Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Computer's a mess, need assistance.

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Fri Jun 22, 2012 5:30 pm    Post subject: Computer's a mess, need assistance. Reply with quote

I was away, and I had relatives over, in hindsight, I should've created a guest account for them to use. Long story short, when I returned, the computer is infected with something.

What's worse, my relatives mentioned they tried fixing it themselves, they just made it infinitely complicated, so I am in need of some assistance.

From what I can see, it's a rootkit if some kind, AV and windows update is disabled, a lot of things simply refuse to start, and some things simply don't work saying I don't have admin rights, I really don't want to make things worse by self-diagnosing.

My relatives told me they ran ComboFix, The log is still there, so I figured I'll attach that, in addition to the DDS log.

Quote:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Alex at 11:15:19 on 2012-06-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4061.2666 [GMT 10:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Alex\0i763f66bz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.internode.on.net/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [0i763f66bz] C:\Users\Alex\0i763f66bz.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6DDFEA9F-4669-4EE7-B2AA-EE3183ECE2BA} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\3wyrammo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.internode.on.net/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-17 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-19 155648]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\system32\DRIVERS\ITECIRfilter.sys --> C:\Windows\system32\DRIVERS\ITECIRfilter.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-24 652360]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-28 226624]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-23 00:41:28 98816 ----a-w- C:\Windows\sed.exe
2012-06-23 00:41:28 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-23 00:41:28 256000 ----a-w- C:\Windows\PEV.exe
2012-06-23 00:41:28 208896 ----a-w- C:\Windows\MBR.exe
2012-06-22 22:43:08 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-22 15:54:42 -------- d-----w- C:\Users\Alex\AppData\Local\{A0D899AF-E8E2-4A62-9CFE-881E46BC306B}
2012-06-22 15:54:31 -------- d-----w- C:\Users\Alex\AppData\Local\{8FC45670-8F69-4DB8-819B-E3A58EA1FA27}
2012-06-22 15:54:10 -------- d-----w- C:\Users\Alex\AppData\Local\{0C1F844E-E978-4AB0-9036-C05F06F4BD4B}
2012-06-22 15:40:08 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C9E42F9-8BD2-48C6-A492-AE7F3B21A2A4}\mpengine.dll
2012-06-21 13:17:23 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-21 13:07:36 -------- d-----w- C:\Users\Alex\AppData\Local\{8ADDD94E-A162-4642-8A83-69DB320651D7}
2012-06-21 13:07:26 -------- d-----w- C:\Users\Alex\AppData\Local\{BAC873E0-A73A-49A1-A7BC-7FAAFAF0D43C}
2012-06-21 13:07:15 -------- d-----w- C:\Users\Alex\AppData\Local\{4A1C36AD-8DF2-4F03-B91E-10F8EC2CA72C}
2012-06-21 13:06:53 -------- d-----w- C:\Users\Alex\AppData\Local\{F56A780C-D164-4E4E-AA3E-05AFB558DB64}
2012-06-20 12:53:25 -------- d-----w- C:\Users\Alex\AppData\Local\{879B0050-1F2A-4CF8-B89E-C0DCB61CE654}
2012-06-20 12:53:15 -------- d-----w- C:\Users\Alex\AppData\Local\{53A962BB-EF1D-4468-8288-D651269BD39E}
2012-06-20 12:52:54 -------- d-----w- C:\Users\Alex\AppData\Local\{9BBA2E20-3A2E-43EA-868C-7F77577B3D10}
2012-06-19 12:17:33 -------- d-----w- C:\Users\Alex\AppData\Local\{D6FE123F-ECC7-45F2-937C-46727D8FBE03}
2012-06-19 12:17:17 -------- d-----w- C:\Users\Alex\AppData\Local\{E470165A-A874-4E51-9D17-535C3D7ACF8F}
2012-06-19 12:17:07 -------- d-----w- C:\Users\Alex\AppData\Local\{234F08A9-3CC8-4903-894A-D50D335758FF}
2012-06-19 12:16:45 -------- d-----w- C:\Users\Alex\AppData\Local\{41D7FCF3-E555-4C24-ADA6-28F05CDC50E0}
2012-06-18 13:48:58 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-18 13:48:58 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-18 13:48:53 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-18 13:48:52 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-18 13:48:52 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-18 13:48:52 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-18 13:48:52 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-18 13:48:52 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-18 13:48:01 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-18 12:58:58 -------- d-----w- C:\Users\Alex\AppData\Local\{8279EFDA-71AE-4EF3-8F84-0BF880AAFEDA}
2012-06-17 12:47:14 -------- d-----w- C:\Users\Alex\AppData\Local\{014F84BE-0735-4B4A-A6E4-A74A0B5E9506}
2012-06-16 13:00:15 -------- d-----w- C:\Users\Alex\AppData\Local\{F8CD2A2D-711F-406F-B065-62EAEFDA79EB}
2012-06-15 14:37:16 -------- d-----w- C:\Users\Alex\AppData\Local\{18669B4F-8D2E-4198-B41E-2DDA312FA7C1}
2012-06-14 16:32:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-14 16:32:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 14:03:56 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE5A39D0-E803-434B-9394-C64E3B29A576}\gapaengine.dll
2012-06-14 13:53:13 -------- d-----w- C:\Users\Alex\AppData\Local\{B967434D-DA8D-4A51-9EF7-1CB9BBFFFEC0}
2012-06-14 13:53:03 -------- d-----w- C:\Users\Alex\AppData\Local\{76653D10-AA56-486A-BE4F-5EE1FCDEBE41}
2012-06-14 13:52:53 -------- d-----w- C:\Users\Alex\AppData\Local\{01E9455C-5E40-49B4-BD91-5621E0815EE6}
2012-06-14 13:52:42 -------- d-----w- C:\Users\Alex\AppData\Local\{E674902C-60F6-46B5-A6B5-C94064EFD133}
2012-06-13 11:55:34 -------- d-----w- C:\Users\Alex\AppData\Local\{AF990DD6-9325-4DAA-B12F-C8FCCBBB2784}
2012-06-13 11:55:30 -------- d-----w- C:\Users\Alex\AppData\Local\{81A47D29-8B36-4EDF-BD3E-633045B76AC7}
2012-06-13 11:55:08 -------- d-----w- C:\Users\Alex\AppData\Local\{D0D0C38B-E369-499B-A02A-218FBF16FE4F}
2012-06-12 12:38:43 -------- d-----w- C:\Users\Alex\AppData\Local\{F3C59AC1-F8B3-476D-8F92-EA7E8FD73759}
2012-06-12 12:38:33 -------- d-----w- C:\Users\Alex\AppData\Local\{65887C09-2BF0-4B63-BCA5-3DBB5AB72365}
2012-06-12 12:38:23 -------- d-----w- C:\Users\Alex\AppData\Local\{1597D96F-7B3C-436A-A2CB-1274AE8AB207}
2012-06-12 12:38:01 -------- d-----w- C:\Users\Alex\AppData\Local\{BC4B4985-3826-49C6-BAA9-F5194207F78B}
2012-06-11 13:03:06 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-11 13:03:06 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-11 10:56:24 -------- d-----w- C:\Users\Alex\AppData\Local\{A10F425F-D531-4C8A-9882-C3E98A855AED}
2012-06-11 10:56:14 -------- d-----w- C:\Users\Alex\AppData\Local\{FCBA5B24-603F-4DE8-A75B-00EB24FC528D}
2012-06-11 10:56:04 -------- d-----w- C:\Users\Alex\AppData\Local\{68B5A94F-8D12-4370-A416-E874F7A8224E}
2012-06-11 10:55:42 -------- d-----w- C:\Users\Alex\AppData\Local\{725CCF77-7FC3-4348-A9A0-52031E5F2C0A}
2012-06-10 17:01:46 -------- d-----w- C:\Users\Alex\AppData\Local\{CBD952B8-177B-4858-8BCD-4DCA311CABCE}
2012-06-10 17:01:36 -------- d-----w- C:\Users\Alex\AppData\Local\{4F872EF3-6E5F-4469-96EF-696761BF44CC}
2012-06-10 17:01:13 -------- d-----w- C:\Users\Alex\AppData\Local\{78DB14C3-8EE2-47D2-8CF2-107339DEA9E1}
2012-06-09 16:08:35 -------- d-----w- C:\Users\Alex\AppData\Local\Macromedia
2012-06-09 13:27:07 -------- d-----w- C:\Users\Alex\AppData\Local\{3A9209CF-3259-4AD5-BBD5-D8FA4365CC2B}
2012-06-09 13:26:56 -------- d-----w- C:\Users\Alex\AppData\Local\{A09FDD44-53C5-4644-93AD-6C1A47752048}
2012-06-09 13:26:34 -------- d-----w- C:\Users\Alex\AppData\Local\{F2BBA8F8-B096-46E5-85C8-8553F42BFF2E}
2012-06-08 09:17:15 -------- d-----w- C:\Users\Alex\AppData\Local\{5A66BEB0-9C77-458E-8423-B78C7743B31A}
2012-06-08 09:17:04 -------- d-----w- C:\Users\Alex\AppData\Local\{B1650788-327C-4DC2-AEE0-921876B417E6}
2012-06-07 13:10:24 -------- d-----w- C:\Users\Alex\AppData\Local\{E1CA3552-A544-4846-9CDF-AEE7B0E0B4BA}
2012-06-07 13:10:19 -------- d-----w- C:\Users\Alex\AppData\Local\{02CC7233-EE6E-468E-B6D9-662B1D6A2B2F}
2012-06-07 13:10:04 -------- d-----w- C:\Users\Alex\AppData\Local\{2EC96905-1E67-4AF4-91F1-7D8C5B6A3CC8}
2012-06-06 13:13:23 -------- d-----w- C:\Users\Alex\AppData\Local\{E2EBB476-7791-4651-B126-0B82DD72D0B9}
2012-06-06 13:13:11 -------- d-----w- C:\Users\Alex\AppData\Local\{41D52D74-1DEE-4984-B440-99B015A0DAF2}
2012-06-06 13:12:47 -------- d-----w- C:\Users\Alex\AppData\Local\{D82562A7-AEB6-430B-8C24-DA3ED32D2502}
2012-06-05 10:11:40 -------- d-----w- C:\Users\Alex\AppData\Local\{496C7355-A162-4873-8236-3DC3DB2B94F2}
2012-06-05 10:11:23 -------- d-----w- C:\Users\Alex\AppData\Local\{B65710EE-85D2-40CE-A5D0-8F89AB649B50}
2012-06-04 16:50:52 -------- d-----w- C:\Users\Alex\AppData\Local\{1C6060EB-FFE6-436E-B2D8-9A3015362E00}
2012-06-04 16:50:30 -------- d-----w- C:\Users\Alex\AppData\Local\{FBAB26A3-3BE9-403B-A4EA-12C1DE9D7283}
2012-06-04 04:50:05 -------- d-----w- C:\Users\Alex\AppData\Local\{7292FDDC-EDA8-4C32-8715-4DBF45E117C6}
2012-06-04 04:49:48 -------- d-----w- C:\Users\Alex\AppData\Local\{A381AE31-5EB8-4C87-BEA0-046010642BE7}
2012-06-03 16:48:21 -------- d-----w- C:\Users\Alex\AppData\Local\{7A406126-A1A1-4EAC-8005-F2CD57B054D2}
2012-06-03 16:48:10 -------- d-----w- C:\Users\Alex\AppData\Local\{32326D73-4EE9-46F3-83D0-DFCD481A85A6}
2012-06-03 04:47:43 -------- d-----w- C:\Users\Alex\AppData\Local\{3C19231A-AC3C-4E92-BA2B-86ABDD617BD0}
2012-06-03 04:47:21 -------- d-----w- C:\Users\Alex\AppData\Local\{78595C38-8EFB-4A5E-BF26-01A99BEBE471}
2012-06-02 16:24:01 -------- d-----w- C:\Users\Alex\AppData\Local\{C11090F0-1641-43D7-B04E-3FCE84BDB91F}
2012-06-02 16:23:35 -------- d-----w- C:\Users\Alex\AppData\Local\{C1525805-2681-45DC-A4D0-7760BEED3C58}
2012-06-02 05:51:53 -------- d-----w- C:\Program Files (x86)\Ys Origin
2012-06-02 03:36:49 -------- d-----w- C:\Users\Alex\AppData\Local\{590494EB-628B-4340-9985-692775DC01D4}
2012-06-02 03:36:38 -------- d-----w- C:\Users\Alex\AppData\Local\{DD94BFFC-2C0F-483C-9055-589BA42237C9}
2012-06-02 03:36:15 -------- d-----w- C:\Users\Alex\AppData\Local\{193952F9-40C9-4DA2-9274-E1A7C835BFBB}
2012-06-01 14:28:49 -------- d-----w- C:\Users\Alex\AppData\Local\{A52115E7-BFFE-4DB8-807C-2AD045996DD1}
2012-06-01 14:28:38 -------- d-----w- C:\Users\Alex\AppData\Local\{6659AB91-ECE9-43D8-BDDA-5B255AF6B894}
2012-05-31 13:47:03 -------- d-----w- C:\Users\Alex\AppData\Local\{6F7E366B-A4E1-44AB-85B3-397D905FAE66}
2012-05-31 13:46:53 -------- d-----w- C:\Users\Alex\AppData\Local\{56710635-3BFC-4097-8D91-D4E1BBC243EF}
2012-05-31 13:46:42 -------- d-----w- C:\Users\Alex\AppData\Local\{CD946FEA-76AE-402A-9A6D-29C143153024}
2012-05-31 13:46:21 -------- d-----w- C:\Users\Alex\AppData\Local\{322C5402-6090-487F-ADFC-56912652803C}
2012-05-30 12:51:43 -------- d-----w- C:\Users\Alex\AppData\Local\{7E545F62-417B-480E-86C5-BC3CC011905E}
2012-05-30 12:51:33 -------- d-----w- C:\Users\Alex\AppData\Local\{B7FACDA6-02F2-4BA9-81C1-DA4A5D325293}
2012-05-30 12:51:23 -------- d-----w- C:\Users\Alex\AppData\Local\{E1B4ACC4-F2C1-4D99-845C-246727C5D9B0}
2012-05-30 12:51:02 -------- d-----w- C:\Users\Alex\AppData\Local\{89AB4740-9230-4303-A756-1EE95E9DBD91}
2012-05-29 11:59:57 178176 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-05-29 11:41:13 -------- d-----w- C:\Users\Alex\AppData\Local\{6AB87F77-0389-4AED-ADE7-E83E364CB573}
2012-05-29 11:41:03 -------- d-----w- C:\Users\Alex\AppData\Local\{EAB9AAA2-8638-437A-B529-BB31A5332C62}
2012-05-29 11:40:53 -------- d-----w- C:\Users\Alex\AppData\Local\{42A1D47C-6A03-4F73-B2DF-162B784407E9}
2012-05-29 11:40:43 -------- d-----w- C:\Users\Alex\AppData\Local\{4C55A09B-58EF-4348-99B8-A118D2A782EB}
2012-05-28 14:15:05 -------- d-----w- C:\Users\Alex\AppData\Local\{03923BB2-3A58-4D2A-969A-20855668C7E3}
2012-05-28 14:14:55 -------- d-----w- C:\Users\Alex\AppData\Local\{468BB4E2-1D65-42CF-AEAE-610BB806CDF9}
2012-05-28 14:14:33 -------- d-----w- C:\Users\Alex\AppData\Local\{6DA35DBF-8D55-4688-A5D6-8CD1F640795E}
2012-05-27 13:52:16 -------- d-----w- C:\Users\Alex\AppData\Local\{FC4EA4B7-0775-49BC-9775-D79C36B5BA37}
2012-05-27 13:51:55 -------- d-----w- C:\Users\Alex\AppData\Local\{957E6393-659B-478E-A842-0B787CF34FE3}
2012-05-26 13:13:46 -------- d-----w- C:\Users\Alex\AppData\Local\{233281BD-110C-45AB-ABED-511F29E97768}
2012-05-26 13:13:36 -------- d-----w- C:\Users\Alex\AppData\Local\{B76F3E75-D914-410F-96F7-0477D37002F6}
2012-05-26 13:13:26 -------- d-----w- C:\Users\Alex\AppData\Local\{A01A1FBF-22A4-4B95-A505-6B9043EEA852}
2012-05-25 08:39:59 -------- d-----w- C:\Users\Alex\AppData\Local\{FD290077-BD24-43F1-9883-15A3C1756570}
2012-05-25 08:39:37 -------- d-----w- C:\Users\Alex\AppData\Local\{054FB6F2-6DA8-41DF-91C4-B491335572F1}
2012-05-24 13:34:19 -------- d-----w- C:\Users\Alex\AppData\Local\{6B1755B0-E026-4CF7-84D8-447C8BB2F710}
2012-05-24 13:34:10 -------- d-----w- C:\Users\Alex\AppData\Local\{05586DF3-1EEB-4DE5-B5D1-C06BE2717926}
2012-05-24 13:33:47 -------- d-----w- C:\Users\Alex\AppData\Local\{5ACD6926-0B24-4A42-9CB6-F2AB43FDF5EE}
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-11 00:41:34 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-11 00:41:34 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-11 00:40:06 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-11 00:40:06 687560 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-08 14:40:36 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-04-08 14:39:26 48128 ----a-w- C:\Windows\SysWow64\ff_acm.acm
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
1601-01-01 00:00:00 0 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:15:36.13 ===============


Quote:


ComboFix 12-06-21.03 - Alex 23/06/2012 10:43:28.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4061.2902 [GMT 10:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Alex\AppData\Local\{226665ff-17f4-becc-6403-1e07e0bffa81}
c:\users\Alex\AppData\Local\{226665ff-17f4-becc-6403-1e07e0bffa81}\@
c:\users\Alex\AppData\Local\{226665ff-17f4-becc-6403-1e07e0bffa81}\n
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\@
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\n
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\U\00000001.@
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\U\80000000.@
c:\windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\U\800000cb.@
c:\windows\jestertb.dll
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\tmp80F6.tmp
c:\windows\SysWow64\tmp8107.tmp
c:\windows\SysWow64\tmpFDC5.tmp
c:\windows\SysWow64\tmpFDC6.tmp
c:\users\Alex\0i763f66bz.exe . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 00:54 . 2012-06-23 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 22:43 . 2012-06-22 22:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 22:39 . 2012-06-22 22:39 40960 ----a-w- c:\users\Alex\0i763f66bz.exe
2012-06-22 15:40 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C9E42F9-8BD2-48C6-A492-AE7F3B21A2A4}\mpengine.dll
2012-06-21 13:17 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-18 13:48 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-18 13:48 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-18 13:48 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-18 13:48 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-18 13:48 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-18 13:48 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-18 13:48 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-18 13:48 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-18 13:48 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 16:32 . 2012-06-14 16:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 16:32 . 2012-06-14 16:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 14:03 . 2012-02-15 01:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE5A39D0-E803-434B-9394-C64E3B29A576}\gapaengine.dll
2012-06-11 13:03 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-11 13:03 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 16:08 . 2012-06-09 16:08 -------- d-----w- c:\users\Alex\AppData\Local\Macromedia
2012-06-02 05:51 . 2012-06-12 12:57 -------- d-----w- c:\program files (x86)\Ys Origin
2012-05-29 11:59 . 2012-05-26 02:36 178176 ----a-w- c:\windows\SysWow64\unrar.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 00:41 . 2012-05-11 00:41 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-11 00:41 . 2011-02-19 11:15 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-11 00:40 . 2012-05-11 00:40 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-11 00:40 . 2010-04-19 14:32 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-08 14:40 . 2009-11-12 03:14 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-04-08 14:39 . 2010-02-14 14:22 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-30 11:35 . 2012-05-10 23:57 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-19 1475584]
"0i763f66bz"="c:\users\Alex\0i763f66bz.exe" [1601-01-01 0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-16 343168]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-7-1 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - 9c9d8fd642aafc5
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-09 3216544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.internode.on.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\3wyrammo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.internode.on.net/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Notify-FastAccess - c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-HijackThis - c:\users\Alex\Desktop\Downloads\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\9c9d8fd642aafc5]
"ImagePath"="\SystemRoot\System32\Drivers\9c9d8fd642aafc5.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3004922134-2840439543-2313920064-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0a,a1,50,19,8b,2c,84,62,38,76,c1,c2,06,9f,9f,50,d8,6b,54,8f,44,45,48,
57,d0,1e,5f,46,07,57,41,e5,3f,69,86,4c,4b,5b,55,14,50,48,b7,31,01,ff,fc,f4,\
"??"=hex:98,47,1a,f1,a9,39,12,d8,c5,b4,78,66,17,05,ef,05
.
[HKEY_USERS\S-1-5-21-3004922134-2840439543-2313920064-1000\Software\SecuROM\License information*]
"datasecu"=hex:b3,2a,bd,8e,ea,d6,cd,46,fa,ab,2d,9d,4f,7b,ed,ae,2d,e3,3a,23,40,
06,ff,70,a1,79,bd,45,e0,f5,5e,59,aa,3a,f5,cf,bc,1a,f0,2c,64,2b,81,0d,12,be,\
"rkeysecu"=hex:83,c6,05,63,65,bf,81,f5,de,05,dc,a8,bd,c0,e4,1e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\05\1e\15\19\08?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-23 11:03:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 01:03
.
Pre-Run: 200,813,277,184 bytes free
Post-Run: 200,740,827,136 bytes free
.
- - End Of File - - B9DA0B887633AEC6A056C8E476FFFECF
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Sat Jun 23, 2012 1:07 am    Post subject: Reply with quote

Looking over your logs, back soon.

DO NOT ATTEMPT TO SELF CLEAN THIS MACHINE.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Sat Jun 23, 2012 1:20 am    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Heiji1412-2

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Your CF log shows you have/had the latest version of the Zero Access rootkit. This infection often causes a great deal of damage to a persons computer, and it's possible that you may have to reformat your hard drive and re-install Windows in order to get a properly functioning machine again. We won't know until we've run a few scans, and I can properly assess the extent of any damage.

First

We need to discover if the infection is still active .....


  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.


Boot your computer into Recovery Environment


  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...





  • Select the Command Prompt option.
  • A command window will open.

    • Type notepad then hit Enter.
    • Notepad will open.

      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.


  • Back in the command window ....

    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.

      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.


  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.


Next

With your computer booted in Normal Mode ....


  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it



  • Click the SCAN button to start the scan.



  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.


Summary of the logs I need from you in your next post:

  • FRST.txt
  • aswMBR.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sat Jun 23, 2012 5:13 am    Post subject: Reply with quote

Okay, I've created a Restore Point. In terms of backups, I created one about a week ago, computer is barely used since then, I won't bother creating another one.

In terms of the aswMBR scan, you didn't mention it in your instructions, but the program asked if I wanted to download updated definitions before scanning (which I did), and I've only done a quick scan, I think the screenshot you were using is an older version.


