port42

Maurice, UAC turned on. Passwords applied to all 3 users, and only one user is admin now. Adobe reader uninstalled. Ran through step-by-step instructions for Grinler's article for Emsisoft. Emsisoft picked-up 35 hits, most of which were high risk. They've been quaranteed. Rebooted and ran full scan MBAM, but still have the trojan! Here's the Emsisoft log and the Mbam log: Emsisoft Emergency Kit - Version 2.0 Last update: 10/18/2012 9:24:17 AM Scan settings: Scan type: Deep Scan Objects: Rootkits, Memory, Traces, C:\, F:\, L:\ Scan archives: On ADS Scan: On Scan start: 10/18/2012 9:25:32 AM c:\users\pete\appdata\roaming\ms_dir_\ detected: Trace.File.injector!E1 c:\users\pete\appdata\roaming\wjdku.txt detected: Trace.File.sancmed!E1 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\613f55c9-4242eda7 -> b_sa\b_sb.class detected: Exploit.Java.Blacole!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\613f55c9-4242eda7 -> b_sa\b_sd.class detected: Exploit.Java.CVE-2012-1723!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\613f55c9-4242eda7 -> b_sa\b_sa.class detected: Exploit.Java.Blacole!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\613f55c9-4242eda7 -> b_sa\b_sc.class detected: Exploit.Java.Blacole!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2c3fdefb-5870d310 -> Lilioc.class detected: JAVA.Agent!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2c3fdefb-5870d310 -> Noosa.class detected: JAVA.Agent!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\24638832-578c984b -> mcnmpaqqlsrb\bvtvdmkadgfhvdanfqmd.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\24638832-578c984b -> mcnmpaqqlsrb\fyrblayrcvcervwlquwglhyqv.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\24638832-578c984b -> mcnmpaqqlsrb\rtjvguaewmreqbcm.class detected: Exploit.Java.CVE!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\24638832-578c984b -> mcnmpaqqlsrb\musfdv.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\24638832-578c984b -> mcnmpaqqlsrb\rggvthergdpsdhugvfr.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\79811030-1e5c3c45 -> Ini.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\24638832-578c984b -> mcnmpaqqlsrb\vuevarq.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\24638832-578c984b -> mcnmpaqqlsrb\vwslvkhhbjkwhtnnys.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\24638832-578c984b -> mcnmpaqqlsrb\ltkrmpdvkbmasy.class detected: Exploit.Java.CVE!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\229ef06a-3e1a17aa -> App.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\229ef06a-3e1a17aa -> Clisa.class detected: Java.Malware!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\229ef06a-3e1a17aa -> Laios.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\229ef06a-3e1a17aa -> Talibbo.class detected: Java.CVE.2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\229ef06a-3e1a17aa -> Nemesis.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\229ef06a-3e1a17aa -> Seeko.class detected: Java.CVE.2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\229ef06a-3e1a17aa -> Basnoslob.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\229ef06a-3e1a17aa -> Byte.class detected: Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7de585d4-157de6af -> a\urtr.class detected: Trojan.Java.Exploit!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7de585d4-157de6af -> a\dbwhgigr.class detected: Exploit.Java.CVE!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4666b711-334741f2 -> a\gttn.class detected: Trojan.Java.Exploit!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4666b711-334741f2 -> a\vpxkpuwsgofslz.class detected: Trojan.Win32.FakeAV!E2 C:\!Bit-Torrent-Downloads\!EBOOKS\james_dashner_the_maze_runner_mobi.rar_downloader_25.exe detected: Trojan.Win32.ExpressFiles.AMN!E1 F:\WINDOWS\Nircmd.exe detected: Riskware.Win32.NirCmd.E.2.B!E1 F:\Documents and Settings\me\Local Settings\Temporary Internet Files\Content.IE5\V7Q6A10K\in[1].htm detected: Trojan.JS.Redirector!E2 F:\ComboFix\NirCmd.cfexe detected: Riskware.Win32.NirCmd.E.2.B!E1 F:\ComboFix\nircmd.com detected: Riskware.Win32.NirCmd.E.2.B!E1 F:\ComboFix\NirCmdC.cfexe detected: Riskware.Win32.NirCmd.E.1.B!E1 Scanned 832864 Found 35 Scan end: 10/18/2012 12:57:30 PM Scan time: 3:31:58 F:\ComboFix\NirCmdC.cfexe Quarantined Riskware.Win32.NirCmd.E.1.B!E1 F:\Documents and Settings\me\Local Settings\Temporary Internet Files\Content.IE5\V7Q6A10K\in[1].htm Quarantined Trojan.JS.Redirector!E2 F:\WINDOWS\Nircmd.exe Quarantined Riskware.Win32.NirCmd.E.2.B!E1 F:\ComboFix\NirCmd.cfexe Quarantined Riskware.Win32.NirCmd.E.2.B!E1 F:\ComboFix\nircmd.com Quarantined Riskware.Win32.NirCmd.E.2.B!E1 C:\!Bit-Torrent-Downloads\!EBOOKS\james_dashner_the_maze_runner_mobi.rar_downloader_25.exe Quarantined Trojan.Win32.ExpressFiles.AMN!E1 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4666b711-334741f2 -> a\vpxkpuwsgofslz.class Quarantined Trojan.Win32.FakeAV!