:34:59 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{3D6277D1-02DF-4EBD-8B3B-4B056A9D4EE8}
    [2012/07/25 13:34:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{15173E05-886B-415A-9B12-0C7845DABFDF}
    [2012/07/25 13:34:25 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0D3EA84D-AD8F-4CCD-B8EA-850844BFE716}
    [2012/07/25 01:34:03 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{ACDF21BB-8C74-4930-B6C1-D75E8DF64B2F}
    [2012/07/25 01:33:48 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{70DC95F7-C364-418D-9B95-823B19ABFA39}
    [2012/07/24 09:13:18 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AC327645-3104-499B-B797-B24B0448CEA4}
    [2012/07/24 09:13:17 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{307EFE32-A1AE-4AA8-9DF7-DBC7589225F4}
    [2012/07/24 09:13:15 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{93412E8A-AAA9-4771-A2B4-B25B0229CA02}
    [2012/07/24 09:13:02 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{FA268D4E-5C65-4FC6-96F5-D5EF641EC13A}
    [2012/08/01 21:19:38 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{0E72E996-4967-49C9-8960-E7EE95B54156}
    [2012/08/01 21:19:25 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C0EB5F4E-D15A-47AB-ADF6-E20C01F6D9E1}
    [2012/08/01 09:03:31 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{C8E4BE5F-0CEF-4DB1-A944-FFEB924D456B}
    [2012/08/01 09:03:29 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{A2819871-C853-4F96-A205-DFEDCC208986}
    [2012/08/01 09:03:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B638FDE6-F26B-474D-823F-9ECA7239D972}
    [2012/08/01 09:03:15 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{5A69A43E-2D01-4759-819C-6A708BA4C999}
    [2012/07/31 20:10:42 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{D1D3DA5D-5E30-423E-9126-2C31858DA683}
    [2012/07/31 20:10:28 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{B344E840-1CEC-41FB-891C-EA56CAA03567}
    [2012/07/31 08:10:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{DCAB07A4-698B-4814-A8A3-C273FD4F2653}
    [2012/07/31 08:09:51 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9DEC382B-D9A5-4226-9774-9A7DDBE1428B}
    [2012/07/31 08:09:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{1D6DEDF2-5052-4FF0-AE75-24EF266848DA}
    [2012/07/30 15:21:47 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{24C59022-A942-4D6E-AF95-7ADE1682DB7C}
    [2012/07/30 15:21:43 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{5566CF8D-C31E-47E9-A002-E9B6D8EB381E}
    [2012/07/30 15:21:40 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{E1D05565-E5A9-4142-BAC9-1B41EF4D0084}
    [2012/07/30 15:21:23 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{37C606FA-7012-40E8-8286-AB53A2A0E7FF}
    [2012/07/30 00:55:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{24554ED0-7833-405D-AA58-54D8ADA280AD}
    [2012/07/30 00:54:47 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{56809547-4C42-4240-8145-15DEA862E32E}
    [2012/07/29 12:54:27 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{762EEBD1-C328-43B9-934D-860C14EBB949}
    [2012/07/29 12:54:13 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{45E9C452-8C31-4997-80BB-3653D8CFC53C}
    [2012/07/28 23:26:35 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{9A3679E5-B071-40CE-ACAA-7698A1AF2CF0}
    [2012/07/28 23:26:30 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{749919C6-CAF2-4BBE-B996-9A38F3F8D313}
    [2012/07/28 23:26:27 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{260BCAFB-8B8C-4708-A9BA-3B4FD2181A95}
    [2012/07/28 23:26:09 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{000BEA3A-977F-4192-AEB1-2A679656D95C}
    [2012/07/28 10:00:04 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AC9304CE-928F-4853-8BD2-6C190501355E}
    [2012/07/28 10:00:02 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{108C0F37-FC29-412D-BC27-64E76F48637C}
    [2012/07/28 10:00:00 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{506E6200-6B61-43B6-992F-6C8E5D5FF199}
    [2012/07/28 09:59:47 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{7A23CBC4-18B7-4D60-9776-FCEA9D09A5E1}
    [2012/07/27 17:51:29 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{FDFF94F7-5AEE-4084-AE89-C418A59A4118}
    [2012/07/27 17:51:26 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{EA3FE2E3-6BAD-4F51-AF4B-BD73243495DC}
    [2012/07/27 17:51:21 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{6A9C2712-60F1-4673-B490-25D0D95C6A2F}
    [2012/07/27 17:51:05 | 000,000,000 | ---D | C] -- F:\Users\P1\AppData\Local\{AD4F80AE-0946-4E83-A1AC-A1D036685156}
    IE - HKLM\..\URLSearchHook: {81d24ea1-3106-46a5-a324-fa96b8178519} - SOFTWARE\Classes\CLSID\{81d24ea1-3106-46a5-a324-fa96b8178519}\InprocServer32 File not found
    [2012/01/11 08:39:39 | 000,002,048 | -HS- | C] () -- F:\Users\P1\AppData\Local\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\@
    