Scan result of Farbar Recovery Scan Tool Version: 23-06-2012
Ran by SYSTEM at 23-06-2012 21:56:39
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)
HKU\Alex\...\Run: [0i763f66bz] C:\Users\Alex\0i763f66bz.exe [40960 2012-06-22] (SmoothCandle)
HKU\Alex\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-12] (Malwarebytes Corporation)
3 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-03-16] ()
4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================== Drivers (Whitelisted) =============

0 9c9d8fd642aafc5; C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys [74184 2012-06-22] ()
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-05-10] ()
3 ITECIRfilter; C:\Windows\System32\Drivers\ITECIRfilter.sys [28264 2011-03-21] (ITE Tech. Inc. )
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-01-06] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-09] (Malwarebytes Corporation)
2 SecDrv; C:\Windows\SysWow64\Drivers\SecDrv.sys [12400 2010-01-25] (Macrovision Europe Ltd)
2 tandpl; C:\Windows\SysWow64\Drivers\tandpl.sys [4736 2003-04-18] ()
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 FileDisk; [x]
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]
3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-23 03:52 - 2012-06-23 03:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{5C7B0BEC-EF29-4716-AED9-FAB7612DBF37}
2012-06-22 21:08 - 2012-06-22 21:08 - 00000000 ____D C:\Users\Alex\AppData\Local\{D72E5C0E-FDBD-4C27-A7A7-384BCA6153B1}
2012-06-22 17:18 - 2012-06-22 17:18 - 00013635 ____A C:\Users\Alex\Desktop\Attach.txt
2012-06-22 17:17 - 2012-06-22 17:17 - 00027408 ____A C:\Users\Alex\Desktop\DDS.txt
2012-06-22 17:03 - 2012-06-22 17:03 - 00014113 ____A C:\ComboFix.txt
2012-06-22 16:41 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-22 16:41 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-22 16:41 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-22 16:33 - 2012-06-22 17:03 - 00000000 ____D C:\Qoobox
2012-06-22 16:33 - 2012-06-22 17:01 - 00000000 ____D C:\Windows\erdnt
2012-06-22 15:57 - 2012-06-22 15:56 - 04565264 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2012-06-22 15:17 - 2012-04-25 05:34 - 12621696 ____A (Microsoft Corporation) C:\Users\Alex\Desktop\mseinstall.exe
2012-06-22 15:05 - 2012-06-22 15:05 - 00074184 ____A C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys
2012-06-22 14:43 - 2012-06-22 14:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-22 14:39 - 2012-06-22 14:39 - 00040960 ____A (SmoothCandle) C:\Users\Alex\0i763f66bz.exe
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{A0D899AF-E8E2-4A62-9CFE-881E46BC306B}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{8FC45670-8F69-4DB8-819B-E3A58EA1FA27}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{0C1F844E-E978-4AB0-9036-C05F06F4BD4B}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{BAC873E0-A73A-49A1-A7BC-7FAAFAF0D43C}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{8ADDD94E-A162-4642-8A83-69DB320651D7}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{4A1C36AD-8DF2-4F03-B91E-10F8EC2CA72C}
2012-06-21 05:06 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{F56A780C-D164-4E4E-AA3E-05AFB558DB64}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{879B0050-1F2A-4CF8-B89E-C0DCB61CE654}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{53A962BB-EF1D-4468-8288-D651269BD39E}
2012-06-20 04:52 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{9BBA2E20-3A2E-43EA-868C-7F77577B3D10}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{E470165A-A874-4E51-9D17-535C3D7ACF8F}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{D6FE123F-ECC7-45F2-937C-46727D8FBE03}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{234F08A9-3CC8-4903-894A-D50D335758FF}
2012-06-19 04:16 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D7FCF3-E555-4C24-ADA6-28F05CDC50E0}
2012-06-18 05:49 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-18 05:49 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-18 05:49 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-18 05:49 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-18 05:49 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-18 05:49 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-18 05:49 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-18 05:49 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-18 05:49 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-18 05:49 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-18 05:49 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-18 05:49 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-18 05:49 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-18 05:49 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-18 05:49 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-18 05:49 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-18 05:49 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-18 05:49 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-18 05:49 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-18 05:49 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-18 05:49 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-18 05:49 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-18 05:49 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-18 05:49 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-18 05:49 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-18 05:49 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-18 05:49 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-18 05:49 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-18 05:49 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-18 05:49 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-18 05:49 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-18 05:49 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-18 05:49 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-18 05:49 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-18 05:49 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-18 05:49 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-18 05:49 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-18 05:49 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-18 05:49 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-18 05:48 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-18 05:48 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-18 05:48 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-18 05:48 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-18 05:48 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-18 05:48 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-18 05:48 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-18 05:48 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-18 05:48 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-18 04:58 - 2012-06-18 04:59 - 00000000 ____D C:\Users\Alex\AppData\Local\{8279EFDA-71AE-4EF3-8F84-0BF880AAFEDA}
2012-06-17 04:47 - 2012-06-17 04:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{014F84BE-0735-4B4A-A6E4-A74A0B5E9506}
2012-06-16 05:00 - 2012-06-16 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{F8CD2A2D-711F-406F-B065-62EAEFDA79EB}
2012-06-15 06:37 - 2012-06-15 06:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{18669B4F-8D2E-4198-B41E-2DDA312FA7C1}
2012-06-14 08:41 - 2012-06-14 08:41 - 00000981 ____A C:\Users\Public\Desktop\WinRAR.lnk
2012-06-14 08:32 - 2012-06-14 08:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-14 08:32 - 2012-06-14 08:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{B967434D-DA8D-4A51-9EF7-1CB9BBFFFEC0}
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{76653D10-AA56-486A-BE4F-5EE1FCDEBE41}
2012-06-14 05:52 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{01E9455C-5E40-49B4-BD91-5621E0815EE6}
2012-06-14 05:52 - 2012-06-14 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{E674902C-60F6-46B5-A6B5-C94064EFD133}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{D0D0C38B-E369-499B-A02A-218FBF16FE4F}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{AF990DD6-9325-4DAA-B12F-C8FCCBBB2784}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{81A47D29-8B36-4EDF-BD3E-633045B76AC7}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{F3C59AC1-F8B3-476D-8F92-EA7E8FD73759}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{BC4B4985-3826-49C6-BAA9-F5194207F78B}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{65887C09-2BF0-4B63-BCA5-3DBB5AB72365}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{1597D96F-7B3C-436A-A2CB-1274AE8AB207}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{FCBA5B24-603F-4DE8-A75B-00EB24FC528D}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{A10F425F-D531-4C8A-9882-C3E98A855AED}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{68B5A94F-8D12-4370-A416-E874F7A8224E}
2012-06-11 02:55 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{725CCF77-7FC3-4348-A9A0-52031E5F2C0A}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{CBD952B8-177B-4858-8BCD-4DCA311CABCE}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{78DB14C3-8EE2-47D2-8CF2-107339DEA9E1}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{4F872EF3-6E5F-4469-96EF-696761BF44CC}
2012-06-09 08:08 - 2012-06-09 08:08 - 00000000 ____D C:\Users\Alex\AppData\Local\Macromedia
2012-06-09 05:27 - 2012-06-09 05:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{3A9209CF-3259-4AD5-BBD5-D8FA4365CC2B}
2012-06-09 05:26 - 2012-06-09 05:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{A09FDD44-53C5-4644-93AD-6C1A47752048}
2012-06-09 05:26 - 2012-06-09 05:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{F2BBA8F8-B096-46E5-85C8-8553F42BFF2E}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{B1650788-327C-4DC2-AEE0-921876B417E6}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{5A66BEB0-9C77-458E-8423-B78C7743B31A}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1CA3552-A544-4846-9CDF-AEE7B0E0B4BA}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{2EC96905-1E67-4AF4-91F1-7D8C5B6A3CC8}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{02CC7233-EE6E-468E-B6D9-662B1D6A2B2F}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{E2EBB476-7791-4651-B126-0B82DD72D0B9}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D52D74-1DEE-4984-B440-99B015A0DAF2}
2012-06-06 05:12 - 2012-06-06 05:12 - 00000000 ____D C:\Users\Alex\AppData\Local\{D82562A7-AEB6-430B-8C24-DA3ED32D2502}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{B65710EE-85D2-40CE-A5D0-8F89AB649B50}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{496C7355-A162-4873-8236-3DC3DB2B94F2}
2012-06-04 08:50 - 2012-06-04 08:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{1C6060EB-FFE6-436E-B2D8-9A3015362E00}
2012-06-04 08:50 - 2012-06-04 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{FBAB26A3-3BE9-403B-A4EA-12C1DE9D7283}
2012-06-03 20:50 - 2012-06-03 20:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{7292FDDC-EDA8-4C32-8715-4DBF45E117C6}
2012-06-03 20:49 - 2012-06-03 20:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{A381AE31-5EB8-4C87-BEA0-046010642BE7}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{7A406126-A1A1-4EAC-8005-F2CD57B054D2}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{32326D73-4EE9-46F3-83D0-DFCD481A85A6}
2012-06-02 22:36 - 2012-06-07 05:42 - 00001775 ____A C:\Users\Alex\Desktop\Play Max Payne 3.lnk
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{78595C38-8EFB-4A5E-BF26-01A99BEBE471}
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{3C19231A-AC3C-4E92-BA2B-86ABDD617BD0}
2012-06-02 08:24 - 2012-06-02 08:24 - 00000000 ____D C:\Users\Alex\AppData\Local\{C11090F0-1641-43D7-B04E-3FCE84BDB91F}
2012-06-02 08:23 - 2012-06-02 08:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{C1525805-2681-45DC-A4D0-7760BEED3C58}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{DD94BFFC-2C0F-483C-9055-589BA42237C9}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{590494EB-628B-4340-9985-692775DC01D4}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{193952F9-40C9-4DA2-9274-E1A7C835BFBB}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{A52115E7-BFFE-4DB8-807C-2AD045996DD1}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{6659AB91-ECE9-43D8-BDDA-5B255AF6B894}
2012-05-31 05:47 - 2012-05-31 05:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{6F7E366B-A4E1-44AB-85B3-397D905FAE66}
2012-05-31 05:46 - 2012-05-31 05:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{56710635-3BFC-4097-8D91-D4E1BBC243EF}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{CD946FEA-76AE-402A-9A6D-29C143153024}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{322C5402-6090-487F-ADFC-56912652803C}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1B4ACC4-F2C1-4D99-845C-246727C5D9B0}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{B7FACDA6-02F2-4BA9-81C1-DA4A5D325293}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{89AB4740-9230-4303-A756-1EE95E9DBD91}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{7E545F62-417B-480E-86C5-BC3CC011905E}
2012-05-29 03:59 - 2012-05-29 03:59 - 00001965 ____A C:\Users\Public\Desktop\MPC-HC.lnk
2012-05-29 03:59 - 2012-05-25 18:36 - 00178176 ____A C:\Windows\SysWOW64\unrar.dll
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{EAB9AAA2-8638-437A-B529-BB31A5332C62}
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{6AB87F77-0389-4AED-ADE7-E83E364CB573}
2012-05-29 03:40 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{42A1D47C-6A03-4F73-B2DF-162B784407E9}
2012-05-29 03:40 - 2012-05-29 03:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{4C55A09B-58EF-4348-99B8-A118D2A782EB}
2012-05-28 06:15 - 2012-05-28 06:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{03923BB2-3A58-4D2A-969A-20855668C7E3}
2012-05-28 06:14 - 2012-05-28 06:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{468BB4E2-1D65-42CF-AEAE-610BB806CDF9}
2012-05-28 06:14 - 2012-05-28 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{6DA35DBF-8D55-4688-A5D6-8CD1F640795E}
2012-05-27 05:52 - 2012-05-27 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{FC4EA4B7-0775-49BC-9775-D79C36B5BA37}
2012-05-27 05:51 - 2012-05-27 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{957E6393-659B-478E-A842-0B787CF34FE3}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{B76F3E75-D914-410F-96F7-0477D37002F6}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{A01A1FBF-22A4-4B95-A505-6B9043EEA852}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{233281BD-110C-45AB-ABED-511F29E97768}
2012-05-25 00:39 - 2012-05-25 00:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{FD290077-BD24-43F1-9883-15A3C1756570}
2012-05-25 00:39 - 2012-05-25 00:39 - 00000000 ____D C:\Users\Alex\AppData\Local\{054FB6F2-6DA8-41DF-91C4-B491335572F1}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{6B1755B0-E026-4CF7-84D8-447C8BB2F710}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{05586DF3-1EEB-4DE5-B5D1-C06BE2717926}
2012-05-24 05:33 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{5ACD6926-0B24-4A42-9CB6-F2AB43FDF5EE}