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7de585d4-157de6af -> a\urtr.class Quarantined Trojan.Java.Exploit!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\229ef06a-3e1a17aa -> Talibbo.class Quarantined Java.CVE.2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\24638832-578c984b -> mcnmpaqqlsrb\rtjvguaewmreqbcm.class Quarantined Exploit.Java.CVE!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\79811030-1e5c3c45 -> Ini.class Quarantined Exploit.Java.CVE-2012!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2c3fdefb-5870d310 -> Lilioc.class Quarantined JAVA.Agent!E2 C:\Users\Pete\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\613f55c9-4242eda7 -> b_sa\b_sd.class Quarantined Exploit.Java.CVE-2012-1723!E2 c:\users\pete\appdata\roaming\wjdku.txt Quarantined Trace.File.sancmed!E1 c:\users\pete\appdata\roaming\ms_dir_\ Quarantined Trace.File.injector!E1 Quarantined 15 ________________________________________________________________________________________ Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.18.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Pete :: BADBOY [administrator] Protection: Enabled 10/18/2012 1:57:56 PM mbam-log-2012-10-18 (13-57-56).txt Scan type: Full scan (C:\|L:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 537805 Time elapsed: 1 hour(s), 12 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|4501 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msyufim.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Maurice, Prior to step 1, I uninstalled Utorrent and Java 6 update 26 completely. Step 1. Downloaded and ran Erunt. Reg backup saved on HDD. Step 2. All files set to show. Step 3. A. Downloaded and ran Mbam-clean.exe, then rebooted, Temporarily disabled Avast real-time after boot. B. Downloaded, installed, and updated Mbam (accepted trial ver of Mbam Pro). C. Rebooted. Mbam shown in task tray. D. Re-activated Avast. Step 4. A. Started Mbam, all General and Scanner options checked off and ran the update. No prompt for reboot and program was up-to-date. B. Ran Quick Scan with no applications running and no windows open. Trojan found and deleted. Saved log as shown here and rebooted: Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.17.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Pete :: BADBOY [administrator] Protection: Enabled 10/17/2012 2:04:46 PM mbam-log-2012-10-17 (14-04-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 256775 Time elapsed: 5 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|4501 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msyufim.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ____________________________________________________________________________ Step 5. Ran AWD Cleaner, log opened prior to using "Delete." Saved log. Ran "Delete." 5 sketchy reg keys and one value found and deleted. Rebooted, then log automatically opened and saved upon login: # AdwCleaner v2.004 - Logfile created 10/17/2012 at 14:20:07 # Updated 06/10/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Pete - BADBOY # Boot Mode : Normal # Running from : C:\!junk\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [6156 octets] - [12/10/2012 12:41:03] AdwCleaner[R2].txt - [6216 octets] - [12/10/2012 12:42:06] AdwCleaner[s2].txt - [6241 octets] - [12/10/2012 12:42:24] AdwCleaner[R3].txt - [1472 octets] - [17/10/2012 14:16:46] AdwCleaner[R4].txt - [1532 octets] - [17/10/2012 14:19:08] AdwCleaner[s3].txt - [1324 octets] - [17/10/2012 14:20:07] ########## EOF - C:\AdwCleaner[s3].txt - [1384 octets] ########## _____________________________________________________________________________________________________________________ Step 6. Downloaded and ran Security Check. Log as follows: Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Oct12virusremoval OCT17-cleanup SecurityCheck.exe Malwarebytes' Anti-Malware mbamscheduler.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` ________________________________________________________________________ As you can see, the UAC note was made (I provide admin level for myself and one other user who has no password. 3rd user is only USER level and without password). What do you think? Out of the woods yet? What bothers me about this one is that the system runs fine, without any issues at all. However, I suspect that this trojan has been on this PC for a very long time. Any indication that it's related to FBI Moneypak?