    :Files
    F:\Users\P1\AppData\Local\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}
    F:\Windows\Installer\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Edited by D-FRED-BROWN, 01 August 2012 - 11:15 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 02 August 2012 - 03:57 AM

ok... i've done that and all seems fine still :)


All processes killed
========== OTL ==========
Unable to delete ADS F:\ProgramData\TEMP:76650B61 .
Folder F:\Users\P1\AppData\Local\{C2229D12-A64C-485C-AE64-1757E7DCC552}\ not found.
Folder F:\Users\P1\AppData\Local\{A4A98507-0E5B-4EB9-914A-B8DAED3AA6D4}\ not found.
Folder F:\Users\P1\AppData\Local\{31404107-A00D-48DB-AB3A-53384B34D36E}\ not found.
Folder F:\Users\P1\AppData\Local\{B469F862-E9DE-45C7-8E19-4D1FF63E5C14}\ not found.
Folder F:\Users\P1\AppData\Local\{860B05EF-CBC9-4A30-B451-9E6E0BDBC1DB}\ not found.
Folder F:\Users\P1\AppData\Local\{2E136F16-22E1-4D9C-A49A-E8CFD5C42C6C}\ not found.
Folder F:\Users\P1\AppData\Local\{C6E4914F-6893-408F-BF2B-7F94EFD6BB57}\ not found.
Folder F:\Users\P1\AppData\Local\{D6895200-D3D4-4BF8-8429-51148B395072}\ not found.
Folder F:\Users\P1\AppData\Local\{599362ED-35D7-4DFC-AAAE-F9AF4B6CB1F4}\ not found.
Folder F:\Users\P1\AppData\Local\{2F45DE04-51A2-42B4-9756-0F9F88D5DBFD}\ not found.
Folder F:\Users\P1\AppData\Local\{4CB38E6D-5183-4394-A86F-C096536976B1}\ not found.
Folder F:\Users\P1\AppData\Local\{2CD645F0-DB13-4EA0-B372-558A8D3DB518}\ not found.
Folder F:\Users\P1\AppData\Local\{8F441228-660E-4885-8922-F512709C9F49}\ not found.
Folder F:\Users\P1\AppData\Local\{C1F93E0A-160C-4556-8D32-7036A840E064}\ not found.
Folder F:\Users\P1\AppData\Local\{A48B2D2F-4B8E-4028-97C7-31C613CA3429}\ not found.
Folder F:\Users\P1\AppData\Local\{AF580D92-CEB2-410A-AAF4-6EB7623644F0}\ not found.
Folder F:\Users\P1\AppData\Local\{2A2187D8-5DC1-4D67-B307-3D55743F4F1B}\ not found.
Folder F:\Users\P1\AppData\Local\{8F9930A8-9BF4-495C-908E-5163C8BD7DB0}\ not found.
Folder F:\Users\P1\AppData\Local\{05D5E643-DE05-4DAD-8796-881F21802F2D}\ not found.
Folder F:\Users\P1\AppData\Local\{E2586E2B-D800-4B7D-B326-4A235C9F4327}\ not found.
Folder F:\Users\P1\AppData\Local\{A1AFEE27-4428-47B0-B30D-09BE2EB61D6E}\ not found.
Folder F:\Users\P1\AppData\Local\{33F74923-1FE0-4011-8F15-393AD23A7955}\ not found.
Folder F:\Users\P1\AppData\Local\{D283232E-E22E-42A8-924F-24D90B4683F2}\ not found.
Folder F:\Users\P1\AppData\Local\{A8CF59F7-5798-4641-9FE7-B00847002FA2}\ not found.
Folder F:\Users\P1\AppData\Local\{1AE0A3AA-773A-4C37-BA6D-A9EA81753BB1}\ not found.
Folder F:\Users\P1\AppData\Local\{D32FBFA2-3804-40BD-934D-71F9C8DB7921}\ not found.
Folder F:\Users\P1\AppData\Local\{D979E885-F767-493B-BE44-1642C6915D3D}\ not found.
Folder F:\Users\P1\AppData\Local\{C6FD75D2-033B-42B1-A3A8-A6EEFF0EBC7A}\ not found.