============ 3 Months Modified Files and Folders =============

2012-06-23 21:57 - 2012-06-23 21:56 - 00000000 ____D C:\FRST
2012-06-23 03:52 - 2012-06-23 03:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{5C7B0BEC-EF29-4716-AED9-FAB7612DBF37}
2012-06-23 03:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-23 03:51 - 2009-07-13 20:51 - 00142744 ____A C:\Windows\setupact.log
2012-06-23 03:42 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-23 03:42 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-23 03:41 - 2009-07-13 21:10 - 01413208 ____A C:\Windows\WindowsUpdate.log
2012-06-23 03:39 - 2009-07-13 21:13 - 00782702 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-22 21:08 - 2012-06-22 21:08 - 00000000 ____D C:\Users\Alex\AppData\Local\{D72E5C0E-FDBD-4C27-A7A7-384BCA6153B1}
2012-06-22 17:18 - 2012-06-22 17:18 - 00013635 ____A C:\Users\Alex\Desktop\Attach.txt
2012-06-22 17:17 - 2012-06-22 17:17 - 00027408 ____A C:\Users\Alex\Desktop\DDS.txt
2012-06-22 17:03 - 2012-06-22 17:03 - 00014113 ____A C:\ComboFix.txt
2012-06-22 17:03 - 2012-06-22 16:33 - 00000000 ____D C:\Qoobox
2012-06-22 17:03 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-22 17:01 - 2012-06-22 16:33 - 00000000 ____D C:\Windows\erdnt
2012-06-22 16:57 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-22 16:56 - 2009-11-02 00:37 - 01968322 ____A C:\Windows\PFRO.log
2012-06-22 15:56 - 2012-06-22 15:57 - 04565264 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2012-06-22 15:22 - 2010-12-18 14:20 - 00002198 ____A C:\Windows\epplauncher.mif
2012-06-22 15:05 - 2012-06-22 15:05 - 00074184 ____A C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys
2012-06-22 14:51 - 2009-10-09 03:53 - 00000000 ____D C:\Users\Alex\AppData\Roaming\foobar2000
2012-06-22 14:49 - 2006-02-15 16:17 - 00000000 ____D C:\Users\Alex\Documents\PICS
2012-06-22 14:43 - 2012-06-22 14:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-22 14:39 - 2012-06-22 14:39 - 00040960 ____A (SmoothCandle) C:\Users\Alex\0i763f66bz.exe
2012-06-22 14:39 - 2009-11-10 19:20 - 00000000 ____D C:\users\Alex
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{A0D899AF-E8E2-4A62-9CFE-881E46BC306B}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{8FC45670-8F69-4DB8-819B-E3A58EA1FA27}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{0C1F844E-E978-4AB0-9036-C05F06F4BD4B}
2012-06-22 07:54 - 2010-10-02 18:08 - 00000000 ____D C:\Users\Alex\AppData\Local\Windows Live
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{BAC873E0-A73A-49A1-A7BC-7FAAFAF0D43C}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{8ADDD94E-A162-4642-8A83-69DB320651D7}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{4A1C36AD-8DF2-4F03-B91E-10F8EC2CA72C}
2012-06-21 05:07 - 2012-06-21 05:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{F56A780C-D164-4E4E-AA3E-05AFB558DB64}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{879B0050-1F2A-4CF8-B89E-C0DCB61CE654}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{53A962BB-EF1D-4468-8288-D651269BD39E}
2012-06-20 04:53 - 2012-06-20 04:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{9BBA2E20-3A2E-43EA-868C-7F77577B3D10}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{E470165A-A874-4E51-9D17-535C3D7ACF8F}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{D6FE123F-ECC7-45F2-937C-46727D8FBE03}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{234F08A9-3CC8-4903-894A-D50D335758FF}
2012-06-19 04:17 - 2012-06-19 04:16 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D7FCF3-E555-4C24-ADA6-28F05CDC50E0}
2012-06-18 06:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-18 06:06 - 2009-07-13 20:45 - 00426096 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-18 06:05 - 2012-04-25 08:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 06:05 - 2009-11-10 22:35 - 00000000 ____D C:\Program Files\WinRAR
2012-06-18 06:02 - 2009-11-10 23:29 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-18 05:56 - 2009-11-10 23:16 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-18 04:59 - 2012-06-18 04:58 - 00000000 ____D C:\Users\Alex\AppData\Local\{8279EFDA-71AE-4EF3-8F84-0BF880AAFEDA}
2012-06-17 04:47 - 2012-06-17 04:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{014F84BE-0735-4B4A-A6E4-A74A0B5E9506}
2012-06-16 06:16 - 2011-08-16 08:22 - 00001055 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-16 06:16 - 2010-01-19 06:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-16 05:00 - 2012-06-16 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{F8CD2A2D-711F-406F-B065-62EAEFDA79EB}
2012-06-15 06:37 - 2012-06-15 06:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{18669B4F-8D2E-4198-B41E-2DDA312FA7C1}
2012-06-14 08:41 - 2012-06-14 08:41 - 00000981 ____A C:\Users\Public\Desktop\WinRAR.lnk
2012-06-14 08:32 - 2012-06-14 08:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-14 08:32 - 2012-06-14 08:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{B967434D-DA8D-4A51-9EF7-1CB9BBFFFEC0}
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{76653D10-AA56-486A-BE4F-5EE1FCDEBE41}
2012-06-14 05:53 - 2012-06-14 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{01E9455C-5E40-49B4-BD91-5621E0815EE6}
2012-06-14 05:52 - 2012-06-14 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{E674902C-60F6-46B5-A6B5-C94064EFD133}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{D0D0C38B-E369-499B-A02A-218FBF16FE4F}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{AF990DD6-9325-4DAA-B12F-C8FCCBBB2784}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{81A47D29-8B36-4EDF-BD3E-633045B76AC7}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{F3C59AC1-F8B3-476D-8F92-EA7E8FD73759}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{BC4B4985-3826-49C6-BAA9-F5194207F78B}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{65887C09-2BF0-4B63-BCA5-3DBB5AB72365}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{1597D96F-7B3C-436A-A2CB-1274AE8AB207}
2012-06-11 04:34 - 2011-12-02 07:10 - 00000000 ____D C:\Program Files (x86)\Batman Arkham City
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{FCBA5B24-603F-4DE8-A75B-00EB24FC528D}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{A10F425F-D531-4C8A-9882-C3E98A855AED}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{68B5A94F-8D12-4370-A416-E874F7A8224E}
2012-06-11 02:56 - 2012-06-11 02:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{725CCF77-7FC3-4348-A9A0-52031E5F2C0A}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{CBD952B8-177B-4858-8BCD-4DCA311CABCE}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{78DB14C3-8EE2-47D2-8CF2-107339DEA9E1}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{4F872EF3-6E5F-4469-96EF-696761BF44CC}
2012-06-09 08:08 - 2012-06-09 08:08 - 00000000 ____D C:\Users\Alex\AppData\Local\Macromedia
2012-06-09 05:27 - 2012-06-09 05:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{3A9209CF-3259-4AD5-BBD5-D8FA4365CC2B}
2012-06-09 05:27 - 2012-06-09 05:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{A09FDD44-53C5-4644-93AD-6C1A47752048}
2012-06-09 05:26 - 2012-06-09 05:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{F2BBA8F8-B096-46E5-85C8-8553F42BFF2E}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{B1650788-327C-4DC2-AEE0-921876B417E6}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{5A66BEB0-9C77-458E-8423-B78C7743B31A}
2012-06-07 05:42 - 2012-06-02 22:36 - 00001775 ____A C:\Users\Alex\Desktop\Play Max Payne 3.lnk
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1CA3552-A544-4846-9CDF-AEE7B0E0B4BA}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{2EC96905-1E67-4AF4-91F1-7D8C5B6A3CC8}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{02CC7233-EE6E-468E-B6D9-662B1D6A2B2F}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{E2EBB476-7791-4651-B126-0B82DD72D0B9}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D52D74-1DEE-4984-B440-99B015A0DAF2}
2012-06-06 05:12 - 2012-06-06 05:12 - 00000000 ____D C:\Users\Alex\AppData\Local\{D82562A7-AEB6-430B-8C24-DA3ED32D2502}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{B65710EE-85D2-40CE-A5D0-8F89AB649B50}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{496C7355-A162-4873-8236-3DC3DB2B94F2}
2012-06-04 08:51 - 2012-06-04 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{1C6060EB-FFE6-436E-B2D8-9A3015362E00}
2012-06-04 08:50 - 2012-06-04 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{FBAB26A3-3BE9-403B-A4EA-12C1DE9D7283}
2012-06-03 21:30 - 2006-02-27 20:58 - 00000000 ____D C:\Users\Alex\Documents\Misc
2012-06-03 21:27 - 2010-05-16 01:31 - 00000000 ____D C:\Users\Alex\AppData\Local\Paint.NET
2012-06-03 20:50 - 2012-06-03 20:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{7292FDDC-EDA8-4C32-8715-4DBF45E117C6}
2012-06-03 20:50 - 2012-06-03 20:49 - 00000000 ____D C:\Users\Alex\AppData\Local\{A381AE31-5EB8-4C87-BEA0-046010642BE7}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{7A406126-A1A1-4EAC-8005-F2CD57B054D2}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{32326D73-4EE9-46F3-83D0-DFCD481A85A6}
2012-06-02 22:36 - 2010-02-18 15:23 - 00000000 ____D C:\Users\Alex\Documents\Rockstar Games
2012-06-02 22:11 - 2010-02-18 14:55 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-02 22:10 - 2009-11-01 23:02 - 00274280 ____A C:\Windows\DirectX.log
2012-06-02 21:30 - 2011-11-26 16:53 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-02 21:30 - 2009-11-01 22:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{78595C38-8EFB-4A5E-BF26-01A99BEBE471}
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{3C19231A-AC3C-4E92-BA2B-86ABDD617BD0}
2012-06-02 08:24 - 2012-06-02 08:24 - 00000000 ____D C:\Users\Alex\AppData\Local\{C11090F0-1641-43D7-B04E-3FCE84BDB91F}
2012-06-02 08:23 - 2012-06-02 08:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{C1525805-2681-45DC-A4D0-7760BEED3C58}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{DD94BFFC-2C0F-483C-9055-589BA42237C9}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{590494EB-628B-4340-9985-692775DC01D4}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{193952F9-40C9-4DA2-9274-E1A7C835BFBB}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{A52115E7-BFFE-4DB8-807C-2AD045996DD1}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{6659AB91-ECE9-43D8-BDDA-5B255AF6B894}
2012-05-31 05:47 - 2012-05-31 05:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{6F7E366B-A4E1-44AB-85B3-397D905FAE66}
2012-05-31 05:47 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{56710635-3BFC-4097-8D91-D4E1BBC243EF}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{CD946FEA-76AE-402A-9A6D-29C143153024}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{322C5402-6090-487F-ADFC-56912652803C}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1B4ACC4-F2C1-4D99-845C-246727C5D9B0}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{B7FACDA6-02F2-4BA9-81C1-DA4A5D325293}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{89AB4740-9230-4303-A756-1EE95E9DBD91}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{7E545F62-417B-480E-86C5-BC3CC011905E}
2012-05-29 05:22 - 2009-11-11 19:14 - 00000000 ____D C:\Program Files (x86)\ffdshow
2012-05-29 04:01 - 2010-12-03 17:36 - 00000000 ____D C:\Program Files\CCleaner
2012-05-29 04:01 - 2009-11-11 07:12 - 00000000 ____D C:\Program Files (x86)\MPC HomeCinema
2012-05-29 04:00 - 2010-01-05 15:28 - 00000000 ____D C:\Program Files\Defraggler
2012-05-29 03:59 - 2012-05-29 03:59 - 00001965 ____A C:\Users\Public\Desktop\MPC-HC.lnk
2012-05-29 03:59 - 2009-11-10 22:00 - 00001037 ____A C:\Users\Public\Desktop\foobar2000.lnk
2012-05-29 03:59 - 2009-11-10 22:00 - 00000000 ____D C:\Program Files (x86)\foobar2000
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{EAB9AAA2-8638-437A-B529-BB31A5332C62}
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{6AB87F77-0389-4AED-ADE7-E83E364CB573}
2012-05-29 03:41 - 2012-05-29 03:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{42A1D47C-6A03-4F73-B2DF-162B784407E9}
2012-05-29 03:40 - 2012-05-29 03:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{4C55A09B-58EF-4348-99B8-A118D2A782EB}
2012-05-28 06:15 - 2012-05-28 06:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{03923BB2-3A58-4D2A-969A-20855668C7E3}
2012-05-28 06:15 - 2012-05-28 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{468BB4E2-1D65-42CF-AEAE-610BB806CDF9}
2012-05-28 06:14 - 2012-05-28 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{6DA35DBF-8D55-4688-A5D6-8CD1F640795E}
2012-05-27 05:52 - 2012-05-27 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{FC4EA4B7-0775-49BC-9775-D79C36B5BA37}
2012-05-27 05:52 - 2012-05-27 05:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{957E6393-659B-478E-A842-0B787CF34FE3}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{B76F3E75-D914-410F-96F7-0477D37002F6}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{A01A1FBF-22A4-4B95-A505-6B9043EEA852}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{233281BD-110C-45AB-ABED-511F29E97768}
2012-05-25 18:36 - 2012-05-29 03:59 - 00178176 ____A C:\Windows\SysWOW64\unrar.dll
2012-05-25 00:40 - 2012-05-25 00:39 - 00000000 ____D C:\Users\Alex\AppData\Local\{FD290077-BD24-43F1-9883-15A3C1756570}
2012-05-25 00:39 - 2012-05-25 00:39 - 00000000 ____D C:\Users\Alex\AppData\Local\{054FB6F2-6DA8-41DF-91C4-B491335572F1}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{6B1755B0-E026-4CF7-84D8-447C8BB2F710}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{05586DF3-1EEB-4DE5-B5D1-C06BE2717926}
2012-05-24 05:34 - 2012-05-24 05:33 - 00000000 ____D C:\Users\Alex\AppData\Local\{5ACD6926-0B24-4A42-9CB6-F2AB43FDF5EE}
2012-05-23 03:26 - 2012-02-18 01:36 - 00000000 ____D C:\Users\Alex\Documents\Remedy
2012-05-23 02:38 - 2012-05-23 02:38 - 00002316 ____A C:\Users\Public\Desktop\Alan Wake American Nightmare.lnk
2012-05-23 02:37 - 2012-05-23 02:37 - 00000000 ____D C:\Program Files (x86)\GOG.com
2012-05-22 23:14 - 2012-05-22 23:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{8A656D2E-9F8B-4315-9587-42FF7EB258BA}
2012-05-22 23:14 - 2012-05-22 23:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{49986726-83A9-4C40-8627-89A607ACFB4A}
2012-05-22 23:14 - 2012-05-22 23:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{2D7C5603-B8C0-4510-9C0B-228F00B27A19}
2012-05-22 23:14 - 2012-05-22 23:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{60351E4E-1747-4568-B4F2-BF74B13BC918}
2012-05-21 21:06 - 2012-05-21 21:05 - 00000000 ____D C:\Users\Alex\AppData\Local\{F007DA36-7E90-4E6C-9544-135FB04E5366}
2012-05-21 21:05 - 2012-05-21 21:05 - 00000000 ____D C:\Users\Alex\AppData\Local\{03166E31-8C2B-437F-918B-6D8578C2C194}
2012-05-21 05:00 - 2012-05-21 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{B9EA6387-BE40-4AA4-8A26-82CBB0D90022}
2012-05-21 05:00 - 2012-05-21 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{AC7467BE-2B7E-448D-B8E8-A83F5E2D1114}
2012-05-21 05:00 - 2012-05-21 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{00BED32A-5D44-4FD2-8FD4-34C9CBC08FE9}
2012-05-20 04:53 - 2012-05-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{7CA76B31-4775-44A3-B668-C089B7097586}
2012-05-20 04:53 - 2012-05-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{02A12077-FD3C-4D0E-9F9F-E6C1DA696C9C}
2012-05-19 04:08 - 2012-05-19 04:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{20F150D6-06EA-48F4-88B4-B9F424403593}
2012-05-19 04:07 - 2012-05-19 04:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{6129601B-DBC7-4D5B-9F17-C9530F2E8B18}
2012-05-18 03:36 - 2012-05-18 03:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{F4A8FEC8-4FE0-436E-BAE7-B0031197BE55}
2012-05-18 03:36 - 2012-05-18 03:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{E30A430B-D3ED-42F4-A824-4A795B9127F0}
2012-05-18 03:36 - 2012-05-18 03:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{C7500938-A994-4D1D-A04D-CA2169F92FAD}
2012-05-18 03:36 - 2012-05-18 03:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{D87E3FE9-F688-4FA1-806B-8A55C6AE3D96}
2012-05-17 18:47 - 2012-06-18 05:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-18 05:49 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-18 05:49 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-18 05:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-18 05:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-18 05:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-18 05:49 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-18 05:49 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-18 05:49 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-18 05:49 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-18 05:49 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-18 05:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-18 05:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-18 05:49 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-18 05:49 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-18 05:49 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-18 05:49 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-18 05:49 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-18 05:49 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-18 05:49 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-18 05:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-18 05:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-18 05:49 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-18 05:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-18 05:49 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-18 05:49 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-18 05:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-18 05:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 06:15 - 2012-05-17 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{5292F215-BC81-47CC-A480-C194A16F0B50}
2012-05-17 06:14 - 2012-05-17 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{C93B57C3-32CA-47B7-A053-80E844722621}
2012-05-17 06:14 - 2012-05-17 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{43E89ED5-CDB1-40C2-8F7E-CD9B8B901D9E}
2012-05-16 04:35 - 2012-05-16 04:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{CA938D4F-8842-480A-9BED-A802D99F4FDA}
2012-05-16 04:35 - 2012-05-16 04:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{3D044AE4-C898-419E-AFD2-34B79A0151BA}
2012-05-16 04:35 - 2012-05-16 04:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{3B7597DB-C640-4962-BC98-E71B25837B32}
2012-05-15 01:15 - 2012-05-15 01:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{F4172441-40C5-4CA9-93F6-CAFF84ABD277}
2012-05-15 01:15 - 2012-05-15 01:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{D3614314-B9F1-4C3E-A591-1625443CBFDF}
2012-05-15 01:14 - 2012-05-15 01:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{A555DB39-7E69-46DD-966C-116E6C6FC705}
2012-05-14 17:32 - 2012-06-18 05:48 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 06:23 - 2012-05-14 06:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{F02A6F16-11D7-4426-A1B3-209DC5C41601}
2012-05-14 06:23 - 2012-05-14 06:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{2A9D9A50-FBE6-4DA8-8BE5-38AFDD16C7CA}
2012-05-13 05:23 - 2012-05-13 05:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{D1CE1E2B-B362-4273-99A0-027AD042A0DF}
2012-05-13 05:23 - 2012-05-13 05:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{4893BD28-A052-46A4-BCA6-C90B955B50E4}
2012-05-12 05:29 - 2012-05-12 05:29 - 00000000 ____D C:\Users\Alex\AppData\Local\{901326C0-1DD8-4FFC-B4FD-9870C7EE6475}
2012-05-12 05:29 - 2012-05-12 05:29 - 00000000 ____D C:\Users\Alex\AppData\Local\{3F841FC9-33F8-424B-A1AA-07DEEE2E99A9}
2012-05-12 05:29 - 2012-05-12 05:29 - 00000000 ____D C:\Users\Alex\AppData\Local\{37A1F559-5948-487A-9B59-B50A8C614850}
2012-05-10 22:38 - 2012-05-10 22:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{67C3427C-A063-4CF3-BB0E-F34451137460}
2012-05-10 22:38 - 2012-05-10 22:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{1B42FF9F-3A8C-415B-8587-BA108DF79B13}
2012-05-10 16:41 - 2012-05-10 16:41 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-10 16:41 - 2012-05-10 16:41 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-10 16:41 - 2012-05-10 16:41 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-10 16:41 - 2012-05-10 16:41 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-10 16:41 - 2012-05-10 16:41 - 00000000 ____D C:\Program Files\Java
2012-05-10 16:41 - 2011-02-19 03:15 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-10 16:40 - 2012-05-10 16:40 - 00772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-10 16:40 - 2012-05-10 16:40 - 00227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-10 16:40 - 2012-05-10 16:40 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-10 16:40 - 2012-05-10 16:40 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-10 16:40 - 2010-04-19 06:32 - 00687560 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-10 16:40 - 2010-04-19 06:32 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-10 16:25 - 2012-02-14 18:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-10 16:25 - 2012-02-14 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 16:00 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 10:37 - 2012-05-10 10:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{EA53BE2F-5425-4C57-8E5D-830973BA7666}
2012-05-10 10:37 - 2012-05-10 10:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{C2A288E0-E9F7-40E6-9852-2A626A76FAF8}
2012-05-10 10:37 - 2012-05-10 10:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{D7BB1309-82BF-464E-A68E-513E8768CB3E}
2012-05-10 10:36 - 2012-05-10 10:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{6C6761D1-D944-4AE6-9AB0-E5C5DC0D5B9E}
2012-05-08 22:28 - 2012-05-08 22:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{10853024-98FF-48A3-9B46-E5A0AAB6A8D1}
2012-05-08 22:28 - 2012-05-08 22:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{007F2295-305F-4860-9F5D-13BF626B4C50}
2012-05-08 22:27 - 2012-05-08 22:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{39360136-C244-4889-A93B-10E77D43FCA1}
2012-05-08 04:54 - 2012-05-08 04:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{7AD3F7D8-7CBD-4A93-8076-B45013D1DF79}
2012-05-08 04:54 - 2012-05-08 04:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{116719AA-A62A-43C4-8022-695C2FDE4710}
2012-05-07 05:26 - 2012-05-07 05:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{F8FC7C0A-4BFE-4B68-B719-14DAA0CBBCD5}
2012-05-07 05:26 - 2012-05-07 05:25 - 00000000 ____D C:\Users\Alex\AppData\Local\{B959A083-5CCE-4FD5-9086-5FF7E5E604CC}
2012-05-07 05:25 - 2012-05-07 05:25 - 00000000 ____D C:\Users\Alex\AppData\Local\{7CA64709-0BD8-4A80-8953-F1E2E5A99CCA}
2012-05-06 06:45 - 2012-05-06 06:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{D1CD5CC0-1FCF-4947-868A-911120566BB2}
2012-05-06 06:45 - 2012-05-06 06:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{451320E5-9C30-47FF-89C2-C02239360071}
2012-05-05 06:14 - 2012-05-05 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{2EA8AB97-068C-4D5E-8647-9A8DA85D6DAE}
2012-05-05 06:14 - 2012-05-05 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{0D00308D-F44C-49DD-B2AB-F33E7D5BE832}
2012-05-04 16:46 - 2012-05-04 16:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{B5B2631B-53C1-4A78-AE3B-C710AACA8C4D}
2012-05-04 16:46 - 2012-05-04 16:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{188DC23F-AEDA-4671-B648-46E33F5BA521}
2012-05-04 04:27 - 2012-05-04 04:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{DF82E61B-4D65-4F6A-B60D-4C4C4C1C84BD}
2012-05-04 04:27 - 2012-05-04 04:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{86BDDC27-C8C6-4E5D-98D4-60942740E2CB}
2012-05-04 04:27 - 2012-05-04 04:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{15298085-3B4C-4D21-9DAF-85BBF4A90E2B}
2012-05-04 04:27 - 2012-05-04 04:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{111B1796-C646-4556-9F51-93752E551A5C}
2012-05-04 03:06 - 2012-06-18 05:49 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-18 05:49 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-18 05:49 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-18 05:49 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-18 05:49 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-03 02:27 - 2012-05-03 02:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{E6A8E2AC-30A6-4D87-8BD5-6D238319EA4D}
2012-05-03 02:26 - 2012-05-03 02:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{CC054F1B-0D3D-4F1B-8963-1C96E6F81BF5}
2012-05-03 02:26 - 2012-05-03 02:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{76B4FC8C-1E54-4DA5-8B84-F95A2E2F037A}
2012-05-03 02:26 - 2012-05-03 02:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{746D00A1-C818-4AEA-94EB-B85BF3220840}
2012-05-02 02:13 - 2012-05-02 02:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{AAE1854A-39CE-42CE-9B1C-2E81202F121C}
2012-05-02 02:13 - 2012-05-02 02:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{638D56F2-EABB-4F50-925C-9255F664850B}
2012-05-02 02:13 - 2012-05-02 02:12 - 00000000 ____D C:\Users\Alex\AppData\Local\{AB63435D-CE68-4D0F-B6A2-8F37170A77FF}
2012-05-01 02:46 - 2012-05-01 02:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{A19DD441-0808-4D2B-9A43-79AE205B1CEB}
2012-05-01 02:46 - 2012-05-01 02:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{23860C4F-01EA-4F94-91F1-54CAA22F3964}
2012-04-30 21:40 - 2012-06-18 05:49 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 14:45 - 2012-04-30 14:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{DA14B876-6D1B-4940-A01A-3EBE97E751C9}
2012-04-30 14:45 - 2012-04-30 14:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{A15F99EE-F7C4-4D5F-9AD9-95406FBB9253}
2012-04-30 14:45 - 2012-04-30 14:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{36EE83D4-80C7-40B7-96DF-9F6CD3638DEF}
2012-04-30 03:35 - 2010-11-21 18:43 - 00000000 ____D C:\Program Files\Speccy
2012-04-30 02:42 - 2012-04-30 02:42 - 00000000 ____D C:\Users\Alex\AppData\Local\{8E57FF51-F80F-4329-91FD-F39DCA2A5A10}
2012-04-30 02:42 - 2012-04-30 02:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{BFBE0702-9490-4ABB-A5D1-FB10DB1AB77F}
2012-04-30 02:41 - 2012-04-30 02:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{7D033314-6BDB-4D1D-BBF3-A851AE4E0FD3}
2012-04-29 04:01 - 2009-04-26 01:11 - 00000000 ____D C:\Users\Alex\Documents\My Games
2012-04-29 02:18 - 2012-04-29 02:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{1F6157A5-D46D-410E-9EA8-04D1E5CC0C27}
2012-04-29 02:18 - 2012-04-29 02:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{18E5935B-16A0-4D4D-921A-471F1FA1BA05}
2012-04-29 02:18 - 2012-04-29 02:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{A7C1A93E-22ED-4794-BAFA-785E0A96BAD8}
2012-04-28 13:24 - 2012-04-28 13:24 - 00000000 ____D C:\Users\Alex\AppData\Local\{D24FBC28-4086-420F-A65C-B50AE472D771}
2012-04-28 13:23 - 2012-04-28 13:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{7974840B-FBC3-45A0-A4D8-88587A465F69}
2012-04-27 22:07 - 2012-04-27 22:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{81743A81-B02A-4093-803B-24375C4BA82A}
2012-04-27 22:07 - 2012-04-27 22:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{3C0A2A0E-E8B2-4A81-B8ED-857938B9740E}
2012-04-27 21:32 - 2012-06-18 05:48 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-18 05:48 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 22:03 - 2011-09-16 23:29 - 00000000 ____D C:\Program Files (x86)\Steam
2012-04-26 20:36 - 2012-04-26 20:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{1598034F-2D13-45D0-B73B-8ED6EF8AB0BF}
2012-04-26 20:36 - 2012-04-26 20:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{3CDC89C7-7443-44D0-BF4E-5C8511CDF93F}
2012-04-25 22:55 - 2012-04-25 22:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1ED92DE-3458-4BEB-9676-88943FE9905C}
2012-04-25 22:55 - 2012-04-25 22:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{A79D213C-6F43-431E-AF3D-0A8A6D52652C}
2012-04-25 22:55 - 2012-04-25 22:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{748D61CD-6385-4A98-BB2F-1DD33CD45CA5}
2012-04-25 21:41 - 2012-06-18 05:49 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-18 05:49 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-18 05:49 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 08:00 - 2012-04-25 08:00 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-25 05:48 - 2011-11-29 12:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-25 05:48 - 2010-12-18 14:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-04-25 05:34 - 2012-06-22 15:17 - 12621696 ____A (Microsoft Corporation) C:\Users\Alex\Desktop\mseinstall.exe
2012-04-24 21:56 - 2012-04-24 21:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{897CD3A6-7C01-476B-B385-B2B9DA8E022C}
2012-04-24 21:56 - 2012-04-24 21:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{9FBCCFA4-64D8-4EFF-B195-D48F60EDC2A2}
2012-04-24 08:06 - 2009-11-11 02:41 - 00007621 ____A C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2012-04-24 02:40 - 2010-03-20 16:47 - 00000000 ____A C:\Users\Alex\AppData\Local\desktop.ini
2012-04-24 00:29 - 2012-04-24 00:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{C1E695C8-C39C-4FF7-B92B-A5E74100F350}
2012-04-24 00:28 - 2012-04-24 00:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{D8EFF091-9BE1-42BF-8FE4-92753861EA03}
2012-04-23 21:37 - 2012-06-18 05:48 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-18 05:48 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-18 05:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-18 05:48 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-18 05:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-18 05:48 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 04:36 - 2010-11-21 18:43 - 00000798 ____A C:\Users\Public\Desktop\Speccy.lnk
2012-04-23 02:22 - 2012-04-23 02:22 - 00000000 ____D C:\Users\Alex\AppData\Local\{CFEAC47F-520D-4CFB-9684-E641CEF15B6A}
2012-04-23 02:21 - 2012-04-23 02:21 - 00000000 ____D C:\Users\Alex\AppData\Local\{0217D81A-F5C5-4491-AF18-AF0788DD63BD}
2012-04-22 01:58 - 2012-04-22 01:58 - 00000000 ____D C:\Users\Alex\AppData\Local\{DE69CF79-F7B8-4D38-8D57-9917F94482FD}
2012-04-21 01:13 - 2012-04-21 01:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{D281F10A-C4C0-4748-B7AD-4912B3101D74}
2012-04-21 01:13 - 2012-04-21 01:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{35698534-F5B9-4F01-B46C-3F50F975A70B}
2012-04-20 06:27 - 2012-04-20 00:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\tor
2012-04-20 06:10 - 2012-04-20 00:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Ebqir
2012-04-19 23:51 - 2012-04-19 23:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{FBA53D74-5384-4AF0-B008-9248249B6EEF}
2012-04-19 23:51 - 2012-04-19 23:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{41617261-7AC5-4C42-8348-AFC003F6FC58}
2012-04-19 23:50 - 2012-04-19 23:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{8C112416-976C-47A7-B474-1E4BCB8ADB4D}
2012-04-18 23:48 - 2012-04-18 23:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{D1C09878-A1A6-4D5F-935B-6C7EE05AA8C2}
2012-04-18 23:48 - 2012-04-18 23:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{249AEB82-F75E-49C8-B8CD-03C2D65E909C}
2012-04-18 01:42 - 2012-04-18 01:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{4E9F4690-9258-4481-BE6D-7DA94AE8961C}
2012-04-18 01:41 - 2012-04-18 01:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{8FB11020-C1CC-4C15-9E7B-9681600E37A9}
2012-04-17 09:27 - 2012-04-17 09:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{808579A5-D5A8-4D46-B60B-A74589599237}
2012-04-16 20:34 - 2012-04-16 20:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{FE6FC0CA-780C-4555-AD48-776B222A274B}
2012-04-16 20:34 - 2012-04-16 20:33 - 00000000 ____D C:\Users\Alex\AppData\Local\{C63ABC7F-C512-4DE2-B84A-7EEF1EFD2C3D}
2012-04-16 01:57 - 2012-04-16 01:57 - 00000000 ____D C:\Users\Alex\AppData\Local\{D44D1AE9-A127-4831-B197-62D8AA6C8145}
2012-04-16 01:57 - 2012-04-16 01:57 - 00000000 ____D C:\Users\Alex\AppData\Local\{A8AD940C-A60A-4601-9475-439638350DA4}
2012-04-16 01:57 - 2012-04-16 01:57 - 00000000 ____D C:\Users\Alex\AppData\Local\{9210BFC1-AEDB-455A-AC67-7445BC217128}
2012-04-16 01:57 - 2012-04-16 01:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{7ED9E1B1-3DF9-4FA5-B2E7-BA02D88CC00F}
2012-04-15 06:07 - 2012-04-15 06:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{6B92C022-93C1-4448-B3CE-D23D54258C41}
2012-04-15 06:06 - 2012-04-15 06:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{D5461273-C66B-4BB5-A145-3F989153EA94}
2012-04-15 06:06 - 2012-04-15 06:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{4194ECF3-D6E0-43A3-9A2C-1E95A6C575E6}
2012-04-14 22:21 - 2012-04-14 21:49 - 00000000 ____D C:\Users\Alex\AppData\Local\{7E70EB64-7720-4B1F-AB62-5EEB34592AF3}
2012-04-13 19:38 - 2006-02-17 07:12 - 00000000 ____D C:\Users\Alex\Documents\FAQs
2012-04-13 19:36 - 2012-04-13 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{FC91509E-C227-4AEB-B53C-799D5761DA45}
2012-04-13 19:36 - 2012-04-13 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{6C159C21-ED70-4E0F-BC6F-9DBA649BD57D}
2012-04-13 01:35 - 2012-04-13 01:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{E79BD9F3-420D-45D1-ACAF-CFFBAAB31A5A}
2012-04-13 01:35 - 2012-04-13 01:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{C6A39742-2C21-44F3-9D60-DE77F2114504}
2012-04-13 01:35 - 2012-04-13 01:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{46D7A738-EF48-433C-A91C-58E61DF131B8}
2012-04-13 01:34 - 2012-04-13 01:34 - 00000000 ____D C:\Windows\en
2012-04-13 01:32 - 2012-04-13 01:32 - 00000000 ____D C:\Program Files\Windows Live
2012-04-13 01:32 - 2009-11-01 23:00 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-04-13 01:21 - 2012-04-13 01:21 - 00000000 ____D C:\Users\Alex\AppData\Local\{BDE6442E-13E3-44B2-9EC7-A255F1614C49}
2012-04-12 17:11 - 2012-04-12 17:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{24AAD9A5-27BC-4370-A39E-9A4CB0CF3CE7}
2012-04-12 05:11 - 2012-04-12 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{1D8C014D-D4B8-4496-81C0-140CD9F745F7}
2012-04-11 17:10 - 2012-04-11 17:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{E15B62B8-DF68-4DE3-ACDA-07A464BBCA4E}
2012-04-11 05:10 - 2012-04-11 05:09 - 00000000 ____D C:\Users\Alex\AppData\Local\{3A79F0F5-9485-41FB-B3C0-B750A9F02514}
2012-04-10 17:09 - 2012-04-10 17:09 - 00000000 ____D C:\Users\Alex\AppData\Local\{906E9FA1-0485-4DF1-A979-601E8AB74ECF}
2012-04-10 04:45 - 2012-04-10 04:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{8C355E92-7BFB-4A96-A809-B0247C0AEF51}
2012-04-09 16:45 - 2012-04-09 16:44 - 00000000 ____D C:\Users\Alex\AppData\Local\{ABC14366-CBFE-4694-8D0B-E2DCEA843751}
2012-04-09 16:44 - 2012-04-09 16:44 - 00000000 ____D C:\Users\Alex\AppData\Local\{56A6206B-3B84-40AF-8265-6581BA096F90}
2012-04-08 19:56 - 2012-04-08 19:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{965C89AA-DAD1-4AC4-A847-73E2DFEF12C7}
2012-04-08 06:40 - 2009-11-11 19:14 - 00079360 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-04-08 06:39 - 2010-02-14 06:22 - 00048128 ____A C:\Windows\SysWOW64\ff_acm.acm
2012-04-07 20:18 - 2012-04-07 20:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{98926F5D-7BFB-4107-B78D-BFC246802CA4}
2012-04-07 20:18 - 2012-04-07 20:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{85722B86-B434-4D40-BE63-8C6B5873D43C}
2012-04-07 04:31 - 2012-06-18 05:49 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-18 05:49 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 18:18 - 2012-04-06 18:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{5FF7977A-F18D-44B1-A1F9-EB0C13275685}
2012-04-06 03:45 - 2012-04-06 03:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{ABFA2CD0-C289-4268-8255-FB3245F31460}
2012-04-05 19:00 - 2012-04-05 19:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{1694596E-5E1B-42B7-9641-41EBF38FD5FE}
2012-04-04 16:30 - 2009-11-10 22:23 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-04-04 16:19 - 2012-04-04 16:19 - 00000000 ____D C:\Users\Alex\AppData\Local\{B2BD8E38-4F6B-441A-BE6E-D0C5DD9770FB}
2012-04-04 15:11 - 2012-04-04 15:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{7A8D8D06-44A0-401E-88D8-C982AB1009EA}
2012-04-03 21:20 - 2012-04-03 21:19 - 00000000 ____D C:\Users\Alex\AppData\Local\{3CDF872F-07D1-41E1-BAC4-4138FE89047D}
2012-04-03 20:08 - 2010-12-07 15:48 - 00001871 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2012-04-03 09:19 - 2012-04-03 09:19 - 00000000 ____D C:\Users\Alex\AppData\Local\{ECA05B49-7C1F-4C8B-9DE3-B0441B1F97C5}
2012-04-02 20:54 - 2012-04-02 20:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{ED1484CE-F720-4D1C-8488-3F4ECD7B8A78}
2012-04-02 06:37 - 2012-04-02 06:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{4DB2548F-CB48-406B-9D07-97F8B9D6A860}
2012-04-01 18:35 - 2012-04-01 18:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{AC8472B3-CD8B-4783-887C-B539BEE582E8}
2012-03-31 21:59 - 2012-03-31 21:59 - 00000000 ____D C:\Users\Alex\AppData\Local\{C96380B0-1CB9-46F3-BFFF-20A94CEC282F}
2012-03-30 22:14 - 2012-03-30 22:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{C8FA8EAC-34FD-452A-B2EF-52B7E99BC1E5}
2012-03-30 06:29 - 2012-03-30 06:29 - 00000000 ____D C:\Users\Alex\AppData\Local\{10C04D62-65A2-4222-B247-CF183C3CEC6B}
2012-03-30 03:35 - 2012-05-10 15:57
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Sat Jun 23, 2012 7:15 am    Post subject: Reply with quote

Your FRST log is a long one and has been cut short by the forum post limiter, you'll need to post it in sections.