Maurice, OTL.txt log as follows: OTL logfile created on: 10/12/2012 1:09:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\!junk 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 77.69% Memory free 15.50 Gb Paging File | 13.65 Gb Available in Paging File | 88.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698.54 Gb Total Space | 85.20 Gb Free Space | 12.20% Space Free | Partition Type: NTFS Drive F: | 74.55 Gb Total Space | 8.30 Gb Free Space | 11.13% Space Free | Partition Type: NTFS Computer Name: BADBOY | User Name: Jen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/12 13:08:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\!junk\OTL.exe PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011/12/05 23:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/12/05 22:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/05 23:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011/12/05 23:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/12/05 22:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/10/17 13:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/08 12:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2007/03/31 12:27:30 | 000,332,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cxavs64.sys -- (CX88VID) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003/12/05 06:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9 IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 F9 64 DF 07 42 CC 01 [binary data] IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\..\SearchScopes,DefaultScope = {184CB099-2F77-4799-88AC-16E72006D3F0} IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\..\SearchScopes\{13990750-7DF5-455A-B1DE-712FE1F9099E}: "URL" = http://delicious.com/search?p={searchTerms} IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\..\SearchScopes\{184CB099-2F77-4799-88AC-16E72006D3F0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9 IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\..\SearchScopes\{507B8D51-2C6D-4E6F-8D2E-F49B459B5B44}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/19 13:22:51 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/06/29 10:10:38 | 000,004,115 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 4501 = C:\PROGRA~3\LOCALS~1\Temp\msyufim.bat O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2437510211-2088959400-2204543645-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} http://www.nnerenmls.com/nne/valid/osi_valid9m.ocx (osi_valid.uCltValid9m) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} http://www.nero.com/doc/NeroVersionChecker.cab (CNeroSerialChecker Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.154.119.11 156.154.129.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE163A43-8757-4321-B677-19FDBA903E80}: DhcpNameServer = 156.154.119.11 156.154.129.11 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/06 13:18:13 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/10/12 08:36:03 | 000,000,000 | -HSD | C] -- C:\found.000 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/12 13:12:18 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/12 13:12:18 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/12 13:05:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/12 13:04:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/12 13:04:46 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys [2012/10/12 12:22:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/12 12:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/10/12 11:06:16 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/10/04 11:25:05 | 083,023,306 | ---- | M] () -- C:\ProgramData\sqj.pad [2012/10/01 08:02:21 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/01 08:02:21 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/01 08:02:21 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/01 07:10:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dvdtest10024.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/12 11:06:16 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/10/04 11:24:45 | 083,023,306 | ---- | C] () -- C:\ProgramData\sqj.pad [2012/09/11 13:02:59 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/08/16 12:33:20 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012/07/31 06:17:20 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012/07/11 12:28:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012/06/03 10:09:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat [2012/06/03 10:02:10 | 000,000,073 | ---- | C] () -- C:\Windows\EurekaLog.ini [2012/04/24 20:38:36 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012/04/24 20:38:36 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012/04/16 17:22:07 | 000,000,168 | ---- | C] () -- C:\ProgramData\-QaJkZ57jQhwSxSr [2012/04/16 17:22:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\-QaJkZ57jQhwSxS [2012/04/16 17:22:03 | 000,000,256 | ---- | C] () -- C:\ProgramData\QaJkZ57jQhwSxS [2012/03/04 11:52:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/03/04 11:52:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/03/04 11:52:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/03/04 