Folder F:\Users\P1\AppData\Local\{0F007ACF-E659-4194-9825-3807AE394AAC}\ not found.
Folder F:\Users\P1\AppData\Local\{3A6C4CA1-5E47-417F-AB87-0323FDC22BF3}\ not found.
Folder F:\Users\P1\AppData\Local\{B53315B3-9584-4186-B6C8-C6AD23E0ACDF}\ not found.
Folder F:\Users\P1\AppData\Local\{969E35B3-D81E-4523-9EB4-3F82F525C9B9}\ not found.
Folder F:\Users\P1\AppData\Local\{1BCD139F-2473-4556-992A-27FEB4E77073}\ not found.
Folder F:\Users\P1\AppData\Local\{0A611A47-2FF1-4365-B0D5-DF4EDC0D82FF}\ not found.
Folder F:\Users\P1\AppData\Local\{4EB489B2-6F31-4DE7-8B3F-923E7BE95F1A}\ not found.
Folder F:\Users\P1\AppData\Local\{031F4BA8-8DAB-4B8B-BB70-F0264251508B}\ not found.
Folder F:\Users\P1\AppData\Local\{BB16E195-A580-497D-BA5F-671CAA658CC5}\ not found.
Folder F:\Users\P1\AppData\Local\{DCDAAA5A-FF0F-49FA-9739-7076BEA0BB19}\ not found.
Folder F:\Users\P1\AppData\Local\{A6AF296A-604E-46AA-B700-339E2E4F24D7}\ not found.
Folder F:\Users\P1\AppData\Local\{9C166367-91DB-4E0E-9613-41B8979D700F}\ not found.
Folder F:\Users\P1\AppData\Local\{5A19A718-2552-4C68-8BA4-4AC455F647AE}\ not found.
Folder F:\Users\P1\AppData\Local\{DBBED7FB-2E73-4244-B915-1BBD40373DF2}\ not found.
Folder F:\Users\P1\AppData\Local\{F217D181-5B68-4A49-B4D0-AC790BD6FAB4}\ not found.
Folder F:\Users\P1\AppData\Local\{57D99CA8-442E-419B-9BB7-65C52105E3DD}\ not found.
Folder F:\Users\P1\AppData\Local\{F2FDC838-8429-4124-AF2D-3772C93619A1}\ not found.
Folder F:\Users\P1\AppData\Local\{A3DDF91C-5380-4A73-8290-BA5FC55A54CE}\ not found.
Folder F:\Users\P1\AppData\Local\{F2ACB906-B08C-49A5-9D3B-B4159596C602}\ not found.
Folder F:\Users\P1\AppData\Local\{2E7435FB-F0C4-4896-91C0-0889BCE2B6CB}\ not found.
Folder F:\Users\P1\AppData\Local\{7866719A-E732-4BFB-B276-E06953F821FA}\ not found.
Folder F:\Users\P1\AppData\Local\{20ADDA7D-F6F5-4CD7-A238-B3098D40159A}\ not found.
Folder F:\Users\P1\AppData\Local\{7BF81C4B-200A-45D4-ACA3-EAF40D979B03}\ not found.
Folder F:\Users\P1\AppData\Local\{AF940ED5-30CC-4142-A04E-1364EC4E86BC}\ not found.
Folder F:\Users\P1\AppData\Local\{82E455DC-217D-41A5-8605-21C1C46E19DB}\ not found.
Folder F:\Users\P1\AppData\Local\{ADB1B400-387F-4F11-9CD4-4FAE71143DA5}\ not found.
Folder F:\Users\P1\AppData\Local\{A92E3F3F-7057-4030-AF5D-7B38944099E8}\ not found.
Folder F:\Users\P1\AppData\Local\{4E99551F-5771-4D8E-8A42-15AE87A78647}\ not found.
Folder F:\Users\P1\AppData\Local\{D594ADDC-4708-4405-9FAF-0E0566C91DDE}\ not found.
Folder F:\Users\P1\AppData\Local\{EBEF386E-3B3C-435C-9BF4-780728C681DD}\ not found.
Folder F:\Users\P1\AppData\Local\{6BFBCE06-BCBE-4369-A7C7-5F6E570EC96A}\ not found.
Folder F:\Users\P1\AppData\Local\{954416F8-11AF-4EB9-A803-E4F5647FD6CA}\ not found.
Folder F:\Users\P1\AppData\Local\{CA33EBDA-ABC9-4FBD-B8CA-71121B669B0F}\ not found.