If you added the aswMBR log to the same post as well then that too has been cut out, so you'll have to post that separately.

I did ask you to look out for this at the end of my last post.

Please take care to read everything I post, it's easy to miss things if you rush or make assumptions.

It will save me having to repeat myself, and you from having to repeat your postings.

Please don't enclose your logs in "quote" tags, it causes problems with the forum software if a log gets cut short, since the trailing tag gets removed. I've removed them from your last post.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sat Jun 23, 2012 7:34 am    Post subject: Reply with quote

Sorry about that, I should've checked, won't happen again.

I'll post both logs again,

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-23 22:02:32
-----------------------------
22:02:32.557 OS Version: Windows x64 6.1.7601 Service Pack 1
22:02:32.557 Number of processors: 2 586 0x170A
22:02:32.557 ComputerName: 6CK2XK1-PC UserName: Alex
22:02:38.188 Initialze error C0000001 - driver not loaded
22:07:20.419 AVAST engine defs: 12062300
22:07:45.270 Service scanning
22:07:52.150 Service 9c9d8fd642aafc5 C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys **HIDDEN**
22:08:18.405 Modules scanning
22:08:18.405 Disk 0 trace - called modules:
22:08:18.420
22:08:21.291 AVAST engine scan C:\Windows
22:08:26.470 AVAST engine scan C:\Windows\system32
22:12:33.231 AVAST engine scan C:\Windows\system32\drivers
22:12:50.641 AVAST engine scan C:\Users\Alex
22:34:04.258 AVAST engine scan C:\ProgramData
22:35:24.333 Scan finished successfully
22:36:54.767 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sat Jun 23, 2012 7:35 am    Post subject: Reply with quote

Scan result of Farbar Recovery Scan Tool Version: 23-06-2012
Ran by SYSTEM at 23-06-2012 21:56:39
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)
HKU\Alex\...\Run: [0i763f66bz] C:\Users\Alex\0i763f66bz.exe [40960 2012-06-22] (SmoothCandle)
HKU\Alex\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-12] (Malwarebytes Corporation)
3 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-03-16] ()
4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================== Drivers (Whitelisted) =============

0 9c9d8fd642aafc5; C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys [74184 2012-06-22] ()
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-05-10] ()
3 ITECIRfilter; C:\Windows\System32\Drivers\ITECIRfilter.sys [28264 2011-03-21] (ITE Tech. Inc. )
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-01-06] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-09] (Malwarebytes Corporation)
2 SecDrv; C:\Windows\SysWow64\Drivers\SecDrv.sys [12400 2010-01-25] (Macrovision Europe Ltd)
2 tandpl; C:\Windows\SysWow64\Drivers\tandpl.sys [4736 2003-04-18] ()
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 FileDisk; [x]
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]
3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-23 03:52 - 2012-06-23 03:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{5C7B0BEC-EF29-4716-AED9-FAB7612DBF37}
2012-06-22 21:08 - 2012-06-22 21:08 - 00000000 ____D C:\Users\Alex\AppData\Local\{D72E5C0E-FDBD-4C27-A7A7-384BCA6153B1}
2012-06-22 17:18 - 2012-06-22 17:18 - 00013635 ____A C:\Users\Alex\Desktop\Attach.txt
2012-06-22 17:17 - 2012-06-22 17:17 - 00027408 ____A C:\Users\Alex\Desktop\DDS.txt
2012-06-22 17:03 - 2012-06-22 17:03 - 00014113 ____A C:\ComboFix.txt
2012-06-22 16:41 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-22 16:41 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-22 16:41 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-22 16:41 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-22 16:33 - 2012-06-22 17:03 - 00000000 ____D C:\Qoobox
2012-06-22 16:33 - 2012-06-22 17:01 - 00000000 ____D C:\Windows\erdnt
2012-06-22 15:57 - 2012-06-22 15:56 - 04565264 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2012-06-22 15:17 - 2012-04-25 05:34 - 12621696 ____A (Microsoft Corporation) C:\Users\Alex\Desktop\mseinstall.exe
2012-06-22 15:05 - 2012-06-22 15:05 - 00074184 ____A C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys
2012-06-22 14:43 - 2012-06-22 14:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-22 14:39 - 2012-06-22 14:39 - 00040960 ____A (SmoothCandle) C:\Users\Alex\0i763f66bz.exe
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{A0D899AF-E8E2-4A62-9CFE-881E46BC306B}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{8FC45670-8F69-4DB8-819B-E3A58EA1FA27}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{0C1F844E-E978-4AB0-9036-C05F06F4BD4B}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{BAC873E0-A73A-49A1-A7BC-7FAAFAF0D43C}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{8ADDD94E-A162-4642-8A83-69DB320651D7}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{4A1C36AD-8DF2-4F03-B91E-10F8EC2CA72C}
2012-06-21 05:06 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{F56A780C-D164-4E4E-AA3E-05AFB558DB64}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{879B0050-1F2A-4CF8-B89E-C0DCB61CE654}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{53A962BB-EF1D-4468-8288-D651269BD39E}
2012-06-20 04:52 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{9BBA2E20-3A2E-43EA-868C-7F77577B3D10}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{E470165A-A874-4E51-9D17-535C3D7ACF8F}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{D6FE123F-ECC7-45F2-937C-46727D8FBE03}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{234F08A9-3CC8-4903-894A-D50D335758FF}
2012-06-19 04:16 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D7FCF3-E555-4C24-ADA6-28F05CDC50E0}
2012-06-18 05:49 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-18 05:49 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-18 05:49 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-18 05:49 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-18 05:49 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-18 05:49 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-18 05:49 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-18 05:49 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-18 05:49 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-18 05:49 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-18 05:49 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-18 05:49 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-18 05:49 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-18 05:49 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-18 05:49 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-18 05:49 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-18 05:49 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-18 05:49 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-18 05:49 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-18 05:49 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-18 05:49 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-18 05:49 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-18 05:49 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-18 05:49 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-18 05:49 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-18 05:49 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-18 05:49 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-18 05:49 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-18 05:49 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-18 05:49 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-18 05:49 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-18 05:49 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-18 05:49 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-18 05:49 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-18 05:49 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-18 05:49 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-18 05:49 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-18 05:49 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-18 05:49 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-18 05:48 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-18 05:48 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-18 05:48 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-18 05:48 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-18 05:48 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-18 05:48 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-18 05:48 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-18 05:48 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-18 05:48 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-18 04:58 - 2012-06-18 04:59 - 00000000 ____D C:\Users\Alex\AppData\Local\{8279EFDA-71AE-4EF3-8F84-0BF880AAFEDA}
2012-06-17 04:47 - 2012-06-17 04:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{014F84BE-0735-4B4A-A6E4-A74A0B5E9506}
2012-06-16 05:00 - 2012-06-16 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{F8CD2A2D-711F-406F-B065-62EAEFDA79EB}
2012-06-15 06:37 - 2012-06-15 06:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{18669B4F-8D2E-4198-B41E-2DDA312FA7C1}
2012-06-14 08:41 - 2012-06-14 08:41 - 00000981 ____A C:\Users\Public\Desktop\WinRAR.lnk
2012-06-14 08:32 - 2012-06-14 08:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-14 08:32 - 2012-06-14 08:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{B967434D-DA8D-4A51-9EF7-1CB9BBFFFEC0}
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{76653D10-AA56-486A-BE4F-5EE1FCDEBE41}
2012-06-14 05:52 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{01E9455C-5E40-49B4-BD91-5621E0815EE6}
2012-06-14 05:52 - 2012-06-14 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{E674902C-60F6-46B5-A6B5-C94064EFD133}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{D0D0C38B-E369-499B-A02A-218FBF16FE4F}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{AF990DD6-9325-4DAA-B12F-C8FCCBBB2784}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{81A47D29-8B36-4EDF-BD3E-633045B76AC7}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{F3C59AC1-F8B3-476D-8F92-EA7E8FD73759}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{BC4B4985-3826-49C6-BAA9-F5194207F78B}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{65887C09-2BF0-4B63-BCA5-3DBB5AB72365}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{1597D96F-7B3C-436A-A2CB-1274AE8AB207}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{FCBA5B24-603F-4DE8-A75B-00EB24FC528D}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{A10F425F-D531-4C8A-9882-C3E98A855AED}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{68B5A94F-8D12-4370-A416-E874F7A8224E}
2012-06-11 02:55 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{725CCF77-7FC3-4348-A9A0-52031E5F2C0A}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{CBD952B8-177B-4858-8BCD-4DCA311CABCE}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{78DB14C3-8EE2-47D2-8CF2-107339DEA9E1}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{4F872EF3-6E5F-4469-96EF-696761BF44CC}
2012-06-09 08:08 - 2012-06-09 08:08 - 00000000 ____D C:\Users\Alex\AppData\Local\Macromedia
2012-06-09 05:27 - 2012-06-09 05:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{3A9209CF-3259-4AD5-BBD5-D8FA4365CC2B}
2012-06-09 05:26 - 2012-06-09 05:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{A09FDD44-53C5-4644-93AD-6C1A47752048}
2012-06-09 05:26 - 2012-06-09 05:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{F2BBA8F8-B096-46E5-85C8-8553F42BFF2E}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{B1650788-327C-4DC2-AEE0-921876B417E6}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{5A66BEB0-9C77-458E-8423-B78C7743B31A}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1CA3552-A544-4846-9CDF-AEE7B0E0B4BA}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{2EC96905-1E67-4AF4-91F1-7D8C5B6A3CC8}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{02CC7233-EE6E-468E-B6D9-662B1D6A2B2F}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{E2EBB476-7791-4651-B126-0B82DD72D0B9}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D52D74-1DEE-4984-B440-99B015A0DAF2}
2012-06-06 05:12 - 2012-06-06 05:12 - 00000000 ____D C:\Users\Alex\AppData\Local\{D82562A7-AEB6-430B-8C24-DA3ED32D2502}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{B65710EE-85D2-40CE-A5D0-8F89AB649B50}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{496C7355-A162-4873-8236-3DC3DB2B94F2}
2012-06-04 08:50 - 2012-06-04 08:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{1C6060EB-FFE6-436E-B2D8-9A3015362E00}
2012-06-04 08:50 - 2012-06-04 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{FBAB26A3-3BE9-403B-A4EA-12C1DE9D7283}
2012-06-03 20:50 - 2012-06-03 20:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{7292FDDC-EDA8-4C32-8715-4DBF45E117C6}
2012-06-03 20:49 - 2012-06-03 20:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{A381AE31-5EB8-4C87-BEA0-046010642BE7}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{7A406126-A1A1-4EAC-8005-F2CD57B054D2}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{32326D73-4EE9-46F3-83D0-DFCD481A85A6}
2012-06-02 22:36 - 2012-06-07 05:42 - 00001775 ____A C:\Users\Alex\Desktop\Play Max Payne 3.lnk
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{78595C38-8EFB-4A5E-BF26-01A99BEBE471}
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{3C19231A-AC3C-4E92-BA2B-86ABDD617BD0}
2012-06-02 08:24 - 2012-06-02 08:24 - 00000000 ____D C:\Users\Alex\AppData\Local\{C11090F0-1641-43D7-B04E-3FCE84BDB91F}
2012-06-02 08:23 - 2012-06-02 08:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{C1525805-2681-45DC-A4D0-7760BEED3C58}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{DD94BFFC-2C0F-483C-9055-589BA42237C9}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{590494EB-628B-4340-9985-692775DC01D4}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{193952F9-40C9-4DA2-9274-E1A7C835BFBB}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{A52115E7-BFFE-4DB8-807C-2AD045996DD1}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{6659AB91-ECE9-43D8-BDDA-5B255AF6B894}
2012-05-31 05:47 - 2012-05-31 05:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{6F7E366B-A4E1-44AB-85B3-397D905FAE66}
2012-05-31 05:46 - 2012-05-31 05:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{56710635-3BFC-4097-8D91-D4E1BBC243EF}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{CD946FEA-76AE-402A-9A6D-29C143153024}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{322C5402-6090-487F-ADFC-56912652803C}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1B4ACC4-F2C1-4D99-845C-246727C5D9B0}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{B7FACDA6-02F2-4BA9-81C1-DA4A5D325293}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{89AB4740-9230-4303-A756-1EE95E9DBD91}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{7E545F62-417B-480E-86C5-BC3CC011905E}
2012-05-29 03:59 - 2012-05-29 03:59 - 00001965 ____A C:\Users\Public\Desktop\MPC-HC.lnk
2012-05-29 03:59 - 2012-05-25 18:36 - 00178176 ____A C:\Windows\SysWOW64\unrar.dll
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{EAB9AAA2-8638-437A-B529-BB31A5332C62}
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{6AB87F77-0389-4AED-ADE7-E83E364CB573}
2012-05-29 03:40 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{42A1D47C-6A03-4F73-B2DF-162B784407E9}
2012-05-29 03:40 - 2012-05-29 03:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{4C55A09B-58EF-4348-99B8-A118D2A782EB}
2012-05-28 06:15 - 2012-05-28 06:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{03923BB2-3A58-4D2A-969A-20855668C7E3}
2012-05-28 06:14 - 2012-05-28 06:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{468BB4E2-1D65-42CF-AEAE-610BB806CDF9}
2012-05-28 06:14 - 2012-05-28 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{6DA35DBF-8D55-4688-A5D6-8CD1F640795E}
2012-05-27 05:52 - 2012-05-27 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{FC4EA4B7-0775-49BC-9775-D79C36B5BA37}
2012-05-27 05:51 - 2012-05-27 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{957E6393-659B-478E-A842-0B787CF34FE3}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{B76F3E75-D914-410F-96F7-0477D37002F6}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{A01A1FBF-22A4-4B95-A505-6B9043EEA852}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{233281BD-110C-45AB-ABED-511F29E97768}
2012-05-25 00:39 - 2012-05-25 00:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{FD290077-BD24-43F1-9883-15A3C1756570}
2012-05-25 00:39 - 2012-05-25 00:39 - 00000000 ____D C:\Users\Alex\AppData\Local\{054FB6F2-6DA8-41DF-91C4-B491335572F1}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{6B1755B0-E026-4CF7-84D8-447C8BB2F710}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{05586DF3-1EEB-4DE5-B5D1-C06BE2717926}
2012-05-24 05:33 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{5ACD6926-0B24-4A42-9CB6-F2AB43FDF5EE}