11:52:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/03/04 11:52:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/12/07 11:53:24 | 004,770,816 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2011/12/05 22:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011/12/05 22:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/09/25 20:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/07/12 19:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/01/24 14:13:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/01/24 14:13:30 | 000,032,955 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011/01/04 17:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010/02/21 17:10:29 | 000,000,632 | RHS- | C] () -- C:\Users\Jen\ntuser.pol ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== ========== Base Services ========== SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc) SRV:64bit: - [2010/11/20 09:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso) SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV:64bit: - [2010/11/20 09:25:47 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:64bit: - [2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV - [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc) SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost) SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS) SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm) SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm) SRV:64bit: - [2010/11/20 09:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:64bit: - [2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage) No service found with a name of EMDMgmt SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon) SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule) SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv) SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc) SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS) SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv) SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder) SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog) SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc) SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc) SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver) SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver) SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt) SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv) SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc) SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc) SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation) < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: SERVICES > [2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services < MD5 for: SERVICES.EXE > [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SERVICES.EXE.MUI > [2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui [2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui < MD5 for: SERVICES.INI > [2010/02/19 07:36:03 | 000,002,917 | ---- | M] () MD5=FA530A9855A6A26BA16938A793597282 -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\services.ini < MD5 for: SERVICES.LNK > [2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk < MD5 for: SERVICES.MOCHIADS.COM.SOL > [2012/07/29 18:08:56 | 000,000,353 | ---- | M] () MD5=2565AF45B79788F9F97A8430DD8968CC -- C:\Users\Sam\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B22YHMEW\mochiads.com\services.mochiads.com.sol < MD5 for: SERVICES.MOF > [2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof [2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof < MD5 for: SERVICES.MSC > [2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc [2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc [2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc [2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc [2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc [2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc [2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc [2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc < MD5 for: SERVICES.PTXML > [2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml [2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < End of report >

Maurice, Thanks for the reply....and my apologies for attaching logs. Didn't go crazy with utils: just Malwarebytes, Avast, and Iobit because of corrupt registry. Here are the logs: OTL Extras in this reply. OTL.txt to follow in next reply. Now you've got me nervous about online transactions and surfing (guilty since Oct 12). # AdwCleaner v2.004 - Logfile created 10/12/2012 at 12:42:24 # Updated 06/10/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Jen - BADBOY # Boot Mode : Normal # Running from : C:\!junk\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Jen\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Pete\AppData\Local\SanctionedMedia Folder Deleted : C:\Users\Pete\AppData\LocalLow\CouponAlert_2p ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [6156 octets] - [12/10/2012 12:41:03] AdwCleaner[R2].txt - [6216 octets] - [12/10/2012 12:42:06] AdwCleaner[s2].txt - [6172 octets] - [12/10/2012 12:42:24] ########## EOF - C:\AdwCleaner[s2].txt - [6232 octets] ########## _________________________________________________________________________________________________________________________________ aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-12 13:41:37 ----------------------------- 13:41:37.239 OS Version: Windows x64 6.1.7601 Service Pack 1 13:41:37.239 Number of processors: 4 586 0x203 13:41:37.239 ComputerName: BADBOY UserName: Jen 13:41:40.062 Initialize success 13:41:43.541 AVAST engine defs: 12101200 13:42:09.