Folder F:\Users\P1\AppData\Local\{6DAD70D7-9026-439C-A453-9B83956E1AA8}\ not found.
Folder F:\Users\P1\AppData\Local\{B5C4F0B7-9CA8-49DD-92F6-DB47E4455DB5}\ not found.
Folder F:\Users\P1\AppData\Local\{CFFBBDE7-AA4D-487E-B8D3-7A284F9F9F0D}\ not found.
Folder F:\Users\P1\AppData\Local\{1E69466D-4F57-4F34-8369-BC9CE52D99E9}\ not found.
Folder F:\Users\P1\AppData\Local\{3484D303-4142-4C7B-A96D-410BFBF61CAE}\ not found.
Folder F:\Users\P1\AppData\Local\{66001512-96BB-4027-A9E1-740FFA167E30}\ not found.
Folder F:\Users\P1\AppData\Local\{EE55DE51-6BAD-4FB7-944B-8AED76DA9A11}\ not found.
Folder F:\Users\P1\AppData\Local\{ECA72B2D-9E2B-4E90-9467-EF7BA9ECB66C}\ not found.
Folder F:\Users\P1\AppData\Local\{7265256F-1015-41B7-9C6F-C76A8DB9C2E1}\ not found.
Folder F:\Users\P1\AppData\Local\{1B5F8214-14D4-435F-87F7-9C39A71C9A42}\ not found.
Folder F:\Users\P1\AppData\Local\{8B4A5683-5B0B-458E-9CBC-386A9F623704}\ not found.
Folder F:\Users\P1\AppData\Local\{DC29A1D2-932B-4D1E-BF80-3EABBF963C4B}\ not found.
Folder F:\Users\P1\AppData\Local\{8D29A7C3-302E-4328-8288-4196A10B2B3D}\ not found.
Folder F:\Users\P1\AppData\Local\{D80D2A49-C952-4CF9-8D12-7DEB719F64FD}\ not found.
Folder F:\Users\P1\AppData\Local\{ACB83FF0-CCE4-4C14-BF50-A55553597185}\ not found.
Folder F:\Users\P1\AppData\Local\{D7A98C4F-1BDD-4A42-8185-CB3F85E242F7}\ not found.
Folder F:\Users\P1\AppData\Local\{E4880BAA-0810-4B5B-BD3C-F5784842BF95}\ not found.
Folder F:\Users\P1\AppData\Local\{9D949425-9EF3-4678-8698-8719701EEC91}\ not found.
Folder F:\Users\P1\AppData\Local\{4DE44471-4C2A-47A9-BE6F-ECB059A61BAC}\ not found.
Folder F:\Users\P1\AppData\Local\{1355615D-19A0-44B8-879A-CEF55135A436}\ not found.
Folder F:\Users\P1\AppData\Local\{A11CBD02-E0F9-4389-8582-4DC2A55A8A32}\ not found.
Folder F:\Users\P1\AppData\Local\{5FAFC5E1-72F0-4316-80F8-19E7C29947A9}\ not found.
Folder F:\Users\P1\AppData\Local\{F80AC287-1102-4DD9-9FA9-2647F2184642}\ not found.
Folder F:\Users\P1\AppData\Local\{0DA735E8-36BF-4279-B9E1-8AAE995CBAC9}\ not found.
Folder F:\Users\P1\AppData\Local\{37815977-5BE2-403F-9AFB-82B2BC40A4B7}\ not found.
Folder F:\Users\P1\AppData\Local\{2396A9DF-9EAB-45A5-85DF-8FE9CA087925}\ not found.
Folder F:\Users\P1\AppData\Local\{A91145C8-5FF4-4DC8-B184-F7641EA7F17B}\ not found.
Folder F:\Users\P1\AppData\Local\{3B82FF4A-EA44-42E0-AECE-BB3FE886439E}\ not found.
Folder F:\Users\P1\AppData\Local\{9F9CDB43-8A24-4F33-8F0E-CEDCB1F15E5D}\ not found.
Folder F:\Users\P1\AppData\Local\{8DEEDD9B-00E9-47EB-A66E-56D11095C6C7}\ not found.
Folder F:\Users\P1\AppData\Local\{0886C110-3C47-4B60-A690-FE9F997FCC94}\ not found.
Folder F:\Users\P1\AppData\Local\{16711AAB-140E-4201-A2EC-7157AD21E8F0}\ not found.
Folder F:\Users\P1\AppData\Local\{E2B80095-2088-4A43-BE74-03934EB000B6}\ not found.