============ 3 Months Modified Files and Folders =============

2012-06-23 21:57 - 2012-06-23 21:56 - 00000000 ____D C:\FRST
2012-06-23 03:52 - 2012-06-23 03:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{5C7B0BEC-EF29-4716-AED9-FAB7612DBF37}
2012-06-23 03:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-23 03:51 - 2009-07-13 20:51 - 00142744 ____A C:\Windows\setupact.log
2012-06-23 03:42 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-23 03:42 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-23 03:41 - 2009-07-13 21:10 - 01413208 ____A C:\Windows\WindowsUpdate.log
2012-06-23 03:39 - 2009-07-13 21:13 - 00782702 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-22 21:08 - 2012-06-22 21:08 - 00000000 ____D C:\Users\Alex\AppData\Local\{D72E5C0E-FDBD-4C27-A7A7-384BCA6153B1}
2012-06-22 17:18 - 2012-06-22 17:18 - 00013635 ____A C:\Users\Alex\Desktop\Attach.txt
2012-06-22 17:17 - 2012-06-22 17:17 - 00027408 ____A C:\Users\Alex\Desktop\DDS.txt
2012-06-22 17:03 - 2012-06-22 17:03 - 00014113 ____A C:\ComboFix.txt
2012-06-22 17:03 - 2012-06-22 16:33 - 00000000 ____D C:\Qoobox
2012-06-22 17:03 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-22 17:01 - 2012-06-22 16:33 - 00000000 ____D C:\Windows\erdnt
2012-06-22 16:57 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-22 16:56 - 2009-11-02 00:37 - 01968322 ____A C:\Windows\PFRO.log
2012-06-22 15:56 - 2012-06-22 15:57 - 04565264 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2012-06-22 15:22 - 2010-12-18 14:20 - 00002198 ____A C:\Windows\epplauncher.mif
2012-06-22 15:05 - 2012-06-22 15:05 - 00074184 ____A C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys
2012-06-22 14:51 - 2009-10-09 03:53 - 00000000 ____D C:\Users\Alex\AppData\Roaming\foobar2000
2012-06-22 14:49 - 2006-02-15 16:17 - 00000000 ____D C:\Users\Alex\Documents\PICS
2012-06-22 14:43 - 2012-06-22 14:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-22 14:39 - 2012-06-22 14:39 - 00040960 ____A (SmoothCandle) C:\Users\Alex\0i763f66bz.exe
2012-06-22 14:39 - 2009-11-10 19:20 - 00000000 ____D C:\users\Alex
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{A0D899AF-E8E2-4A62-9CFE-881E46BC306B}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{8FC45670-8F69-4DB8-819B-E3A58EA1FA27}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{0C1F844E-E978-4AB0-9036-C05F06F4BD4B}
2012-06-22 07:54 - 2010-10-02 18:08 - 00000000 ____D C:\Users\Alex\AppData\Local\Windows Live
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{BAC873E0-A73A-49A1-A7BC-7FAAFAF0D43C}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{8ADDD94E-A162-4642-8A83-69DB320651D7}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{4A1C36AD-8DF2-4F03-B91E-10F8EC2CA72C}
2012-06-21 05:07 - 2012-06-21 05:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{F56A780C-D164-4E4E-AA3E-05AFB558DB64}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{879B0050-1F2A-4CF8-B89E-C0DCB61CE654}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{53A962BB-EF1D-4468-8288-D651269BD39E}
2012-06-20 04:53 - 2012-06-20 04:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{9BBA2E20-3A2E-43EA-868C-7F77577B3D10}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{E470165A-A874-4E51-9D17-535C3D7ACF8F}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{D6FE123F-ECC7-45F2-937C-46727D8FBE03}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{234F08A9-3CC8-4903-894A-D50D335758FF}
2012-06-19 04:17 - 2012-06-19 04:16 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D7FCF3-E555-4C24-ADA6-28F05CDC50E0}
2012-06-18 06:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-18 06:06 - 2009-07-13 20:45 - 00426096 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-18 06:05 - 2012-04-25 08:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 06:05 - 2009-11-10 22:35 - 00000000 ____D C:\Program Files\WinRAR
2012-06-18 06:02 - 2009-11-10 23:29 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-18 05:56 - 2009-11-10 23:16 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-18 04:59 - 2012-06-18 04:58 - 00000000 ____D C:\Users\Alex\AppData\Local\{8279EFDA-71AE-4EF3-8F84-0BF880AAFEDA}
2012-06-17 04:47 - 2012-06-17 04:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{014F84BE-0735-4B4A-A6E4-A74A0B5E9506}
2012-06-16 06:16 - 2011-08-16 08:22 - 00001055 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-16 06:16 - 2010-01-19 06:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-16 05:00 - 2012-06-16 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{F8CD2A2D-711F-406F-B065-62EAEFDA79EB}
2012-06-15 06:37 - 2012-06-15 06:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{18669B4F-8D2E-4198-B41E-2DDA312FA7C1}
2012-06-14 08:41 - 2012-06-14 08:41 - 00000981 ____A C:\Users\Public\Desktop\WinRAR.lnk
2012-06-14 08:32 - 2012-06-14 08:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-14 08:32 - 2012-06-14 08:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{B967434D-DA8D-4A51-9EF7-1CB9BBFFFEC0}
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{76653D10-AA56-486A-BE4F-5EE1FCDEBE41}
2012-06-14 05:53 - 2012-06-14 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{01E9455C-5E40-49B4-BD91-5621E0815EE6}
2012-06-14 05:52 - 2012-06-14 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{E674902C-60F6-46B5-A6B5-C94064EFD133}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{D0D0C38B-E369-499B-A02A-218FBF16FE4F}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{AF990DD6-9325-4DAA-B12F-C8FCCBBB2784}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{81A47D29-8B36-4EDF-BD3E-633045B76AC7}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{F3C59AC1-F8B3-476D-8F92-EA7E8FD73759}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{BC4B4985-3826-49C6-BAA9-F5194207F78B}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{65887C09-2BF0-4B63-BCA5-3DBB5AB72365}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{1597D96F-7B3C-436A-A2CB-1274AE8AB207}
2012-06-11 04:34 - 2011-12-02 07:10 - 00000000 ____D C:\Program Files (x86)\Batman Arkham City
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{FCBA5B24-603F-4DE8-A75B-00EB24FC528D}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{A10F425F-D531-4C8A-9882-C3E98A855AED}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{68B5A94F-8D12-4370-A416-E874F7A8224E}
2012-06-11 02:56 - 2012-06-11 02:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{725CCF77-7FC3-4348-A9A0-52031E5F2C0A}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{CBD952B8-177B-4858-8BCD-4DCA311CABCE}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{78DB14C3-8EE2-47D2-8CF2-107339DEA9E1}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{4F872EF3-6E5F-4469-96EF-696761BF44CC}
2012-06-09 08:08 - 2012-06-09 08:08 - 00000000 ____D C:\Users\Alex\AppData\Local\Macromedia
2012-06-09 05:27 - 2012-06-09 05:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{3A9209CF-3259-4AD5-BBD5-D8FA4365CC2B}
2012-06-09 05:27 - 2012-06-09 05:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{A09FDD44-53C5-4644-93AD-6C1A47752048}
2012-06-09 05:26 - 2012-06-09 05:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{F2BBA8F8-B096-46E5-85C8-8553F42BFF2E}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{B1650788-327C-4DC2-AEE0-921876B417E6}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{5A66BEB0-9C77-458E-8423-B78C7743B31A}
2012-06-07 05:42 - 2012-06-02 22:36 - 00001775 ____A C:\Users\Alex\Desktop\Play Max Payne 3.lnk
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1CA3552-A544-4846-9CDF-AEE7B0E0B4BA}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{2EC96905-1E67-4AF4-91F1-7D8C5B6A3CC8}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{02CC7233-EE6E-468E-B6D9-662B1D6A2B2F}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{E2EBB476-7791-4651-B126-0B82DD72D0B9}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D52D74-1DEE-4984-B440-99B015A0DAF2}
2012-06-06 05:12 - 2012-06-06 05:12 - 00000000 ____D C:\Users\Alex\AppData\Local\{D82562A7-AEB6-430B-8C24-DA3ED32D2502}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{B65710EE-85D2-40CE-A5D0-8F89AB649B50}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{496C7355-A162-4873-8236-3DC3DB2B94F2}
2012-06-04 08:51 - 2012-06-04 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{1C6060EB-FFE6-436E-B2D8-9A3015362E00}
2012-06-04 08:50 - 2012-06-04 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{FBAB26A3-3BE9-403B-A4EA-12C1DE9D7283}
2012-06-03 21:30 - 2006-02-27 20:58 - 00000000 ____D C:\Users\Alex\Documents\Misc
2012-06-03 21:27 - 2010-05-16 01:31 - 00000000 ____D C:\Users\Alex\AppData\Local\Paint.NET
2012-06-03 20:50 - 2012-06-03 20:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{7292FDDC-EDA8-4C32-8715-4DBF45E117C6}
2012-06-03 20:50 - 2012-06-03 20:49 - 00000000 ____D C:\Users\Alex\AppData\Local\{A381AE31-5EB8-4C87-BEA0-046010642BE7}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{7A406126-A1A1-4EAC-8005-F2CD57B054D2}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{32326D73-4EE9-46F3-83D0-DFCD481A85A6}
2012-06-02 22:36 - 2010-02-18 15:23 - 00000000 ____D C:\Users\Alex\Documents\Rockstar Games
2012-06-02 22:11 - 2010-02-18 14:55 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-02 22:10 - 2009-11-01 23:02 - 00274280 ____A C:\Windows\DirectX.log
2012-06-02 21:30 - 2011-11-26 16:53 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-02 21:30 - 2009-11-01 22:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{78595C38-8EFB-4A5E-BF26-01A99BEBE471}
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{3C19231A-AC3C-4E92-BA2B-86ABDD617BD0}
2012-06-02 08:24 - 2012-06-02 08:24 - 00000000 ____D C:\Users\Alex\AppData\Local\{C11090F0-1641-43D7-B04E-3FCE84BDB91F}
2012-06-02 08:23 - 2012-06-02 08:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{C1525805-2681-45DC-A4D0-7760BEED3C58}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{DD94BFFC-2C0F-483C-9055-589BA42237C9}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{590494EB-628B-4340-9985-692775DC01D4}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{193952F9-40C9-4DA2-9274-E1A7C835BFBB}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{A52115E7-BFFE-4DB8-807C-2AD045996DD1}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{6659AB91-ECE9-43D8-BDDA-5B255AF6B894}
2012-05-31 05:47 - 2012-05-31 05:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{6F7E366B-A4E1-44AB-85B3-397D905FAE66}
2012-05-31 05:47 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{56710635-3BFC-4097-8D91-D4E1BBC243EF}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{CD946FEA-76AE-402A-9A6D-29C143153024}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{322C5402-6090-487F-ADFC-56912652803C}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1B4ACC4-F2C1-4D99-845C-246727C5D9B0}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{B7FACDA6-02F2-4BA9-81C1-DA4A5D325293}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{89AB4740-9230-4303-A756-1EE95E9DBD91}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{7E545F62-417B-480E-86C5-BC3CC011905E}
2012-05-29 05:22 - 2009-11-11 19:14 - 00000000 ____D C:\Program Files (x86)\ffdshow
2012-05-29 04:01 - 2010-12-03 17:36 - 00000000 ____D C:\Program Files\CCleaner
2012-05-29 04:01 - 2009-11-11 07:12 - 00000000 ____D C:\Program Files (x86)\MPC HomeCinema
2012-05-29 04:00 - 2010-01-05 15:28 - 00000000 ____D C:\Program Files\Defraggler
2012-05-29 03:59 - 2012-05-29 03:59 - 00001965 ____A C:\Users\Public\Desktop\MPC-HC.lnk
2012-05-29 03:59 - 2009-11-10 22:00 - 00001037 ____A C:\Users\Public\Desktop\foobar2000.lnk
2012-05-29 03:59 - 2009-11-10 22:00 - 00000000 ____D C:\Program Files (x86)\foobar2000
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{EAB9AAA2-8638-437A-B529-BB31A5332C62}
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{6AB87F77-0389-4AED-ADE7-E83E364CB573}
2012-05-29 03:41 - 2012-05-29 03:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{42A1D47C-6A03-4F73-B2DF-162B784407E9}
2012-05-29 03:40 - 2012-05-29 03:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{4C55A09B-58EF-4348-99B8-A118D2A782EB}
2012-05-28 06:15 - 2012-05-28 06:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{03923BB2-3A58-4D2A-969A-20855668C7E3}
2012-05-28 06:15 - 2012-05-28 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{468BB4E2-1D65-42CF-AEAE-610BB806CDF9}
2012-05-28 06:14 - 2012-05-28 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{6DA35DBF-8D55-4688-A5D6-8CD1F640795E}
2012-05-27 05:52 - 2012-05-27 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{FC4EA4B7-0775-49BC-9775-D79C36B5BA37}
2012-05-27 05:52 - 2012-05-27 05:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{957E6393-659B-478E-A842-0B787CF34FE3}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{B76F3E75-D914-410F-96F7-0477D37002F6}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{A01A1FBF-22A4-4B95-A505-6B9043EEA852}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{233281BD-110C-45AB-ABED-511F29E97768}
2012-05-25 18:36 - 2012-05-29 03:59 - 00178176 ____A C:\Windows\SysWOW64\unrar.dll
2012-05-25 00:40 - 2012-05-25 00:39 - 00000000 ____D C:\Users\Alex\AppData\Local\{FD290077-BD24-43F1-9883-15A3C1756570}
2012-05-25 00:39 - 2012-05-25 00:39 - 00000000 ____D C:\Users\Alex\AppData\Local\{054FB6F2-6DA8-41DF-91C4-B491335572F1}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{6B1755B0-E026-4CF7-84D8-447C8BB2F710}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{05586DF3-1EEB-4DE5-B5D1-C06BE2717926}
2012-05-24 05:34 - 2012-05-24 05:33 - 00000000 ____D C:\Users\Alex\AppData\Local\{5ACD6926-0B24-4A42-9CB6-F2AB43FDF5EE}
2012-05-23 03:26 - 2012-02-18 01:36 - 00000000 ____D C:\Users\Alex\Documents\Remedy
2012-05-23 02:38 - 2012-05-23 02:38 - 00002316 ____A C:\Users\Public\Desktop\Alan Wake American Nightmare.lnk
2012-05-23 02:37 - 2012-05-23 02:37 - 00000000 ____D C:\Program Files (x86)\GOG.com
2012-05-22 23:14 - 2012-05-22 23:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{8A656D2E-9F8B-4315-9587-42FF7EB258BA}
2012-05-22 23:14 - 2012-05-22 23:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{49986726-83A9-4C40-8627-89A607ACFB4A}
2012-05-22 23:14 - 2012-05-22 23:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{2D7C5603-B8C0-4510-9C0B-228F00B27A19}
2012-05-22 23:14 - 2012-05-22 23:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{60351E4E-1747-4568-B4F2-BF74B13BC918}
2012-05-21 21:06 - 2012-05-21 21:05 - 00000000 ____D C:\Users\Alex\AppData\Local\{F007DA36-7E90-4E6C-9544-135FB04E5366}
2012-05-21 21:05 - 2012-05-21 21:05 - 00000000 ____D C:\Users\Alex\AppData\Local\{03166E31-8C2B-437F-918B-6D8578C2C194}
2012-05-21 05:00 - 2012-05-21 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{B9EA6387-BE40-4AA4-8A26-82CBB0D90022}
2012-05-21 05:00 - 2012-05-21 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{AC7467BE-2B7E-448D-B8E8-A83F5E2D1114}
2012-05-21 05:00 - 2012-05-21 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{00BED32A-5D44-4FD2-8FD4-34C9CBC08FE9}
2012-05-20 04:53 - 2012-05-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{7CA76B31-4775-44A3-B668-C089B7097586}
2012-05-20 04:53 - 2012-05-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{02A12077-FD3C-4D0E-9F9F-E6C1DA696C9C}
2012-05-19 04:08 - 2012-05-19 04:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{20F150D6-06EA-48F4-88B4-B9F424403593}
2012-05-19 04:07 - 2012-05-19 04:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{6129601B-DBC7-4D5B-9F17-C9530F2E8B18}
2012-05-18 03:36 - 2012-05-18 03:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{F4A8FEC8-4FE0-436E-BAE7-B0031197BE55}
2012-05-18 03:36 - 2012-05-18 03:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{E30A430B-D3ED-42F4-A824-4A795B9127F0}
2012-05-18 03:36 - 2012-05-18 03:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{C7500938-A994-4D1D-A04D-CA2169F92FAD}
2012-05-18 03:36 - 2012-05-18 03:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{D87E3FE9-F688-4FA1-806B-8A55C6AE3D96}
2012-05-17 18:47 - 2012-06-18 05:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-18 05:49 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-18 05:49 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-18 05:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-18 05:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-18 05:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-18 05:49 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-18 05:49 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-18 05:49 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-18 05:49 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-18 05:49 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-18 05:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-18 05:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-18 05:49 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-18 05:49 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-18 05:49 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-18 05:49 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-18 05:49 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-18 05:49 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-18 05:49 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-18 05:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-18 05:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-18 05:49 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-18 05:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-18 05:49 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-18 05:49 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-18 05:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-18 05:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 06:15 - 2012-05-17 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{5292F215-BC81-47CC-A480-C194A16F0B50}
2012-05-17 06:14 - 2012-05-17 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{C93B57C3-32CA-47B7-A053-80E844722621}
2012-05-17 06:14 - 2012-05-17 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{43E89ED5-CDB1-40C2-8F7E-CD9B8B901D9E}
2012-05-16 04:35 - 2012-05-16 04:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{CA938D4F-8842-480A-9BED-A802D99F4FDA}
2012-05-16 04:35 - 2012-05-16 04:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{3D044AE4-C898-419E-AFD2-34B79A0151BA}
2012-05-16 04:35 - 2012-05-16 04:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{3B7597DB-C640-4962-BC98-E71B25837B32}
2012-05-15 01:15 - 2012-05-15 01:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{F4172441-40C5-4CA9-93F6-CAFF84ABD277}
2012-05-15 01:15 - 2012-05-15 01:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{D3614314-B9F1-4C3E-A591-1625443CBFDF}
2012-05-15 01:14 - 2012-05-15 01:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{A555DB39-7E69-46DD-966C-116E6C6FC705}
2012-05-14 17:32 - 2012-06-18 05:48 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 06:23 - 2012-05-14 06:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{F02A6F16-11D7-4426-A1B3-209DC5C41601}
2012-05-14 06:23 - 2012-05-14 06:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{2A9D9A50-FBE6-4DA8-8BE5-38AFDD16C7CA}
2012-05-13 05:23 - 2012-05-13 05:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{D1CE1E2B-B362-4273-99A0-027AD042A0DF}
2012-05-13 05:23 - 2012-05-13 05:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{4893BD28-A052-46A4-BCA6-C90B955B50E4}
2012-05-12 05:29 - 2012-05-12 05:29 - 00000000 ____D C:\Users\Alex\AppData\Local\{901326C0-1DD8-4FFC-B4FD-9870C7EE6475}
2012-05-12 05:29 - 2012-05-12 05:29 - 00000000 ____D C:\Users\Alex\AppData\Local\{3F841FC9-33F8-424B-A1AA-07DEEE2E99A9}
2012-05-12 05:29 - 2012-05-12 05:29 - 00000000 ____D C:\Users\Alex\AppData\Local\{37A1F559-5948-487A-9B59-B50A8C614850}
2012-05-10 22:38 - 2012-05-10 22:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{67C3427C-A063-4CF3-BB0E-F34451137460}
2012-05-10 22:38 - 2012-05-10 22:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{1B42FF9F-3A8C-415B-8587-BA108DF79B13}
2012-05-10 16:41 - 2012-05-10 16:41 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-10 16:41 - 2012-05-10 16:41 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-10 16:41 - 2012-05-10 16:41 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-10 16:41 - 2012-05-10 16:41 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-10 16:41 - 2012-05-10 16:41 - 00000000 ____D C:\Program Files\Java
2012-05-10 16:41 - 2011-02-19 03:15 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-10 16:40 - 2012-05-10 16:40 - 00772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-10 16:40 - 2012-05-10 16:40 - 00227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-10 16:40 - 2012-05-10 16:40 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-10 16:40 - 2012-05-10 16:40 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-10 16:40 - 2010-04-19 06:32 - 00687560 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-10 16:40 - 2010-04-19 06:32 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-10 16:25 - 2012-02-14 18:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-10 16:25 - 2012-02-14 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 16:00 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 10:37 - 2012-05-10 10:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{EA53BE2F-5425-4C57-8E5D-830973BA7666}
2012-05-10 10:37 - 2012-05-10 10:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{C2A288E0-E9F7-40E6-9852-2A626A76FAF8}
2012-05-10 10:37 - 2012-05-10 10:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{D7BB1309-82BF-464E-A68E-513E8768CB3E}
2012-05-10 10:36 - 2012-05-10 10:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{6C6761D1-D944-4AE6-9AB0-E5C5DC0D5B9E}
2012-05-08 22:28 - 2012-05-08 22:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{10853024-98FF-48A3-9B46-E5A0AAB6A8D1}
2012-05-08 22:28 - 2012-05-08 22:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{007F2295-305F-4860-9F5D-13BF626B4C50}
2012-05-08 22:27 - 2012-05-08 22:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{39360136-C244-4889-A93B-10E77D43FCA1}
2012-05-08 04:54 - 2012-05-08 04:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{7AD3F7D8-7CBD-4A93-8076-B45013D1DF79}
2012-05-08 04:54 - 2012-05-08 04:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{116719AA-A62A-43C4-8022-695C2FDE4710}
2012-05-07 05:26 - 2012-05-07 05:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{F8FC7C0A-4BFE-4B68-B719-14DAA0CBBCD5}
2012-05-07 05:26 - 2012-05-07 05:25 - 00000000 ____D C:\Users\Alex\AppData\Local\{B959A083-5CCE-4FD5-9086-5FF7E5E604CC}
2012-05-07 05:25 - 2012-05-07 05:25 - 00000000 ____D C:\Users\Alex\AppData\Local\{7CA64709-0BD8-4A80-8953-F1E2E5A99CCA}
2012-05-06 06:45 - 2012-05-06 06:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{D1CD5CC0-1FCF-4947-868A-911120566BB2}
2012-05-06 06:45 - 2012-05-06 06:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{451320E5-9C30-47FF-89C2-C02239360071}
2012-05-05 06:14 - 2012-05-05 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{2EA8AB97-068C-4D5E-8647-9A8DA85D6DAE}
2012-05-05 06:14 - 2012-05-05 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{0D00308D-F44C-49DD-B2AB-F33E7D5BE832}
2012-05-04 16:46 - 2012-05-04 16:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{B5B2631B-53C1-4A78-AE3B-C710AACA8C4D}
2012-05-04 16:46 - 2012-05-04 16:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{188DC23F-AEDA-4671-B648-46E33F5BA521}
2012-05-04 04:27 - 2012-05-04 04:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{DF82E61B-4D65-4F6A-B60D-4C4C4C1C84BD}
2012-05-04 04:27 - 2012-05-04 04:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{86BDDC27-C8C6-4E5D-98D4-60942740E2CB}
2012-05-04 04:27 - 2012-05-04 04:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{15298085-3B4C-4D21-9DAF-85BBF4A90E2B}
2012-05-04 04:27 - 2012-05-04 04:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{111B1796-C646-4556-9F51-93752E551A5C}
2012-05-04 03:06 - 2012-06-18 05:49 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-18 05:49 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-18 05:49 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-18 05:49 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-18 05:49 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-03 02:27 - 2012-05-03 02:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{E6A8E2AC-30A6-4D87-8BD5-6D238319EA4D}
2012-05-03 02:26 - 2012-05-03 02:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{CC054F1B-0D3D-4F1B-8963-1C96E6F81BF5}
2012-05-03 02:26 - 2012-05-03 02:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{76B4FC8C-1E54-4DA5-8B84-F95A2E2F037A}
2012-05-03 02:26 - 2012-05-03 02:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{746D00A1-C818-4AEA-94EB-B85BF3220840}
2012-05-02 02:13 - 2012-05-02 02:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{AAE1854A-39CE-42CE-9B1C-2E81202F121C}
2012-05-02 02:13 - 2012-05-02 02:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{638D56F2-EABB-4F50-925C-9255F664850B}
2012-05-02 02:13 - 2012-05-02 02:12 - 00000000 ____D C:\Users\Alex\AppData\Local\{AB63435D-CE68-4D0F-B6A2-8F37170A77FF}
2012-05-01 02:46 - 2012-05-01 02:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{A19DD441-0808-4D2B-9A43-79AE205B1CEB}
2012-05-01 02:46 - 2012-05-01 02:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{23860C4F-01EA-4F94-91F1-54CAA22F3964}
2012-04-30 21:40 - 2012-06-18 05:49 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 14:45 - 2012-04-30 14:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{DA14B876-6D1B-4940-A01A-3EBE97E751C9}
2012-04-30 14:45 - 2012-04-30 14:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{A15F99EE-F7C4-4D5F-9AD9-95406FBB9253}
2012-04-30 14:45 - 2012-04-30 14:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{36EE83D4-80C7-40B7-96DF-9F6CD3638DEF}
2012-04-30 03:35 - 2010-11-21 18:43 - 00000000 ____D C:\Program Files\Speccy
2012-04-30 02:42 - 2012-04-30 02:42 - 00000000 ____D C:\Users\Alex\AppData\Local\{8E57FF51-F80F-4329-91FD-F39DCA2A5A10}
2012-04-30 02:42 - 2012-04-30 02:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{BFBE0702-9490-4ABB-A5D1-FB10DB1AB77F}
2012-04-30 02:41 - 2012-04-30 02:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{7D033314-6BDB-4D1D-BBF3-A851AE4E0FD3}
2012-04-29 04:01 - 2009-04-26 01:11 - 00000000 ____D C:\Users\Alex\Documents\My Games
2012-04-29 02:18 - 2012-04-29 02:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{1F6157A5-D46D-410E-9EA8-04D1E5CC0C27}
2012-04-29 02:18 - 2012-04-29 02:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{18E5935B-16A0-4D4D-921A-471F1FA1BA05}
2012-04-29 02:18 - 2012-04-29 02:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{A7C1A93E-22ED-4794-BAFA-785E0A96BAD8}
2012-04-28 13:24 - 2012-04-28 13:24 - 00000000 ____D C:\Users\Alex\AppData\Local\{D24FBC28-4086-420F-A65C-B50AE472D771}
2012-04-28 13:23 - 2012-04-28 13:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{7974840B-FBC3-45A0-A4D8-88587A465F69}
2012-04-27 22:07 - 2012-04-27 22:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{81743A81-B02A-4093-803B-24375C4BA82A}
2012-04-27 22:07 - 2012-04-27 22:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{3C0A2A0E-E8B2-4A81-B8ED-857938B9740E}
2012-04-27 21:32 - 2012-06-18 05:48 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-18 05:48 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 22:03 - 2011-09-16 23:29 - 00000000 ____D C:\Program Files (x86)\Steam
2012-04-26 20:36 - 2012-04-26 20:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{1598034F-2D13-45D0-B73B-8ED6EF8AB0BF}
2012-04-26 20:36 - 2012-04-26 20:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{3CDC89C7-7443-44D0-BF4E-5C8511CDF93F}
2012-04-25 22:55 - 2012-04-25 22:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1ED92DE-3458-4BEB-9676-88943FE9905C}
2012-04-25 22:55 - 2012-04-25 22:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{A79D213C-6F43-431E-AF3D-0A8A6D52652C}
2012-04-25 22:55 - 2012-04-25 22:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{748D61CD-6385-4A98-BB2F-1DD33CD45CA5}
2012-04-25 21:41 - 2012-06-18 05:49 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-18 05:49 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-18 05:49 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 08:00 - 2012-04-25 08:00 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-25 05:48 - 2011-11-29 12:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-25 05:48 - 2010-12-18 14:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-04-25 05:34 - 2012-06-22 15:17 - 12621696 ____A (Microsoft Corporation) C:\Users\Alex\Desktop\mseinstall.exe
2012-04-24 21:56 - 2012-04-24 21:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{897CD3A6-7C01-476B-B385-B2B9DA8E022C}
2012-04-24 21:56 - 2012-04-24 21:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{9FBCCFA4-64D8-4EFF-B195-D48F60EDC2A2}
2012-04-24 08:06 - 2009-11-11 02:41 - 00007621 ____A C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2012-04-24 02:40 - 2010-03-20 16:47 - 00000000 ____A C:\Users\Alex\AppData\Local\desktop.ini
2012-04-24 00:29 - 2012-04-24 00:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{C1E695C8-C39C-4FF7-B92B-A5E74100F350}
2012-04-24 00:28 - 2012-04-24 00:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{D8EFF091-9BE1-42BF-8FE4-92753861EA03}
2012-04-23 21:37 - 2012-06-18 05:48 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-18 05:48 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-18 05:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-18 05:48 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-18 05:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-18 05:48 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 04:36 - 2010-11-21 18:43 - 00000798 ____A C:\Users\Public\Desktop\Speccy.lnk
2012-04-23 02:22 - 2012-04-23 02:22 - 00000000 ____D C:\Users\Alex\AppData\Local\{CFEAC47F-520D-4CFB-9684-E641CEF15B6A}
2012-04-23 02:21 - 2012-04-23 02:21 - 00000000 ____D C:\Users\Alex\AppData\Local\{0217D81A-F5C5-4491-AF18-AF0788DD63BD}
2012-04-22 01:58 - 2012-04-22 01:58 - 00000000 ____D C:\Users\Alex\AppData\Local\{DE69CF79-F7B8-4D38-8D57-9917F94482FD}
2012-04-21 01:13 - 2012-04-21 01:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{D281F10A-C4C0-4748-B7AD-4912B3101D74}
2012-04-21 01:13 - 2012-04-21 01:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{35698534-F5B9-4F01-B46C-3F50F975A70B}
2012-04-20 06:27 - 2012-04-20 00:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\tor
2012-04-20 06:10 - 2012-04-20 00:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Ebqir
2012-04-19 23:51 - 2012-04-19 23:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{FBA53D74-5384-4AF0-B008-9248249B6EEF}
2012-04-19 23:51 - 2012-04-19 23:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{41617261-7AC5-4C42-8348-AFC003F6FC58}
2012-04-19 23:50 - 2012-04-19 23:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{8C112416-976C-47A7-B474-1E4BCB8ADB4D}
2012-04-18 23:48 - 2012-04-18 23:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{D1C09878-A1A6-4D5F-935B-6C7EE05AA8C2}
2012-04-18 23:48 - 2012-04-18 23:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{249AEB82-F75E-49C8-B8CD-03C2D65E909C}
2012-04-18 01:42 - 2012-04-18 01:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{4E9F4690-9258-4481-BE6D-7DA94AE8961C}
2012-04-18 01:41 - 2012-04-18 01:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{8FB11020-C1CC-4C15-9E7B-9681600E37A9}
2012-04-17 09:27 - 2012-04-17 09:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{808579A5-D5A8-4D46-B60B-A74589599237}
2012-04-16 20:34 - 2012-04-16 20:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{FE6FC0CA-780C-4555-AD48-776B222A274B}
2012-04-16 20:34 - 2012-04-16 20:33 - 00000000 ____D C:\Users\Alex\AppData\Local\{C63ABC7F-C512-4DE2-B84A-7EEF1EFD2C3D}
2012-04-16 01:57 - 2012-04-16 01:57 - 00000000 ____D C:\Users\Alex\AppData\Local\{D44D1AE9-A127-4831-B197-62D8AA6C8145}
2012-04-16 01:57 - 2012-04-16 01:57 - 00000000 ____D C:\Users\Alex\AppData\Local\{A8AD940C-A60A-4601-9475-439638350DA4}
2012-04-16 01:57 - 2012-04-16 01:57 - 00000000 ____D C:\Users\Alex\AppData\Local\{9210BFC1-AEDB-455A-AC67-7445BC217128}
2012-04-16 01:57 - 2012-04-16 01:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{7ED9E1B1-3DF9-4FA5-B2E7-BA02D88CC00F}
2012-04-15 06:07 - 2012-04-15 06:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{6B92C022-93C1-4448-B3CE-D23D54258C41}
2012-04-15 06:06 - 2012-04-15 06:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{D5461273-C66B-4BB5-A145-3F989153EA94}
2012-04-15 06:06 - 2012-04-15 06:06 - 00000000 ____D C:\Users\Alex\AppData\Local\{4194ECF3-D6E0-43A3-9A2C-1E95A6C575E6}
2012-04-14 22:21 - 2012-04-14 21:49 - 00000000 ____D C:\Users\Alex\AppData\Local\{7E70EB64-7720-4B1F-AB62-5EEB34592AF3}
2012-04-13 19:38 - 2006-02-17 07:12 - 00000000 ____D C:\Users\Alex\Documents\FAQs
2012-04-13 19:36 - 2012-04-13 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{FC91509E-C227-4AEB-B53C-799D5761DA45}
2012-04-13 19:36 - 2012-04-13 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{6C159C21-ED70-4E0F-BC6F-9DBA649BD57D}
2012-04-13 01:35 - 2012-04-13 01:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{E79BD9F3-420D-45D1-ACAF-CFFBAAB31A5A}
2012-04-13 01:35 - 2012-04-13 01:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{C6A39742-2C21-44F3-9D60-DE77F2114504}
2012-04-13 01:35 - 2012-04-13 01:35 - 00000000 ____D C:\Users\Alex\AppData\Local\{46D7A738-EF48-433C-A91C-58E61DF131B8}
2012-04-13 01:34 - 2012-04-13 01:34 - 00000000 ____D C:\Windows\en
2012-04-13 01:32 - 2012-04-13 01:32 - 00000000 ____D C:\Program Files\Windows Live
2012-04-13 01:32 - 2009-11-01 23:00 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-04-13 01:21 - 2012-04-13 01:21 - 00000000 ____D C:\Users\Alex\AppData\Local\{BDE6442E-13E3-44B2-9EC7-A255F1614C49}
2012-04-12 17:11 - 2012-04-12 17:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{24AAD9A5-27BC-4370-A39E-9A4CB0CF3CE7}
2012-04-12 05:11 - 2012-04-12 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{1D8C014D-D4B8-4496-81C0-140CD9F745F7}
2012-04-11 17:10 - 2012-04-11 17:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{E15B62B8-DF68-4DE3-ACDA-07A464BBCA4E}
2012-04-11 05:10 - 2012-04-11 05:09 - 00000000 ____D C:\Users\Alex\AppData\Local\{3A79F0F5-9485-41FB-B3C0-B750A9F02514}
2012-04-10 17:09 - 2012-04-10 17:09 - 00000000 ____D C:\Users\Alex\AppData\Local\{906E9FA1-0485-4DF1-A979-601E8AB74ECF}
2012-04-10 04:45 - 2012-04-10 04:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{8C355E92-7BFB-4A96-A809-B0247C0AEF51}
2012-04-09 16:45 - 2012-04-09 16:44 - 00000000 ____D C:\Users\Alex\AppData\Local\{ABC14366-CBFE-4694-8D0B-E2DCEA843751}
2012-04-09 16:44 - 2012-04-09 16:44 - 00000000 ____D C:\Users\Alex\AppData\Local\{56A6206B-3B84-40AF-8265-6581BA096F90}
2012-04-08 19:56 - 2012-04-08 19:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{965C89AA-DAD1-4AC4-A847-73E2DFEF12C7}
2012-04-08 06:40 - 2009-11-11 19:14 - 00079360 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-04-08 06:39 - 2010-02-14 06:22 - 00048128 ____A C:\Windows\SysWOW64\ff_acm.acm
2012-04-07 20:18 - 2012-04-07 20:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{98926F5D-7BFB-4107-B78D-BFC246802CA4}
2012-04-07 20:18 - 2012-04-07 20:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{85722B86-B434-4D40-BE63-8C6B5873D43C}
2012-04-07 04:31 - 2012-06-18 05:49 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-18 05:49 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 18:18 - 2012-04-06 18:18 - 00000000 ____D C:\Users\Alex\AppData\Local\{5FF7977A-F18D-44B1-A1F9-EB0C13275685}
2012-04-06 03:45 - 2012-04-06 03:45 - 00000000 ____D C:\Users\Alex\AppData\Local\{ABFA2CD0-C289-4268-8255-FB3245F31460}
2012-04-05 19:00 - 2012-04-05 19:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{1694596E-5E1B-42B7-9641-41EBF38FD5FE}
2012-04-04 16:30 - 2009-11-10 22:23 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-04-04 16:19 - 2012-04-04 16:19 - 00000000 ____D C:\Users\Alex\AppData\Local\{B2BD8E38-4F6B-441A-BE6E-D0C5DD9770FB}
2012-04-04 15:11 - 2012-04-04 15:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{7A8D8D06-44A0-401E-88D8-C982AB1009EA}
2012-04-03 21:20 - 2012-04-03 21:19 - 00000000 ____D C:\Users\Alex\AppData\Local\{3CDF872F-07D1-41E1-BAC4-4138FE89047D}
2012-04-03 20:08 - 2010-12-07 15:48 - 00001871 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2012-04-03 09:19 - 2012-04-03 09:19 - 00000000 ____D C:\Users\Alex\AppData\Local\{ECA05B49-7C1F-4C8B-9DE3-B0441B1F97C5}
2012-04-02 20:54 - 2012-04-02 20:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{ED1484CE-F720-4D1C-8488-3F4ECD7B8A78}
2012-04-02 06:37 - 2012-04-02 06:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{4DB2548F-CB48-406B-9D07-97F8B9D6A860}
2012-04-01 18:35 - 2012-04-01 18:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{AC8472B3-CD8B-4783-887C-B539BEE582E8}
2012-03-31 21:59 - 2012-03-31 21:59 - 00000000 ____D C:\Users\Alex\AppData\Local\{C96380B0-1CB9-46F3-BFFF-20A94CEC282F}
2012-03-30 22:14 - 2012-03-30 22:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{C8FA8EAC-34FD-452A-B2EF-52B7E99BC1E5}
2012-03-30 06:29 - 2012-03-30 06:29 - 00000000 ____D C:\Users\Alex\AppData\Local\{10C04D62-65A2-4222-B247-CF183C3CEC6B}
2012-03-30 03:35 - 2012-05-10 15:57 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 18:28 - 2012-03-29 18:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{3EC09B30-5D2A-4585-BEF6-DD7A60AC004C}
2012-03-29 17:20 - 2012-03-29 17:20 - 00000000 ____D C:\Users\Alex\AppData\Local\{E4243462-4A1D-4421-836C-8BEC83575213}
2012-03-29 04:39 - 2012-03-29 04:39 - 00000000 ____D C:\Users\Alex\AppData\Local\{B39641EB-60E0-4428-A12E-160865F174CF}
2012-0
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sat Jun 23, 2012 7:41 am    Post subject: Reply with quote

2012-03-30 03:35 - 2012-05-10 15:57 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 18:28 - 2012-03-29 18:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{3EC09B30-5D2A-4585-BEF6-DD7A60AC004C}
2012-03-29 17:20 - 2012-03-29 17:20 - 00000000 ____D C:\Users\Alex\AppData\Local\{E4243462-4A1D-4421-836C-8BEC83575213}
2012-03-29 04:39 - 2012-03-29 04:39 - 00000000 ____D C:\Users\Alex\AppData\Local\{B39641EB-60E0-4428-A12E-160865F174CF}
2012-03-28 18:39 - 2010-01-25 18:10 - 00000000 ____D C:\Program Files (x86)\EA Games
2012-03-28 16:32 - 2012-03-28 16:32 - 00000000 ____D C:\Users\Alex\AppData\Local\{973009F9-C5BE-4C4E-BC59-18352A362C37}
2012-03-28 00:34 - 2012-03-28 00:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{B4BFFA82-B4E5-4CBF-98A5-016834588F9A}
2012-03-28 00:34 - 2012-03-28 00:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{512D43C7-48B8-4844-92DC-E01477F77A85}
2012-03-27 04:20 - 2012-03-27 04:19 - 00000000 ____D C:\Users\Alex\AppData\Local\{83312078-3940-4F48-939D-6144B4840843}
2012-03-27 04:17 - 2012-03-27 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{CDFBAD04-A9D0-4844-A0AE-3237393EC44E}
2012-03-27 04:17 - 2012-03-27 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{17F4F305-1BD0-4F44-82E0-F8085216A884}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4060.95 MB
Available physical RAM: 3425.07 MB
Total Pagefile: 4059.09 MB
Available Pagefile: 3419.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:187.79 GB) NTFS
3 Drive f: (Cruzer) (Removable) (Total:7.47 GB) (Free:2.02 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.77 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7663 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 39 MB
Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Cruzer FAT32 Removable 7655 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-17 06:28

======================= End Of Log ==========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Sat Jun 23, 2012 9:00 am    Post subject: Reply with quote


  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.

    • Copy/Paste the contents of the code box below into Notepad (do not include the word Code:).


Code:
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
0 9c9d8fd642aafc5; C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys [74184 2012-06-22] ()
C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys
2012-06-23 03:52 - 2012-06-23 03:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{5C7B0BEC-EF29-4716-AED9-FAB7612DBF37}
2012-06-22 21:08 - 2012-06-22 21:08 - 00000000 ____D C:\Users\Alex\AppData\Local\{D72E5C0E-FDBD-4C27-A7A7-384BCA6153B1}
2012-06-22 15:05 - 2012-06-22 15:05 - 00074184 ____A C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys
2012-06-22 14:39 - 2012-06-22 14:39 - 00040960 ____A (SmoothCandle) C:\Users\Alex\0i763f66bz.exe
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{A0D899AF-E8E2-4A62-9CFE-881E46BC306B}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{8FC45670-8F69-4DB8-819B-E3A58EA1FA27}
2012-06-22 07:54 - 2012-06-22 07:54 - 00000000 ____D C:\Users\Alex\AppData\Local\{0C1F844E-E978-4AB0-9036-C05F06F4BD4B}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{BAC873E0-A73A-49A1-A7BC-7FAAFAF0D43C}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{8ADDD94E-A162-4642-8A83-69DB320651D7}
2012-06-21 05:07 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{4A1C36AD-8DF2-4F03-B91E-10F8EC2CA72C}
2012-06-21 05:06 - 2012-06-21 05:07 - 00000000 ____D C:\Users\Alex\AppData\Local\{F56A780C-D164-4E4E-AA3E-05AFB558DB64}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{879B0050-1F2A-4CF8-B89E-C0DCB61CE654}
2012-06-20 04:53 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{53A962BB-EF1D-4468-8288-D651269BD39E}
2012-06-20 04:52 - 2012-06-20 04:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{9BBA2E20-3A2E-43EA-868C-7F77577B3D10}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{E470165A-A874-4E51-9D17-535C3D7ACF8F}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{D6FE123F-ECC7-45F2-937C-46727D8FBE03}
2012-06-19 04:17 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{234F08A9-3CC8-4903-894A-D50D335758FF}
2012-06-19 04:16 - 2012-06-19 04:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D7FCF3-E555-4C24-ADA6-28F05CDC50E0}
2012-06-18 04:58 - 2012-06-18 04:59 - 00000000 ____D C:\Users\Alex\AppData\Local\{8279EFDA-71AE-4EF3-8F84-0BF880AAFEDA}
2012-06-17 04:47 - 2012-06-17 04:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{014F84BE-0735-4B4A-A6E4-A74A0B5E9506}
2012-06-16 05:00 - 2012-06-16 05:00 - 00000000 ____D C:\Users\Alex\AppData\Local\{F8CD2A2D-711F-406F-B065-62EAEFDA79EB}
2012-06-15 06:37 - 2012-06-15 06:37 - 00000000 ____D C:\Users\Alex\AppData\Local\{18669B4F-8D2E-4198-B41E-2DDA312FA7C1}
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{B967434D-DA8D-4A51-9EF7-1CB9BBFFFEC0}
2012-06-14 05:53 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{76653D10-AA56-486A-BE4F-5EE1FCDEBE41}
2012-06-14 05:52 - 2012-06-14 05:53 - 00000000 ____D C:\Users\Alex\AppData\Local\{01E9455C-5E40-49B4-BD91-5621E0815EE6}
2012-06-14 05:52 - 2012-06-14 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{E674902C-60F6-46B5-A6B5-C94064EFD133}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{D0D0C38B-E369-499B-A02A-218FBF16FE4F}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{AF990DD6-9325-4DAA-B12F-C8FCCBBB2784}
2012-06-13 03:55 - 2012-06-13 03:55 - 00000000 ____D C:\Users\Alex\AppData\Local\{81A47D29-8B36-4EDF-BD3E-633045B76AC7}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{F3C59AC1-F8B3-476D-8F92-EA7E8FD73759}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{BC4B4985-3826-49C6-BAA9-F5194207F78B}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{65887C09-2BF0-4B63-BCA5-3DBB5AB72365}
2012-06-12 04:38 - 2012-06-12 04:38 - 00000000 ____D C:\Users\Alex\AppData\Local\{1597D96F-7B3C-436A-A2CB-1274AE8AB207}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{FCBA5B24-603F-4DE8-A75B-00EB24FC528D}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{A10F425F-D531-4C8A-9882-C3E98A855AED}
2012-06-11 02:56 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{68B5A94F-8D12-4370-A416-E874F7A8224E}
2012-06-11 02:55 - 2012-06-11 02:56 - 00000000 ____D C:\Users\Alex\AppData\Local\{725CCF77-7FC3-4348-A9A0-52031E5F2C0A}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{CBD952B8-177B-4858-8BCD-4DCA311CABCE}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{78DB14C3-8EE2-47D2-8CF2-107339DEA9E1}
2012-06-10 09:01 - 2012-06-10 09:01 - 00000000 ____D C:\Users\Alex\AppData\Local\{4F872EF3-6E5F-4469-96EF-696761BF44CC}
2012-06-09 05:27 - 2012-06-09 05:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{3A9209CF-3259-4AD5-BBD5-D8FA4365CC2B}
2012-06-09 05:26 - 2012-06-09 05:27 - 00000000 ____D C:\Users\Alex\AppData\Local\{A09FDD44-53C5-4644-93AD-6C1A47752048}
2012-06-09 05:26 - 2012-06-09 05:26 - 00000000 ____D C:\Users\Alex\AppData\Local\{F2BBA8F8-B096-46E5-85C8-8553F42BFF2E}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{B1650788-327C-4DC2-AEE0-921876B417E6}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Alex\AppData\Local\{5A66BEB0-9C77-458E-8423-B78C7743B31A}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1CA3552-A544-4846-9CDF-AEE7B0E0B4BA}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{2EC96905-1E67-4AF4-91F1-7D8C5B6A3CC8}
2012-06-07 05:10 - 2012-06-07 05:10 - 00000000 ____D C:\Users\Alex\AppData\Local\{02CC7233-EE6E-468E-B6D9-662B1D6A2B2F}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{E2EBB476-7791-4651-B126-0B82DD72D0B9}
2012-06-06 05:13 - 2012-06-06 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{41D52D74-1DEE-4984-B440-99B015A0DAF2}
2012-06-06 05:12 - 2012-06-06 05:12 - 00000000 ____D C:\Users\Alex\AppData\Local\{D82562A7-AEB6-430B-8C24-DA3ED32D2502}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{B65710EE-85D2-40CE-A5D0-8F89AB649B50}
2012-06-05 02:11 - 2012-06-05 02:11 - 00000000 ____D C:\Users\Alex\AppData\Local\{496C7355-A162-4873-8236-3DC3DB2B94F2}
2012-06-04 08:50 - 2012-06-04 08:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{1C6060EB-FFE6-436E-B2D8-9A3015362E00}
2012-06-04 08:50 - 2012-06-04 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{FBAB26A3-3BE9-403B-A4EA-12C1DE9D7283}
2012-06-03 20:50 - 2012-06-03 20:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{7292FDDC-EDA8-4C32-8715-4DBF45E117C6}
2012-06-03 20:49 - 2012-06-03 20:50 - 00000000 ____D C:\Users\Alex\AppData\Local\{A381AE31-5EB8-4C87-BEA0-046010642BE7}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{7A406126-A1A1-4EAC-8005-F2CD57B054D2}
2012-06-03 08:48 - 2012-06-03 08:48 - 00000000 ____D C:\Users\Alex\AppData\Local\{32326D73-4EE9-46F3-83D0-DFCD481A85A6}
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{78595C38-8EFB-4A5E-BF26-01A99BEBE471}
2012-06-02 20:47 - 2012-06-02 20:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{3C19231A-AC3C-4E92-BA2B-86ABDD617BD0}
2012-06-02 08:24 - 2012-06-02 08:24 - 00000000 ____D C:\Users\Alex\AppData\Local\{C11090F0-1641-43D7-B04E-3FCE84BDB91F}
2012-06-02 08:23 - 2012-06-02 08:23 - 00000000 ____D C:\Users\Alex\AppData\Local\{C1525805-2681-45DC-A4D0-7760BEED3C58}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{DD94BFFC-2C0F-483C-9055-589BA42237C9}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{590494EB-628B-4340-9985-692775DC01D4}
2012-06-01 19:36 - 2012-06-01 19:36 - 00000000 ____D C:\Users\Alex\AppData\Local\{193952F9-40C9-4DA2-9274-E1A7C835BFBB}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{A52115E7-BFFE-4DB8-807C-2AD045996DD1}
2012-06-01 06:28 - 2012-06-01 06:28 - 00000000 ____D C:\Users\Alex\AppData\Local\{6659AB91-ECE9-43D8-BDDA-5B255AF6B894}
2012-05-31 05:47 - 2012-05-31 05:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{6F7E366B-A4E1-44AB-85B3-397D905FAE66}
2012-05-31 05:46 - 2012-05-31 05:47 - 00000000 ____D C:\Users\Alex\AppData\Local\{56710635-3BFC-4097-8D91-D4E1BBC243EF}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{CD946FEA-76AE-402A-9A6D-29C143153024}
2012-05-31 05:46 - 2012-05-31 05:46 - 00000000 ____D C:\Users\Alex\AppData\Local\{322C5402-6090-487F-ADFC-56912652803C}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{E1B4ACC4-F2C1-4D99-845C-246727C5D9B0}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{B7FACDA6-02F2-4BA9-81C1-DA4A5D325293}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{89AB4740-9230-4303-A756-1EE95E9DBD91}
2012-05-30 04:51 - 2012-05-30 04:51 - 00000000 ____D C:\Users\Alex\AppData\Local\{7E545F62-417B-480E-86C5-BC3CC011905E}
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{EAB9AAA2-8638-437A-B529-BB31A5332C62}
2012-05-29 03:41 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{6AB87F77-0389-4AED-ADE7-E83E364CB573}
2012-05-29 03:40 - 2012-05-29 03:41 - 00000000 ____D C:\Users\Alex\AppData\Local\{42A1D47C-6A03-4F73-B2DF-162B784407E9}
2012-05-29 03:40 - 2012-05-29 03:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{4C55A09B-58EF-4348-99B8-A118D2A782EB}
2012-05-28 06:15 - 2012-05-28 06:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{03923BB2-3A58-4D2A-969A-20855668C7E3}
2012-05-28 06:14 - 2012-05-28 06:15 - 00000000 ____D C:\Users\Alex\AppData\Local\{468BB4E2-1D65-42CF-AEAE-610BB806CDF9}
2012-05-28 06:14 - 2012-05-28 06:14 - 00000000 ____D C:\Users\Alex\AppData\Local\{6DA35DBF-8D55-4688-A5D6-8CD1F640795E}
2012-05-27 05:52 - 2012-05-27 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{FC4EA4B7-0775-49BC-9775-D79C36B5BA37}
2012-05-27 05:51 - 2012-05-27 05:52 - 00000000 ____D C:\Users\Alex\AppData\Local\{957E6393-659B-478E-A842-0B787CF34FE3}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{B76F3E75-D914-410F-96F7-0477D37002F6}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{A01A1FBF-22A4-4B95-A505-6B9043EEA852}
2012-05-26 05:13 - 2012-05-26 05:13 - 00000000 ____D C:\Users\Alex\AppData\Local\{233281BD-110C-45AB-ABED-511F29E97768}
2012-05-25 00:39 - 2012-05-25 00:40 - 00000000 ____D C:\Users\Alex\AppData\Local\{FD290077-BD24-43F1-9883-15A3C1756570}
2012-05-25 00:39 - 2012-05-25 00:39 - 00000000 ____D C:\Users\Alex\AppData\Local\{054FB6F2-6DA8-41DF-91C4-B491335572F1}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{6B1755B0-E026-4CF7-84D8-447C8BB2F710}
2012-05-24 05:34 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{05586DF3-1EEB-4DE5-B5D1-C06BE2717926}
2012-05-24 05:33 - 2012-05-24 05:34 - 00000000 ____D C:\Users\Alex\AppData\Local\{5ACD6926-0B24-4A42-9CB6-F2AB43FDF5EE}



    • Save it to your USB flashdrive as fixlist.txt



NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Boot into Recovery Environment


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your USB flashdrive.

  • Exit out of Recovery Environment and post me the log please.


Next

Reboot into Normal Mode, and delete your existing copy of Combofix.exe .... Do not try to uninstall Combofix

Next

Download a new copy of Combofix from ....

Link 1
Link 2

Next

Run Combofix

  • First

    • Important! Temporarily disable your anti-virus, and anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its files which may cause unpredictable results.
    • Click here to see a list of programs that should be disabled (ignore the firewalls). The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

  • Double click combofix.exe & follow the prompts.
  • Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.
  • When finished, it will

    • Produce a log for you. (it can also be found at C:\Combofix.txt)
    • Restore your Internet connection.

  • Post the log in your next reply please.

IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.

Summary of the logs I need from you in your next post:

  • Fixlog.txt
  • Combofix.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sat Jun 23, 2012 10:39 am    Post subject: Reply with quote

Okay, here we go.

I noticed after running FRST and booting back into Windows, on the lower right of the desktop it says "Test Mode WIndows 7 Build 7601".