Folder F:\Users\P1\AppData\Local\{ABBF0ED4-8FBA-4325-B5F1-28BB64688DC8}\ not found.
Folder F:\Users\P1\AppData\Local\{7469BEEB-ED93-4017-9B7F-902AEC111EF4}\ not found.
Folder F:\Users\P1\AppData\Local\{AB69291B-6DD3-4470-AC8E-71DA878B3A02}\ not found.
Folder F:\Users\P1\AppData\Local\{E9798E50-8878-4570-A8E4-15F7B3E34E5D}\ not found.
Folder F:\Users\P1\AppData\Local\{295A97E6-F5FE-47C5-B13C-FDAAB6987A41}\ not found.
Folder F:\Users\P1\AppData\Local\{7C487A08-2369-4316-B2C4-BEDB2609414C}\ not found.
Folder F:\Users\P1\AppData\Local\{F1CF51BB-EEE8-435C-87EC-F1DC582F45C9}\ not found.
Folder F:\Users\P1\AppData\Local\{3D6277D1-02DF-4EBD-8B3B-4B056A9D4EE8}\ not found.
Folder F:\Users\P1\AppData\Local\{15173E05-886B-415A-9B12-0C7845DABFDF}\ not found.
Folder F:\Users\P1\AppData\Local\{0D3EA84D-AD8F-4CCD-B8EA-850844BFE716}\ not found.
Folder F:\Users\P1\AppData\Local\{ACDF21BB-8C74-4930-B6C1-D75E8DF64B2F}\ not found.
Folder F:\Users\P1\AppData\Local\{70DC95F7-C364-418D-9B95-823B19ABFA39}\ not found.
Folder F:\Users\P1\AppData\Local\{AC327645-3104-499B-B797-B24B0448CEA4}\ not found.
Folder F:\Users\P1\AppData\Local\{307EFE32-A1AE-4AA8-9DF7-DBC7589225F4}\ not found.
Folder F:\Users\P1\AppData\Local\{93412E8A-AAA9-4771-A2B4-B25B0229CA02}\ not found.
Folder F:\Users\P1\AppData\Local\{FA268D4E-5C65-4FC6-96F5-D5EF641EC13A}\ not found.
Folder F:\Users\P1\AppData\Local\{0E72E996-4967-49C9-8960-E7EE95B54156}\ not found.
Folder F:\Users\P1\AppData\Local\{C0EB5F4E-D15A-47AB-ADF6-E20C01F6D9E1}\ not found.
Folder F:\Users\P1\AppData\Local\{C8E4BE5F-0CEF-4DB1-A944-FFEB924D456B}\ not found.
Folder F:\Users\P1\AppData\Local\{A2819871-C853-4F96-A205-DFEDCC208986}\ not found.
Folder F:\Users\P1\AppData\Local\{B638FDE6-F26B-474D-823F-9ECA7239D972}\ not found.
Folder F:\Users\P1\AppData\Local\{5A69A43E-2D01-4759-819C-6A708BA4C999}\ not found.
Folder F:\Users\P1\AppData\Local\{D1D3DA5D-5E30-423E-9126-2C31858DA683}\ not found.
Folder F:\Users\P1\AppData\Local\{B344E840-1CEC-41FB-891C-EA56CAA03567}\ not found.
Folder F:\Users\P1\AppData\Local\{DCAB07A4-698B-4814-A8A3-C273FD4F2653}\ not found.
Folder F:\Users\P1\AppData\Local\{9DEC382B-D9A5-4226-9774-9A7DDBE1428B}\ not found.
Folder F:\Users\P1\AppData\Local\{1D6DEDF2-5052-4FF0-AE75-24EF266848DA}\ not found.
Folder F:\Users\P1\AppData\Local\{24C59022-A942-4D6E-AF95-7ADE1682DB7C}\ not found.
Folder F:\Users\P1\AppData\Local\{5566CF8D-C31E-47E9-A002-E9B6D8EB381E}\ not found.
Folder F:\Users\P1\AppData\Local\{E1D05565-E5A9-4142-BAC9-1B41EF4D0084}\ not found.
Folder F:\Users\P1\AppData\Local\{37C606FA-7012-40E8-8286-AB53A2A0E7FF}\ not found.
Folder F:\Users\P1\AppData\Local\{24554ED0-7833-405D-AA58-54D8ADA280AD}\ not found.
Folder F:\Users\P1\AppData\Local\{56809547-4C42-4240-8145-15DEA862E32E}\ not found.