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 23-06-2012
Ran by SYSTEM at 2012-06-24 04:12:33 Run:1
Running from F:\

==============================================

SessionLauncher service deleted successfully.
9c9d8fd642aafc5 service deleted successfully.
C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys moved successfully.
C:\Users\Alex\AppData\Local\{5C7B0BEC-EF29-4716-AED9-FAB7612DBF37} moved successfully.
C:\Users\Alex\AppData\Local\{D72E5C0E-FDBD-4C27-A7A7-384BCA6153B1} moved successfully.
C:\Windows\System32\Drivers\9c9d8fd642aafc5.sys not found.
C:\Users\Alex\0i763f66bz.exe moved successfully.
C:\Users\Alex\AppData\Local\{A0D899AF-E8E2-4A62-9CFE-881E46BC306B} moved successfully.
C:\Users\Alex\AppData\Local\{8FC45670-8F69-4DB8-819B-E3A58EA1FA27} moved successfully.
C:\Users\Alex\AppData\Local\{0C1F844E-E978-4AB0-9036-C05F06F4BD4B} moved successfully.
C:\Users\Alex\AppData\Local\{BAC873E0-A73A-49A1-A7BC-7FAAFAF0D43C} moved successfully.
C:\Users\Alex\AppData\Local\{8ADDD94E-A162-4642-8A83-69DB320651D7} moved successfully.
C:\Users\Alex\AppData\Local\{4A1C36AD-8DF2-4F03-B91E-10F8EC2CA72C} moved successfully.
C:\Users\Alex\AppData\Local\{F56A780C-D164-4E4E-AA3E-05AFB558DB64} moved successfully.
C:\Users\Alex\AppData\Local\{879B0050-1F2A-4CF8-B89E-C0DCB61CE654} moved successfully.
C:\Users\Alex\AppData\Local\{53A962BB-EF1D-4468-8288-D651269BD39E} moved successfully.
C:\Users\Alex\AppData\Local\{9BBA2E20-3A2E-43EA-868C-7F77577B3D10} moved successfully.
C:\Users\Alex\AppData\Local\{E470165A-A874-4E51-9D17-535C3D7ACF8F} moved successfully.
C:\Users\Alex\AppData\Local\{D6FE123F-ECC7-45F2-937C-46727D8FBE03} moved successfully.
C:\Users\Alex\AppData\Local\{234F08A9-3CC8-4903-894A-D50D335758FF} moved successfully.
C:\Users\Alex\AppData\Local\{41D7FCF3-E555-4C24-ADA6-28F05CDC50E0} moved successfully.
C:\Users\Alex\AppData\Local\{8279EFDA-71AE-4EF3-8F84-0BF880AAFEDA} moved successfully.
C:\Users\Alex\AppData\Local\{014F84BE-0735-4B4A-A6E4-A74A0B5E9506} moved successfully.
C:\Users\Alex\AppData\Local\{F8CD2A2D-711F-406F-B065-62EAEFDA79EB} moved successfully.
C:\Users\Alex\AppData\Local\{18669B4F-8D2E-4198-B41E-2DDA312FA7C1} moved successfully.
C:\Users\Alex\AppData\Local\{B967434D-DA8D-4A51-9EF7-1CB9BBFFFEC0} moved successfully.
C:\Users\Alex\AppData\Local\{76653D10-AA56-486A-BE4F-5EE1FCDEBE41} moved successfully.
C:\Users\Alex\AppData\Local\{01E9455C-5E40-49B4-BD91-5621E0815EE6} moved successfully.
C:\Users\Alex\AppData\Local\{E674902C-60F6-46B5-A6B5-C94064EFD133} moved successfully.
C:\Users\Alex\AppData\Local\{D0D0C38B-E369-499B-A02A-218FBF16FE4F} moved successfully.
C:\Users\Alex\AppData\Local\{AF990DD6-9325-4DAA-B12F-C8FCCBBB2784} moved successfully.
C:\Users\Alex\AppData\Local\{81A47D29-8B36-4EDF-BD3E-633045B76AC7} moved successfully.
C:\Users\Alex\AppData\Local\{F3C59AC1-F8B3-476D-8F92-EA7E8FD73759} moved successfully.
C:\Users\Alex\AppData\Local\{BC4B4985-3826-49C6-BAA9-F5194207F78B} moved successfully.
C:\Users\Alex\AppData\Local\{65887C09-2BF0-4B63-BCA5-3DBB5AB72365} moved successfully.
C:\Users\Alex\AppData\Local\{1597D96F-7B3C-436A-A2CB-1274AE8AB207} moved successfully.
C:\Users\Alex\AppData\Local\{FCBA5B24-603F-4DE8-A75B-00EB24FC528D} moved successfully.
C:\Users\Alex\AppData\Local\{A10F425F-D531-4C8A-9882-C3E98A855AED} moved successfully.
C:\Users\Alex\AppData\Local\{68B5A94F-8D12-4370-A416-E874F7A8224E} moved successfully.
C:\Users\Alex\AppData\Local\{725CCF77-7FC3-4348-A9A0-52031E5F2C0A} moved successfully.
C:\Users\Alex\AppData\Local\{CBD952B8-177B-4858-8BCD-4DCA311CABCE} moved successfully.
C:\Users\Alex\AppData\Local\{78DB14C3-8EE2-47D2-8CF2-107339DEA9E1} moved successfully.
C:\Users\Alex\AppData\Local\{4F872EF3-6E5F-4469-96EF-696761BF44CC} moved successfully.
C:\Users\Alex\AppData\Local\{3A9209CF-3259-4AD5-BBD5-D8FA4365CC2B} moved successfully.
C:\Users\Alex\AppData\Local\{A09FDD44-53C5-4644-93AD-6C1A47752048} moved successfully.
C:\Users\Alex\AppData\Local\{F2BBA8F8-B096-46E5-85C8-8553F42BFF2E} moved successfully.
C:\Users\Alex\AppData\Local\{B1650788-327C-4DC2-AEE0-921876B417E6} moved successfully.
C:\Users\Alex\AppData\Local\{5A66BEB0-9C77-458E-8423-B78C7743B31A} moved successfully.
C:\Users\Alex\AppData\Local\{E1CA3552-A544-4846-9CDF-AEE7B0E0B4BA} moved successfully.
C:\Users\Alex\AppData\Local\{2EC96905-1E67-4AF4-91F1-7D8C5B6A3CC8} moved successfully.
C:\Users\Alex\AppData\Local\{02CC7233-EE6E-468E-B6D9-662B1D6A2B2F} moved successfully.
C:\Users\Alex\AppData\Local\{E2EBB476-7791-4651-B126-0B82DD72D0B9} moved successfully.
C:\Users\Alex\AppData\Local\{41D52D74-1DEE-4984-B440-99B015A0DAF2} moved successfully.
C:\Users\Alex\AppData\Local\{D82562A7-AEB6-430B-8C24-DA3ED32D2502} moved successfully.
C:\Users\Alex\AppData\Local\{B65710EE-85D2-40CE-A5D0-8F89AB649B50} moved successfully.
C:\Users\Alex\AppData\Local\{496C7355-A162-4873-8236-3DC3DB2B94F2} moved successfully.
C:\Users\Alex\AppData\Local\{1C6060EB-FFE6-436E-B2D8-9A3015362E00} moved successfully.
C:\Users\Alex\AppData\Local\{FBAB26A3-3BE9-403B-A4EA-12C1DE9D7283} moved successfully.
C:\Users\Alex\AppData\Local\{7292FDDC-EDA8-4C32-8715-4DBF45E117C6} moved successfully.
C:\Users\Alex\AppData\Local\{A381AE31-5EB8-4C87-BEA0-046010642BE7} moved successfully.
C:\Users\Alex\AppData\Local\{7A406126-A1A1-4EAC-8005-F2CD57B054D2} moved successfully.
C:\Users\Alex\AppData\Local\{32326D73-4EE9-46F3-83D0-DFCD481A85A6} moved successfully.
C:\Users\Alex\AppData\Local\{78595C38-8EFB-4A5E-BF26-01A99BEBE471} moved successfully.
C:\Users\Alex\AppData\Local\{3C19231A-AC3C-4E92-BA2B-86ABDD617BD0} moved successfully.
C:\Users\Alex\AppData\Local\{C11090F0-1641-43D7-B04E-3FCE84BDB91F} moved successfully.
C:\Users\Alex\AppData\Local\{C1525805-2681-45DC-A4D0-7760BEED3C58} moved successfully.
C:\Users\Alex\AppData\Local\{DD94BFFC-2C0F-483C-9055-589BA42237C9} moved successfully.
C:\Users\Alex\AppData\Local\{590494EB-628B-4340-9985-692775DC01D4} moved successfully.
C:\Users\Alex\AppData\Local\{193952F9-40C9-4DA2-9274-E1A7C835BFBB} moved successfully.
C:\Users\Alex\AppData\Local\{A52115E7-BFFE-4DB8-807C-2AD045996DD1} moved successfully.
C:\Users\Alex\AppData\Local\{6659AB91-ECE9-43D8-BDDA-5B255AF6B894} moved successfully.
C:\Users\Alex\AppData\Local\{6F7E366B-A4E1-44AB-85B3-397D905FAE66} moved successfully.
C:\Users\Alex\AppData\Local\{56710635-3BFC-4097-8D91-D4E1BBC243EF} moved successfully.
C:\Users\Alex\AppData\Local\{CD946FEA-76AE-402A-9A6D-29C143153024} moved successfully.
C:\Users\Alex\AppData\Local\{322C5402-6090-487F-ADFC-56912652803C} moved successfully.
C:\Users\Alex\AppData\Local\{E1B4ACC4-F2C1-4D99-845C-246727C5D9B0} moved successfully.
C:\Users\Alex\AppData\Local\{B7FACDA6-02F2-4BA9-81C1-DA4A5D325293} moved successfully.
C:\Users\Alex\AppData\Local\{89AB4740-9230-4303-A756-1EE95E9DBD91} moved successfully.
C:\Users\Alex\AppData\Local\{7E545F62-417B-480E-86C5-BC3CC011905E} moved successfully.
C:\Users\Alex\AppData\Local\{EAB9AAA2-8638-437A-B529-BB31A5332C62} moved successfully.
C:\Users\Alex\AppData\Local\{6AB87F77-0389-4AED-ADE7-E83E364CB573} moved successfully.
C:\Users\Alex\AppData\Local\{42A1D47C-6A03-4F73-B2DF-162B784407E9} moved successfully.
C:\Users\Alex\AppData\Local\{4C55A09B-58EF-4348-99B8-A118D2A782EB} moved successfully.
C:\Users\Alex\AppData\Local\{03923BB2-3A58-4D2A-969A-20855668C7E3} moved successfully.
C:\Users\Alex\AppData\Local\{468BB4E2-1D65-42CF-AEAE-610BB806CDF9} moved successfully.
C:\Users\Alex\AppData\Local\{6DA35DBF-8D55-4688-A5D6-8CD1F640795E} moved successfully.
C:\Users\Alex\AppData\Local\{FC4EA4B7-0775-49BC-9775-D79C36B5BA37} moved successfully.
C:\Users\Alex\AppData\Local\{957E6393-659B-478E-A842-0B787CF34FE3} moved successfully.
C:\Users\Alex\AppData\Local\{B76F3E75-D914-410F-96F7-0477D37002F6} moved successfully.
C:\Users\Alex\AppData\Local\{A01A1FBF-22A4-4B95-A505-6B9043EEA852} moved successfully.
C:\Users\Alex\AppData\Local\{233281BD-110C-45AB-ABED-511F29E97768} moved successfully.
C:\Users\Alex\AppData\Local\{FD290077-BD24-43F1-9883-15A3C1756570} moved successfully.
C:\Users\Alex\AppData\Local\{054FB6F2-6DA8-41DF-91C4-B491335572F1} moved successfully.
C:\Users\Alex\AppData\Local\{6B1755B0-E026-4CF7-84D8-447C8BB2F710} moved successfully.
C:\Users\Alex\AppData\Local\{05586DF3-1EEB-4DE5-B5D1-C06BE2717926} moved successfully.
C:\Users\Alex\AppData\Local\{5ACD6926-0B24-4A42-9CB6-F2AB43FDF5EE} moved successfully.

==== End of Fixlog ====
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sat Jun 23, 2012 10:40 am    Post subject: Reply with quote

ComboFix 12-06-23.05 - Alex 24/06/2012 4:21.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4061.2862 [GMT 10:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\0i763f66bz.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-24 05:56 . 2012-06-24 05:58 -------- d-----w- C:\FRST
2012-06-23 18:30 . 2012-06-23 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 22:43 . 2012-06-22 22:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 15:40 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C9E42F9-8BD2-48C6-A492-AE7F3B21A2A4}\mpengine.dll
2012-06-21 13:17 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-18 13:48 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-18 13:48 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-18 13:48 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-18 13:48 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-18 13:48 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-18 13:48 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-18 13:48 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-18 13:48 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-18 13:48 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 16:32 . 2012-06-14 16:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 16:32 . 2012-06-14 16:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 14:03 . 2012-02-15 01:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE5A39D0-E803-434B-9394-C64E3B29A576}\gapaengine.dll
2012-06-11 13:03 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-11 13:03 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 16:08 . 2012-06-09 16:08 -------- d-----w- c:\users\Alex\AppData\Local\Macromedia
2012-05-29 11:59 . 2012-05-26 02:36 178176 ----a-w- c:\windows\SysWow64\unrar.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 00:41 . 2012-05-11 00:41 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-11 00:41 . 2011-02-19 11:15 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-11 00:40 . 2012-05-11 00:40 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-11 00:40 . 2010-04-19 14:32 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-08 14:40 . 2009-11-12 03:14 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-04-08 14:39 . 2010-02-14 14:22 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-30 11:35 . 2012-05-10 23:57 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_00.57.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-23 00:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-23 18:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-23 00:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 18:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-23 00:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 18:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-02 07:08 . 2012-06-23 18:15 48560 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-23 18:15 44956 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 03:52 . 2012-06-23 18:15 13534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3004922134-2840439543-2313920064-1000_UserData.bin
+ 2009-11-12 05:53 . 2012-06-23 04:51 3610 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-23 18:14 . 2012-06-23 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-23 00:56 . 2012-06-23 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-23 00:56 . 2012-06-23 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-23 18:14 . 2012-06-23 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-14 16:48 . 2012-06-23 17:57 275600 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-22 23:40 667120 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 18:18 667120 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 18:18 126724 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-22 23:40 126724 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-23 18:09 403328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-23 00:56 403328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-12-09 01:41 . 2012-06-23 00:56 5357352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-12-09 01:41 . 2012-06-23 18:09 5357352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-11-11 08:07 . 2012-06-23 18:09 63642620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3004922134-2840439543-2313920064-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-19 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-16 343168]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-7-1 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.internode.on.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\3wyrammo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.internode.on.net/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-0i763f66bz - c:\users\Alex\0i763f66bz.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3004922134-2840439543-2313920064-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0a,a1,50,19,8b,2c,84,62,38,76,c1,c2,06,9f,9f,50,d8,6b,54,8f,44,45,48,
57,d0,1e,5f,46,07,57,41,e5,3f,69,86,4c,4b,5b,55,14,50,48,b7,31,01,ff,fc,f4,\
"??"=hex:98,47,1a,f1,a9,39,12,d8,c5,b4,78,66,17,05,ef,05
.
[HKEY_USERS\S-1-5-21-3004922134-2840439543-2313920064-1000\Software\SecuROM\License information*]
"datasecu"=hex:b3,2a,bd,8e,ea,d6,cd,46,fa,ab,2d,9d,4f,7b,ed,ae,2d,e3,3a,23,40,
06,ff,70,a1,79,bd,45,e0,f5,5e,59,aa,3a,f5,cf,bc,1a,f0,2c,64,2b,81,0d,12,be,\
"rkeysecu"=hex:83,c6,05,63,65,bf,81,f5,de,05,dc,a8,bd,c0,e4,1e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\05\1e\15\19\08?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-24 04:32:16
ComboFix-quarantined-files.txt 2012-06-23 18:32
ComboFix2.txt 2012-06-23 01:03
.
Pre-Run: 201,484,685,312 bytes free
Post-Run: 201,186,906,112 bytes free
.
- - End Of File - - 71729D71869FE4B4F298E84EF144C507
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Sat Jun 23, 2012 11:38 am    Post subject: Reply with quote

Looks good so far, HOW IS YOUR COMPUTER BEHAVING NOW ?

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


You'll need to post each separately.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sat Jun 23, 2012 5:38 pm    Post subject: Reply with quote

It's much better, that odd exe file is gone. I can go on Windows Update, MSE is still disabled, but I haven't tried reenabling it. Task Manager works.

The Test Mode watermark is still there, and the Action Center system tray icon is missing, but Action Center itself still works.

-EDIT- Event Viewer no longer showing a lot of errors. Safe mode now works (before it will simply restart). About Action Center, I tried restoring the default behaviour, a pop up said the icon is not currently active, and it will pop up when it is, I'm guessing some of the tools wiped the reports and teh icon isn't there because there is nothing to report? And Windows Update mentioned I have to install another update before checking for updates, I wanted to et the OK before I do anything else.

OTL logfile created on: 24/06/2012 11:09:26 - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Alex\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.97 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.06% Memory free
7.93 Gb Paging File | 6.35 Gb Available in Paging File | 80.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 187.44 Gb Free Space | 41.55% Space Free | Partition Type: NTFS

Computer Name: 6CK2XK1-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/24 11:05:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\Downloads\OTL.exe
PRC - [2012/06/15 08:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/16 18:29:59 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/05/22 00:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/22 00:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/19 06:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 08:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/11 10:31:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 10:30:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 10:30:51 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/10/17 12:02:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/02 10:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/19 06:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/06/15 08:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/16 18:29:59 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/28 07:13:50 | 000,226,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2009/11/02 16:53:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 00:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/10 14:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/17 12:58:54 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/17 11:23:36 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/07 08:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/22 07:27:46 | 000,028,264 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ITECIRfilter.sys -- (ITECIRfilter)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 05:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/01/16 02:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/17 08:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/05/11 02:06:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/07 17:57:57 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/03 00:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/03 00:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/03 00:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/03 00:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/26 14:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/25 19:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 18:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 18:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/23 11:51:06 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/16 05:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 07:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/14 10:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/09/25 12:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV - [2010/01/26 15:08:06 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {59397C55-624F-475C-8707-9120937DC6F1}
IE:64bit: - HKLM\..\SearchScopes\{59397C55-624F-475C-8707-9120937DC6F1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {922B3B16-1011-4E37-83B2-3CB4F071525E}
IE - HKLM\..\SearchScopes\{922B3B16-1011-4E37-83B2-3CB4F071525E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3004922134-2840439543-2313920064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.internode.on.net/
IE - HKU\S-1-5-21-3004922134-2840439543-2313920064-1000\..\SearchScopes,DefaultScope = {922B3B16-1011-4E37-83B2-3CB4F071525E}
IE - HKU\S-1-5-21-3004922134-2840439543-2313920064-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.internode.on.net/"
FF - prefs.js..extensions.enabledItems: cards@clav.mozdev.org:0.98
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {3669edc0-b1ad-11d8-92e7-00d09e0179f2}:1.8.1
FF - prefs.js..extensions.enabledItems: {e1c8879e-9db4-4adf-92d2-d4856bd434ef}:1.1.9.2
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 00:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/11 10:40:30 | 000,000,000 | ---D | M]

[2009/11/22 12:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2009/11/22 12:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/06/11 23:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\3wyrammo.default\extensions
[2010/02/02 14:12:22 | 000,002,164 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\3wyrammo.default\searchplugins\bing.xml
[2011/12/19 12:17:15 | 000,002,281 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\3wyrammo.default\searchplugins\elder-scrolls-en.xml
[2011/12/19 12:16:21 | 000,001,218 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\3wyrammo.default\searchplugins\uespwiki-en.xml
[2012/06/17 00:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/27 13:18:46 | 000,264,191 | ---- | M] () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3WYRAMMO.DEFAULT\EXTENSIONS\{54BB9F3F-07E5-486C-9B39-C7398B99391C}.XPI
[2012/04/27 19:00:57 | 000,081,104 | ---- | M] () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3WYRAMMO.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
[2012/04/27 19:00:57 | 000,527,036 | ---- | M] () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3WYRAMMO.DEFAULT\EXTENSIONS\{7F57CF46-4467-4C2D-ADFA-0CBA7C507E54}.XPI
[2011/03/23 20:38:40 | 000,089,724 | ---- | M] () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3WYRAMMO.DEFAULT\EXTENSIONS\{A4732521-77D9-447E-A557-B279AC923F06}.XPI
[2012/06/11 23:02:17 | 000,732,573 | ---- | M] () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3WYRAMMO.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/02/02 11:43:17 | 000,324,526 | ---- | M] () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3WYRAMMO.DEFAULT\EXTENSIONS\{F759CA51-3A91-4DD1-AE78-9DB5EEE9EBF0}.XPI
[2011/12/23 10:05:02 | 000,470,642 | ---- | M] () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3WYRAMMO.DEFAULT\EXTENSIONS\CARDS@CLAV.MOZDEV.ORG.XPI
[2012/06/15 08:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/26 02:55:54 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/15 08:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/24 04:30:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3004922134-2840439543-2313920064-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3004922134-2840439543-2313920064-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3004922134-2840439543-2313920064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3004922134-2840439543-2313920064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDFEA9F-4669-4EE7-B2AA-EE3183ECE2BA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDFEA9F-4669-4EE7-B2AA-EE3183ECE2BA}: Domain = nsw.bigpond.net.au
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 15:56:21 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/24 11:04:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{05DC003E-7E1B-4E44-8166-CC5DFBC53AC5}
[2012/06/24 11:04:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{65A35C35-7015-4884-A363-A2FA51EC406C}
[2012/06/24 10:58:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/24 10:52:11 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/06/24 04:32:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/23 22:02:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7A05F8F9-0E25-46E2-992D-4C73AE742A4A}
[2012/06/23 22:01:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7E9A35CC-4B09-445D-AFBC-B705AAD57FBC}
[2012/06/23 10:41:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/23 10:41:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/23 10:41:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/23 10:33:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/23 10:33:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/23 09:17:31 | 012,621,696 | ---- | C] (Microsoft Corporation) -- C:\Users\Alex\Desktop\mseinstall.exe
[2012/06/23 08:43:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/18 23:49:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/18 23:49:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/18 23:49:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/18 23:49:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/18 23:49:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/18 23:49:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/18 23:49:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/18 23:49:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/18 23:49:48 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/18 23:49:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/18 23:49:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/18 23:49:47 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/18 23:49:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/18 23:49:15 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/18 23:49:14 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/18 23:49:14 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/18 23:49:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/18 23:49:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/18 23:49:07 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/18 23:49:07 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/18 23:49:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/18 23:49:04 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/18 23:48:58 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/06/18 23:48:53 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/18 23:48:52 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/15 02:41:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/15 02:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/15 02:32:27 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/15 02:32:26 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/10 02:08:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Macromedia
[2012/06/03 16:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/24 11:05:23 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 11:05:23 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 11:02:26 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/24 11:02:26 | 000,667,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/24 11:02:26 | 000,126,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/24 10:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/24 10:57:52 | 3193,655,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/24 10:57:19 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/06/24 04:30:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/23 09:22:56 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/19 00:06:36 | 000,426,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/17 00:16:41 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/15 02:41:00 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2012/06/15 02:32:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/15 02:32:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/07 23:42:03 | 000,001,775 | ---- | M] () -- C:\Users\Alex\Desktop\Play Max Payne 3.lnk
[2012/05/29 21:59:57 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\MPC-HC.lnk
[2012/05/29 21:59:34 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012/05/26 12:36:44 | 000,178,176 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll
[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/24 10:57:19 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/06/23 10:41:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/23 10:41:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/23 10:41:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/23 10:41:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/23 10:41:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/15 02:41:00 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2012/06/03 16:36:06 | 000,001,775 | ---- | C] () -- C:\Users\Alex\Desktop\Play Max Payne 3.lnk
[2012/05/29 21:59:57 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/29 21:59:57 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\MPC-HC.lnk
[2012/01/08 19:24:53 | 000,000,838 | ---- | C] () -- C:\Users\Alex\.recently-used.xbel
[2011/10/06 21:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/24 16:38:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/30 22:20:33 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/18 03:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/16 18:30:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/16 18:29:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/19 08:18:58 | 000,768,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/11 20:41:39 | 000,007,621 | ---- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2009/11/11 15:08:18 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/07/21 01:07:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Activision
[2010/12/23 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Atari
[2009/11/11 16:00:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BigPond
[2010/01/25 22:03:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock
[2010/10/17 22:42:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock2
[2010/09/10 22:38:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Braid
[2011/10/09 19:38:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\bsnes
[2012/01/14 06:48:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\calibre
[2011/11/16 18:31:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\CDisplayEx
[2011/06/23 11:28:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Day 1 Studios
[2011/05/15 23:05:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DisneyInteractiveStudios
[2012/01/17 07:52:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Doublefine
[2012/04/21 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ebqir
[2011/09/18 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\EndNote
[2012/06/23 08:51:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\foobar2000
[2012/03/01 12:45:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Free Download Manager
[2010/01/09 11:34:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Games
[2011/04/16 01:14:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gtk-2.0
[2010/05/30 12:21:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\HD Tune Pro
[2011/09/03 19:05:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Hothead Games
[2009/09/15 01:12:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ImgBurn
[2010/02/10 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Internode
[2010/11/11 21:26:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2011/03/16 18:29:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PunkBuster
[2010/03/10 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\runic games
[2009/11/29 15:43:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SPORE
[2009/11/11 15:08:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Template
[2011/12/30 18:37:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TeraCopy
[2011/03/15 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Windows Live Writer
[2011/12/19 23:55:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\XnView
[2011/05/24 15:53:01 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 576 bytes -> C:\Users\Alex\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63

< End of report >


Last edited by Heiji1412-2 on Sat Jun 23, 2012 6:53 pm; edited 1 time in total
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sat Jun 23, 2012 5:40 pm    Post subject: Reply with quote

OTL Extras logfile created on: 24/06/2012 11:09:26 - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Alex\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.97 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.06% Memory free
7.93 Gb Paging File | 6.35 Gb Available in Paging File | 80.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 187.44 Gb Free Space | 41.55% Space Free | Partition Type: NTFS

Computer Name: 6CK2XK1-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3004922134-2840439543-2313920064-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{F57DAD50-F9BB-4ED0-93F7-88211F30D3DC}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{6794A7B6-3AC3-4D20-8B51-1A9020F70880}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{225FA1E8-372F-BBFF-F488-E79D78A5180E}" = AMD AVIVO64 Codecs
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2D2820A1-F214-4B7A-912E-A87E5608CF10}" = Motorola Mobile Drivers Installation 5.0.0
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68C45B08-CDDB-86CD-D7A8-47E56C877DAA}" = AMD Media Foundation Decoders
"{7A61142C-CA19-4F3C-BA66-FF8F131501FA}" = Paint.NET v3.5.9
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2EBBA0F-00CF-650F-CCBA-31F4FA27118C}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1" = iNFekt NFO Viewer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF7DB7D0-48CC-4A52-E111-E44F9A30FC78}" = AMD Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DDB6F0B2-7EF7-8FD3-0B37-9C42DC9E1C74}" = AMD Drag and Drop Transcoding
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DiskMark_is1" = DiskMark 1.0.0.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"QuickSFV" = QuickSFV (Remove only)
"Speccy" = Speccy
"SynTPDeinstKey" = Dell Touchpad
"TeraCopy_is1" = TeraCopy 2.27
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C7813F-D825-D2EB-714C-500C4BE0D70F}" = CCC Help Hungarian
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04151319-BC8B-F54D-8F23-51073371A166}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0507A8FD-AA20-7691-C2AA-CDE6B5182675}" = Application Profiles
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0D6A2DE3-E91D-AA43-EF9E-FEACBFE32ACB}" = Catalyst Control Center InstallProxy
"{0FDD4581-7A19-6A3B-F8E5-4E1A6B58E658}" = CCC Help Dutch
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3350DC29-1120-70C8-1BF6-787EE5D6F553}" = CCC Help Spanish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{45C65FAC-7FF8-8627-72E6-5EB77EA2F45E}" = CCC Help Czech
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4745DA66-EBB8-54AF-436B-277E00C82EE1}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3FCCE1-BD3D-0FB0-E919-223689B9F176}" = CCC Help Finnish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{543D532B-F576-5451-FFED-49C4EDAFA57F}" = CCC Help Danish
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.0.0
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5D4EB859-1DC5-1E65-DDB0-B42C264C4AA5}" = CCC Help Korean
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{6D61E1F6-BDE9-779E-C18E-E8177A939B88}" = CCC Help German
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{819A32A9-3F01-F7F7-8574-FA686BC28A9D}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EAA5D0-3445-4945-993A-98F128C9299E}" = BigPond Broadband ADSL FAQ
"{871DC4F4-96EC-F76E-728D-1563E0C9F33F}" = Catalyst Control Center Graphics Previews Common
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}" = HydraVision
"{8C98BA43-E029-96B0-CAFD-3CEBF1D81A6C}" = Catalyst Control Center Localization All
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{8EF857B8-82CC-BFA1-2235-253174187525}" = CCC Help Swedish
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93DF9F1F-17EB-82C0-F82B-9ABC230D6DE5}" = Application Profiles
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{B9E01BAF-6238-1F06-D050-E6393C40CF29}" = CCC Help Thai
"{BCE13CC7-A041-56EE-FC1D-9F197C8DDC44}" = CCC Help Japanese
"{BF394699-F221-3A7E-5390-0305A3A2C06B}" = CCC Help French
"{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}" = nullDC 1.0.0 Public Beta 1 Setup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2095DFD-9022-4995-9A7A-CC9212837D29}" = calibre
"{D391F126-6136-0719-4DBD-E4661F9FDD72}" = CCC Help Greek
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7C7E05-A56A-61F3-134C-7584DBA2D5C9}" = CCC Help Chinese Standard
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{E98DB882-64AF-F0C4-9918-5086935D8B71}" = CCC Help Norwegian
"{ED8BE9BB-A0F0-E0E8-D26B-BC000900D057}" = CCC Help Portuguese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F108F0AF-105F-F30B-4EDC-DD3FC4828242}" = CCC Help English
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F479BCB2-29E4-B89A-BDEB-CF87FEFDECB4}" = CCC Help Chinese Traditional
"{F6425999-A129-2D76-69FE-E9039D0935EF}" = Catalyst Pro Control Center
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FB6130C7-8E9A-A2FF-BE2A-32AB252364AB}" = CCC Help Turkish
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ACDSee Classic" = ACDSee Classic
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Alan Wake American Nightmare_is1" = Alan Wake American Nightmare
"Audacity_is1" = Audacity 1.2.6
"Dell Webcam Central" = Dell Webcam Central
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"foobar2000" = foobar2000 v1.1.12a
"Free Download Manager_is1" = Free Download Manager 3.8
"GoToAssist" = GoToAssist 8.0.0.514
"HaaliMkx" = Haali Media Splitter
"HashCalc_is1" = HashCalc 2.02
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 8.2a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MotoHelper" = MotoHelper 2.0.46 Driver 5.0.0
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"qt7lite_is1" = QT Lite 3.2.2
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Rockstar Games Social Club" = Rockstar Games Social Club
"Stanza" = Stanza
"VirtualCloneDrive" = VirtualCloneDrive
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.5
"XviD4PSP5" = XviD4PSP 5.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3004922134-2840439543-2313920064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Application Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16/01/2012 15:16:32 | Computer Name = 6CK2XK1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DvdInfo.exe, version: 6.5.2.8, time stamp:
0x4e000e81 Faulting module name: DvdInfo.exe, version: 6.5.2.8, time stamp: 0x4e000e81
Exception
code: 0xc0000005 Fault offset: 0x00290130 Faulting process id: 0x114c Faulting application
start time: 0x01ccd48358a3e5c2 Faulting application path: C:\Program Files (x86)\DVDInfoPro\DvdInfo.exe
Faulting
module path: C:\Program Files (x86)\DVDInfoPro\DvdInfo.exe Report Id: 98da484e-4076-11e1-b9f7-0026b90cbaf5

Error - 21/01/2012 15:28:15 | Computer Name = 6CK2XK1-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 21/01/2012 15:28:16 | Computer Name = 6CK2XK1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Terraria.exe, version: 1.1.1.0, time stamp:
0x4f01c87a Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id:
0x45c Faulting application start time: 0x01ccd872d1864287 Faulting application path:
C:\Program Files (x86)\Terraria\Terraria.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 10beb2fc-4466-11e1-b65e-0026b90cbaf5

Error - 21/01/2012 15:28:22 | Computer Name = 6CK2XK1-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 21/01/2012 15:28:22 | Computer Name = 6CK2XK1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Terraria.exe, version: 1.1.1.0, time stamp:
0x4f01c87a Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id:
0x1294 Faulting application start time: 0x01ccd872d6aead81 Faulting application path:
C:\Program Files (x86)\Terraria\Terraria.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 1486775c-4466-11e1-b65e-0026b90cbaf5

Error - 31/01/2012 4:26:07 | Computer Name = 6CK2XK1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Speccy64.exe, version: 1.14.0.288, time
stamp: 0x4eca55ae Faulting module name: atiadlxx.dll, version: 6.14.10.1076, time
stamp: 0x4e9b83c1 Exception code: 0xc0000005 Fault offset: 0x000000000002b64f Faulting
process id: 0x468 Faulting application start time: 0x01ccdff1eab5a06a Faulting application
path: C:\Program Files\Speccy\Speccy64.exe Faulting module path: C:\Windows\system32\atiadlxx.dll
Report
Id: 386fbd23-4be5-11e1-b9af-0026b90cbaf5

Error - 5/03/2012 5:19:12 | Computer Name = 6CK2XK1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DvdInfo.exe, version: 6.1.3.5, time stamp:
0x4b981d7f Faulting module name: DvdInfo.exe, version: 6.1.3.5, time stamp: 0x4b981d7f
Exception
code: 0xc0000005 Fault offset: 0x00042e5f Faulting process id: 0x1188 Faulting application
start time: 0x01ccfab100a1cbd4 Faulting application path: C:\Program Files (x86)\DVDInfoPro\DvdInfo.exe
Faulting
module path: C:\Program Files (x86)\DVDInfoPro\DvdInfo.exe Report Id: 450d2ee6-66a4-11e1-b97f-0026b90cbaf5

Error - 20/04/2012 10:41:51 | Computer Name = 6CK2XK1-PC | Source = VSS | ID = 8194
Description =

Error - 21/04/2012 5:51:32 | Computer Name = 6CK2XK1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Speccy64.exe, version: 1.14.0.288, time
stamp: 0x4eca55ae Faulting module name: atiadlxx.dll, version: 6.14.10.1076, time
stamp: 0x4e9b83c1 Exception code: 0xc0000005 Fault offset: 0x000000000002b64f Faulting
process id: 0x130c Faulting application start time: 0x01cd1fa4492af362 Faulting application
path: C:\Program Files\Speccy\Speccy64.exe Faulting module path: C:\Windows\system32\atiadlxx.dll
Report
Id: 92b54953-8b97-11e1-8ff9-0026b90cbaf5

Error - 23/04/2012 8:33:49 | Computer Name = 6CK2XK1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Speccy64.exe, version: 1.14.0.288, time
stamp: 0x4eca55ae Faulting module name: atiadlxx.dll, version: 6.14.10.1076, time
stamp: 0x4e9b83c1 Exception code: 0xc0000005 Fault offset: 0x000000000002b64f Faulting
process id: 0xe94 Faulting application start time: 0x01cd214d4952dd60 Faulting application
path: C:\Program Files\Speccy\Speccy64.exe Faulting module path: C:\Windows\system32\atiadlxx.dll
Report
Id: 934ca4cb-8d40-11e1-8ff9-0026b90cbaf5

Error - 27/04/2012 7:28:33 | Computer Name = 6CK2XK1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpc-hc.exe, version: 1.6.1.4235, time stamp:
0x4f787027 Faulting module name: libavcodec.dll, version: 0.0.0.0, time stamp: 0x4b1fd28b
Exception
code: 0xc0000005 Fault offset: 0x00305103 Faulting process id: 0x12a4 Faulting application
start time: 0x01cd24652ee202b0 Faulting application path: C:\Program Files (x86)\MPC
HomeCinema\mpc-hc.exe Faulting module path: C:\Program Files (x86)\ffdshow\libavcodec.dll
Report
Id: 1ecfb08d-905c-11e1-8ff9-0026b90cbaf5

Error - 29/04/2012 8:53:33 | Computer Name = 6CK2XK1-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BinaryDomain.exe, version: 1.0.0.1, time
stamp: 0x4f96a84e Faulting module name: BinaryDomain.exe, version: 1.0.0.1, time
stamp: 0x4f96a84e Exception code: 0xc0000005 Fault offset: 0x0018816a Faulting process
id: 0x7e4 Faulting application start time: 0x01cd26052dc31f6e Faulting application
path: C:\Program Files (x86)\Sega\Binary Domain\BinaryDomain.exe Faulting module
path: C:\Program Files (x86)\Sega\Binary Domain\BinaryDomain.exe Report Id: 538cabe6-91fa-11e1-8ff9-0026b90cbaf5

[ System Events ]
Error - 23/06/2012 8:03:12 | Computer Name = 6CK2XK1-PC | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%31

Error - 23/06/2012 14:01:59 | Computer Name = 6CK2XK1-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 23/06/2012 14:14:13 | Computer Name = 6CK2XK1-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\tandpl.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 23/06/2012 14:14:18 | Computer Name = 6CK2XK1-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FileDisk

Error - 23/06/2012 14:27:26 | Computer Name = 6CK2XK1-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 23/06/2012 14:29:33 | Computer Name = 6CK2XK1-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 23/06/2012 14:29:33 | Computer Name = 6CK2XK1-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 23/06/2012 14:30:02 | Computer Name = 6CK2XK1-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 23/06/2012 20:58:09 | Computer Name = 6CK2XK1-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\tandpl.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 23/06/2012 20:58:12 | Computer Name = 6CK2XK1-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FileDisk


< End of report >
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Sat Jun 23, 2012 9:47 pm    Post subject: Reply with quote

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Quote:
Java(TM) 7 Update 4 (64-bit)
Java(TM) 7 Update 4
HijackThis 2.0.2


Java has now been updated to 7u5

HJT is not compatible with 64 bit systems.

Reboot when they are all uninstalled

Now download and install JDK 7 Update 5 (JDK or JRE).

Next


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3004922134-2840439543-2313920064-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2012/06/24 11:04:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{05DC003E-7E1B-4E44-8166-CC5DFBC53AC5}
[2012/06/24 11:04:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{65A35C35-7015-4884-A363-A2FA51EC406C}
[2012/06/23 22:02:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7A05F8F9-0E25-46E2-992D-4C73AE742A4A}
[2012/06/23 22:01:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7E9A35CC-4B09-445D-AFBC-B705AAD57FBC}
[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
@Alternate Data Stream - 576 bytes -> C:\Users\Alex\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63

:Commands
[createrestorepoint]
[emptytemp]
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Allow your computer to download and install any updates from Microsoft.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • OTL fix log
  • E-Set log
  • I'm hoping the test mode watermark will disappear when we remove some of the programs we've used to clean your computer, if not we'll try and find out what's causing the problem then.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sun Jun 24, 2012 6:29 am    Post subject: Reply with quote

I've uninstalled what you listed, rebooted, then updated both Java.

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3004922134-2840439543-2313920064-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
C:\Users\Alex\AppData\Local\{05DC003E-7E1B-4E44-8166-CC5DFBC53AC5} folder moved successfully.
C:\Users\Alex\AppData\Local\{65A35C35-7015-4884-A363-A2FA51EC406C} folder moved successfully.
C:\Users\Alex\AppData\Local\{7A05F8F9-0E25-46E2-992D-4C73AE742A4A} folder moved successfully.
C:\Users\Alex\AppData\Local\{7E9A35CC-4B09-445D-AFBC-B705AAD57FBC} folder moved successfully.
C:\Windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP folder deleted successfully.
C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP folder deleted successfully.
C:\Windows\6833245EDD86479A882A8360D62C8194.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\6833245EDD86479A882A8360D62C8194.TMP folder deleted successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully.
C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP folder deleted successfully.
C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder deleted successfully.
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP folder deleted successfully.
C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP folder deleted successfully.
ADS C:\Users\Alex\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 312192 bytes
->Temporary Internet Files folder emptied: 8424307 bytes
->Java cache emptied: 381594 bytes
->FireFox cache emptied: 95782463 bytes
->Flash cache emptied: 371148 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53265904 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 151.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.52.0 log created on 06242012_215604

Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sun Jun 24, 2012 6:35 am    Post subject: Reply with quote

Then I went on Windows Update, I remember updating Windows not a week ago, and there were no critical updates, only different languages and such.

Oh, and I still can't manage MSE to function, still complains that the service is missing.

And I couldn't find the ESET log, I chose to uninstall the scanner, and only found these located here "C:\Program Files (x86)\ESET\ESET Online Scanner"

OnlineScanner.ocx
OnlineScannerApp
OnlineScannerUninstaller

but I did export the results from the results screen,

C:\FRST\Quarantine\0i763f66bz.exe Win32/Wigon.OW trojan
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Local\{226665ff-17f4-becc-6403-1e07e0bffa81}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\U\00000001.@.vir Win64/Sirefef.AI trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{226665ff-17f4-becc-6403-1e07e0bffa81}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Sun Jun 24, 2012 7:15 am    Post subject: Reply with quote

OK, the files found by e-set are encrypted quarantine files that Combofix and FRST made, they can't re-infect you, and we will be removing them in due course.

For the moment we need to find out what the problem might be with MSE

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Select the following options ....

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sun Jun 24, 2012 7:42 am    Post subject: Reply with quote

I know we're not done, but for the sake of reflection on my part, is there any way to track exactly when the zero access rootkit got into my system? I noticed problems the day I created this topic, but it is possible for the rootkit to have infected my system before that yes? I mentioned before the system is not used very much, esp in the last 6 weeks, so I could definitely narrow down what it was when the system was infected. Or is that a lost cause?

Here is the log nonetheless.

Farbar Service Scanner Version: 23-06-2012
Ran by Alex (administrator) on 25-06-2012 at 01:34:32
Running from "C:\Users\Alex\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Sun Jun 24, 2012 7:57 am    Post subject: Reply with quote

OK, didn't see what I expected to see there.

Windows Defender is disabled, but this is normal if you have MSE installed.

Rather than fishing further for a cause ....



Let me know whether this is successful or not.

The version of Zero Access you have is a recent one, so it will probably have been contracted within the last few weeks, however quite how you came to contract it I couldn't say.

The usual methods are ....

Use of P2P programs
Opening a "booby trapped" e-mail
Clicking on a "poisoned" link.

The last could be embedded in a legit website if it is not properly secured.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Sun Jun 24, 2012 8:44 am    Post subject: Reply with quote

Yeah, uninstalling and reinstalling MSE worked, it's fine now.

The Test Mode watermark is still there, and Action Center notification icon is still not showing, but those are comparatively minor things.

As for possible routes of infection, I don't use P2P programs, the main use for this system is web browsing, and although I realize nothing is bulletproof, I've always thought I've done more than enough. I've always, always updated Windows a few days after Patch Tuesday, and I've kept, to the best of my ability, Firefox, Flash, Adobe Reader, and Java updated. I've also done full scans with MBAM and MSE every once in a while, last was a month ago. I figured one of those would be enough to stop the big ones. I'm rather baffled, although to be fair, in the six years since I registered here, this is only my third time seeking help.

-EDIT- I did some snooping around, this topic could potentially have the solution, but I didn't bother trying since it's relatively minor. I did confirm that I'm missing the registry entry, I have no idea how to check what explorer.exe is doing.
http://www.sevenforums.com/system-security/221034-unable-fix-action-center-notifications-after-virus-win64-sirefef-b.html
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Sun Jun 24, 2012 9:28 pm    Post subject: Reply with quote

Let's get an export of the key mentioned in the Sevenforums article, and take it from there ....


  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.

Code:
@echo off
regedit.exe /e "%userprofile%\Desktop\look.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}"
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0


  • Click Format and ensure Wordwrap is unchecked.
  • Save as RegExp.bat
  • Save as file type All Files or it won't work.
  • Now right click on RegExp.bat and select Run as Administrator to run it.
  • A file look.txt will open on your Desktop, please post the contents in your next reply. (look.txt and RegExp.bat will self delete when you close look.txt)

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Mon Jun 25, 2012 8:29 am    Post subject: Reply with quote

look.txt came up blank, there is nothing in it.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Mon Jun 25, 2012 9:06 am    Post subject: Reply with quote

OK, that's what I expected, I just wanted to make sure before replacing the key.


  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""


  • Click Format and ensure Wordwrap is unchecked.
  • Save as RegFix.reg
  • Save as file type All Files or it won't work.
  • Now right click on RegFix.reg and select Run as an Administrator to run it.
  • You will be prompted to allow it to merge with the Registry. Allow it please.


Now reboot your computer

Is the problem with the Action Centre notification icon resolved ?
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Mon Jun 25, 2012 9:53 am    Post subject: Reply with quote

Yeah, so far so good, I restarted twice after I imported the reg entry, and both times, after a while (the service is on a delayed start) , the icon is back to normal. I also checked through regedit that the entry remained.

One thing though, the option to "Run as Admin" wasn't there when I right-clicked the reg file, but I was logged in as Admin anyway.

Any news on disabling Test Mode?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Mon Jun 25, 2012 10:32 am    Post subject: Reply with quote

Try following the instructions I've linked to, to see if your Test Mode message gets removed ..... http://www.sevenforums.com/tutorials/212819-test-mode-windows-7-build-7601-watermark-remove-desktop.html
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Mon Jun 25, 2012 10:46 am    Post subject: Reply with quote

It's just a watermark on the lower right of the desktop, it's not a popup or anything

Test Mode
Windows 7
Build 7601

This appeared after I ran FRST with that fixlist, it wasn't there before that,

It looks like this, except mine says 7601 (Service Pack?), and yes, windows is genuine and activated.

http://techrena.net/remove-test-mode-windows-7-build-7600-watermark/

From here, I gather it's a simple fix, but I'll let you make the final judgment call,

http://support.microsoft.com/kb/2509241
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Mon Jun 25, 2012 11:03 am    Post subject: Reply with quote

Yeah, it's gone after that.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Mon Jun 25, 2012 1:00 pm    Post subject: Reply with quote

Great, looks like we're good to go.

Time for a little housekeeping then. We need to remove the programs we've been using to clean your computer.

First

Let's clear out Combofix and the files/folders it created

  • Click Start > Run
  • Copy/Paste ComboFix /Uninstall into the Run box.
  • Click OK
  • Combofix will now delete its files and folders and also perform the following function.

    • Clears System Restore cache and creates a new Restore point. This will remove any "malicious" System Restore files, which may have been created whilst your computer was infected.


IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Next

Let's clear out OTL and the files and folders it created. This will also remove aswMBR,

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


Next

Please delete the following ....

FRST64.exe
FSS.exe
any log files created by those tools
any fix files created for FRST


As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?

  • If you are let me know about them.
  • If not it's time to make your computer more secure.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


If your computer is running slowly after your clean up, please read.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Heiji1412-2
Junior Member


Joined: 17 Jul 2006
Last Visit: 27 Jun 2012
Posts: 49

PostPosted: Mon Jun 25, 2012 1:51 pm    Post subject: Reply with quote

Done and done.

I'm going to look into using Hosts file, and NoScript on top of everything i've been doing.

I've given a donation through the link in you sig.

And thanks~
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 15 Apr 2014
Posts: 9927
Location: Yorkshire

PostPosted: Mon Jun 25, 2012 3:26 pm    Post subject: Reply with quote

You're welcome, glad we could help.

Thanks for the donation it is much appreciated.

As your problems appear to have been resolved .....

Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group