Folder F:\Users\P1\AppData\Local\{762EEBD1-C328-43B9-934D-860C14EBB949}\ not found.
Folder F:\Users\P1\AppData\Local\{45E9C452-8C31-4997-80BB-3653D8CFC53C}\ not found.
Folder F:\Users\P1\AppData\Local\{9A3679E5-B071-40CE-ACAA-7698A1AF2CF0}\ not found.
Folder F:\Users\P1\AppData\Local\{749919C6-CAF2-4BBE-B996-9A38F3F8D313}\ not found.
Folder F:\Users\P1\AppData\Local\{260BCAFB-8B8C-4708-A9BA-3B4FD2181A95}\ not found.
Folder F:\Users\P1\AppData\Local\{000BEA3A-977F-4192-AEB1-2A679656D95C}\ not found.
Folder F:\Users\P1\AppData\Local\{AC9304CE-928F-4853-8BD2-6C190501355E}\ not found.
Folder F:\Users\P1\AppData\Local\{108C0F37-FC29-412D-BC27-64E76F48637C}\ not found.
Folder F:\Users\P1\AppData\Local\{506E6200-6B61-43B6-992F-6C8E5D5FF199}\ not found.
Folder F:\Users\P1\AppData\Local\{7A23CBC4-18B7-4D60-9776-FCEA9D09A5E1}\ not found.
Folder F:\Users\P1\AppData\Local\{FDFF94F7-5AEE-4084-AE89-C418A59A4118}\ not found.
Folder F:\Users\P1\AppData\Local\{EA3FE2E3-6BAD-4F51-AF4B-BD73243495DC}\ not found.
Folder F:\Users\P1\AppData\Local\{6A9C2712-60F1-4673-B490-25D0D95C6A2F}\ not found.
Folder F:\Users\P1\AppData\Local\{AD4F80AE-0946-4E83-A1AC-A1D036685156}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81d24ea1-3106-46a5-a324-fa96b8178519} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81d24ea1-3106-46a5-a324-fa96b8178519}\ not found.
File F:\Users\P1\AppData\Local\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\@ not found.
========== FILES ==========
F:\Users\P1\AppData\Local\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\U folder moved successfully.
F:\Users\P1\AppData\Local\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\L folder moved successfully.
F:\Users\P1\AppData\Local\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677} folder moved successfully.
F:\Windows\Installer\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\U folder moved successfully.
F:\Windows\Installer\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\L folder moved successfully.
F:\Windows\Installer\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: P1
->Temp folder emptied: 935417 bytes
->Temporary Internet Files folder emptied: 216301279 bytes
->Java cache emptied: 57159 bytes
->FireFox cache emptied: 72497025 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 51179 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 203846 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 63670480 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 665 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 337.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: P1
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: P1
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08022012_094817

Files\Folders moved on Reboot...
F:\Users\P1\AppData\Local\Temp\Low\REGDA10.tmp moved successfully.
F:\Users\P1\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder F:\Users\P1\AppData\Local\Temp\~DF7B86A594115DD64C.TMP not found!
F:\Users\P1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
F:\Users\P1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...
File F:\Users\P1\AppData\Local\Temp\Low\REGDA10.tmp not found!
File F:\Users\P1\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File F:\Users\P1\AppData\Local\Temp\~DF7B86A594115DD64C.TMP not found!
File F:\Users\P1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File F:\Users\P1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:52 PM

Posted 02 August 2012 - 01:54 PM

Looking much better. :)

Let's run this online scan to verify we haven't missed anything:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 02 August 2012 - 03:06 PM

I already ran that earlier today to check everything was ok and got a clean scan...
Everything still appears to be running completely normally :)
Thanks again for all your help

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:52 PM

Posted 02 August 2012 - 03:25 PM

Glad to hear things are swell. :)

Before we move on, please take the time to install the following updates. Using outdated applications leaves you vulnerable to getting infected again.


Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them: Posted Image
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

----------------

Firefox is out of date. Using an outdated version of a web browser leaves you extremely vulnerable to malware!
Please visit Mozilla site and update it to the latest version.

----------------

Please let me know how the updates go, as failed updates may indicate additional malware.

Edited by D-FRED-BROWN, 02 August 2012 - 03:25 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 02 August 2012 - 03:48 PM

All updated and everything is still running just fine :)
Once again i thank you for your time and help to cure this :)

#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:52 PM

Posted 02 August 2012 - 03:51 PM

Glad the updates went well. And no problem. :)


We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

First, let's remove ComboFix:
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Let's remove OTL as well:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.


It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available A tutorial on understanding and using firewalls may be found here.


If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 02 August 2012 - 06:14 PM

All done :)
Thanks very much

#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:52 PM

Posted 02 August 2012 - 06:23 PM

Glad to hear! I'll close this topic shortly. If you need anything, feel free to send me a private message and I can re-open the topic.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:10:52 PM

Posted 02 August 2012 - 06:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users