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 13:42:09.734 Disk 0 Vendor: ST3750528AS CC38 Size: 715404MB BusType: 3 13:42:09.749 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 13:42:09.749 Disk 1 Vendor: SAMSUNG_SP0802N TK300-06 Size: 76351MB BusType: 3 13:42:09.765 Disk 0 MBR read successfully 13:42:09.765 Disk 0 MBR scan 13:42:09.781 Disk 0 Windows 7 default MBR code 13:42:09.781 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 13:42:09.796 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848 13:42:09.827 Disk 0 scanning C:\Windows\system32\drivers 13:42:18.439 Service scanning 13:42:32.463 Modules scanning 13:42:32.463 Disk 0 trace - called modules: 13:42:32.494 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 13:42:32.510 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077c2060] 13:42:32.510 3 CLASSPNP.SYS[fffff8800165a43f] -> nt!IofCallDriver -> [0xfffffa8006803580] 13:42:32.525 5 ACPI.sys[fffff88000fab7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006802060] 13:42:34.444 AVAST engine scan C:\Windows 13:42:37.798 AVAST engine scan C:\Windows\system32 13:44:46.124 AVAST engine scan C:\Windows\system32\drivers 13:44:56.560 AVAST engine scan C:\Users\Jen 13:48:22.964 AVAST engine scan C:\ProgramData 13:49:05.724 Scan finished successfully 13:49:28.968 Disk 0 MBR has been saved successfully to "C:\!junk\Oct12virusremoval\MBR.dat" 13:49:28.968 The log file has been saved successfully to "C:\!junk\Oct12virusremoval\aswMBR.txt" __________________________________________________________________________________________________ OTL Extras logfile created on: 10/12/2012 1:09:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\!junk 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 77.69% Memory free 15.50 Gb Paging File | 13.65 Gb Available in Paging File | 88.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698.54 Gb Total Space | 85.20 Gb Free Space | 12.20% Space Free | Partition Type: NTFS Drive F: | 74.55 Gb Total Space | 8.30 Gb Free Space | 11.13% Space Free | Partition Type: NTFS Computer Name: BADBOY | User Name: Jen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Windows\system32\svchost.exe" = C:\Windows\system32\svchost.exe:*:Enabled:svchost.exe -- (Microsoft Corporation) "C:\Windows\system32\svchost.exe" = C:\Windows\system32\svchost.exe:*:Enabled:svchost.exe -- (Microsoft Corporation) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0515727F-64DF-4872-A3D2-BDF353CEA77F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{112C5505-F59D-42FF-8D6C-27620F56590E}" = lport=10243 | protocol=6 | dir=in | app=system | "{1C79F4E5-E799-49E9-8F5E-1FF4BC3219B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{382F4536-DAB0-457D-835C-206E965138F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A574853-997E-433D-9C68-806762B6EC2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4DDF487B-B037-41F9-8AD5-D41937EDB75B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5AE7318F-3B98-4876-917E-D59A2F83F563}" = rport=137 | protocol=17 | dir=out | app=system | "{634BE9F7-852E-45A4-9EA6-7EA18AE73FE6}" = rport=139 | protocol=6 | dir=out | app=system | "{648178A1-164E-42D7-8FDB-CA2CE27017DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{68CE3856-EB35-42B3-ADD8-9DB122E576B0}" = lport=137 | protocol=17 | dir=in | app=system | "{767DF9AC-FE57-49F8-9161-22D1149A61E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{860D4C13-015F-4A98-8718-5D308172C9DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8D99973A-922C-45FB-AA57-E58F1111394A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A34D6238-D322-446D-A9A9-332DCAA77904}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{A7090CAF-F451-4693-87C8-A4E3E0B9CFC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B4CA0AEE-77B6-4514-A55E-3B3C21F4D6CE}" = lport=139 | protocol=6 | dir=in | app=system | "{BB3CF68F-4667-4DA7-8675-88BD2C4B8FFC}" = lport=2869 | protocol=6 | dir=in | app=system | "{C0CB7656-C7AE-483A-9BBA-4F82A8988CC7}" = rport=445 | protocol=6 | dir=out | app=system | "{D2D2A05F-06F9-4AED-9E7F-F8A31D18166B}" = rport=10243 | protocol=6 | dir=out | app=system | "{D816D2C0-823E-41B2-9ECD-0986EB5AB4F7}" = lport=445 | protocol=6 | dir=in | app=system | "{DD803078-4740-4090-9B32-431D4602E53F}" = lport=138 | protocol=17 | dir=in | app=system | "{F15B5EDD-DD20-4942-86E2-34D2350EDD18}" = rport=138 | protocol=17 | dir=out | app=system | "{F4656B1F-DDF2-44E7-B5F6-365E38A9D860}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FE6404A3-0E7F-4F79-9EFA-31ACC9F48D0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C2BC922-751F-469A-8AE6-57535149F73F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1A2F01E9-8BA0-46D3-85CF-127522310F3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{1ADC17AC-39AF-446E-8FD3-9E11F3370450}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1CE49E0F-1673-4483-9989-FE1EB19EF562}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{26A3AB84-027E-4749-8E9B-CBE80BED51A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2EDBB459-A5B6-46DD-8290-DBBB1FCFAB01}" = protocol=58 | dir=in | app=system | "{3BB71668-A2C0-4EB0-AD6C-5576FECFF5C1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{3C75B197-5B0D-4AEC-B292-B40173C3303F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{3D7AE6C7-085D-4961-99B0-32ACCC920AA5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{41B581A8-1DDA-4A00-8CB7-F40B756829BB}" = protocol=6 | dir=out | app=system | "{421BF48E-CAE5-4E94-85A6-3FE3033FB716}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{43ACAA99-0C82-4160-8E84-69BBDDA58D02}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{47E8147F-AE00-4D9A-9444-4A89E865C2CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{4981258B-B34A-4A2B-87A1-E408C85CE3DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{49E76648-7A9D-4DB3-B788-F70FE5D9BC45}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4A1C994E-05C1-4264-ACDC-778133AA2503}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{4D103C78-2E7B-463C-8329-A7CF205C68F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{56E1F230-5F2F-44A7-BA7B-EE7BCE55418C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6089AC21-7A9E-4BD2-81C4-3EEE282EB614}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{627EA375-AD0A-44E9-9E63-D320B179C89D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{68C6177A-770A-44CE-8393-2D3C1E338DA7}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "{68C715F3-7B0E-460E-9D25-2BC87115C757}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6CF3F256-1CBE-409F-91FA-3823A07EFDDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6E540C4E-5CAE-4D40-A9A7-6409D1E70BE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{77FFDC3C-6959-4224-AF23-272E6F59549C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7CC8637B-F734-474A-8B33-CCD3443754DC}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "{813FDE2C-45A1-4CCD-A90B-1C9FAB56D934}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{831A1E85-058A-414C-B149-E10535078A18}" = dir=out | app=c:\!download\softango_videoconverter_multi.exe | "{9331616E-64E9-45B9-9685-DB369D213414}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{93644D7A-8592-4B82-B288-991C5B61C07E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{94A3314E-5037-4F1F-A11A-AB57BF3B379C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{964E49AD-4D45-4267-B943-330DEA147022}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{9A9E56A1-0F44-43C4-AB7A-B50819DDD30F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{ACFBCBB3-CAF9-45ED-9DE4-0B906EFAD5A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{AFB1CC78-A804-4F98-A326-6F06D1F5C51E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B71C744C-65E9-47DC-9643-3702BE91B800}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B8162C12-87E7-431C-A401-72FAC55C5BD3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B92B6E80-6C42-485D-9170-31222E489078}" = dir=in | app=c:\!download\softango_videoconverter_multi.exe | "{BE955CBC-86B7-4227-9E83-28EB9E86BC99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D14811D9-E417-46B0-8A3F-DBD23B45F6AE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{D76CCD8A-D544-4A9D-8FA5-4B4EDBF3C009}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D8367569-37E0-4680-82D5-CB58A2E5F0CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{E0A5A69C-2540-4299-B89B-B2EE5A5E661F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E243A068-D8E7-466B-B7DA-5919F1887351}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{EE1EB83C-5FEB-48D6-8787-73141B1AFE99}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "TCP Query User{08DBDDC1-1A95-4919-9E86-CFFAA5C166F8}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{0BB24181-DBE6-4ABE-A772-9FA79198C6E0}C:\users\pete\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\pete\appdata\local\akamai\netsession_win.exe | "TCP Query User{14FF6E55-2389-48AF-8AB0-7F5B68135839}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{44B2967F-1B07-410A-82D6-3DA5D2A71F13}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{8362F326-97D7-4086-9701-C5EB869E129D}C:\users\pete\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\pete\appdata\local\akamai\netsession_win.exe | "TCP Query User{ECB5ECBA-F9F1-4DBE-92CF-12051DE00B90}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | "UDP Query User{04204577-CF38-4743-98F8-119212BA38CF}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{13B454A6-5274-4563-A94D-8C9660A83910}C:\users\pete\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\pete\appdata\local\akamai\netsession_win.exe | "UDP Query User{67F354B2-BE93-449B-BC39-60866F208E85}C:\users\pete\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\pete\appdata\local\akamai\netsession_win.exe | "UDP Query User{BFBC87D8-77C5-40A8-AB6E-1D4102409538}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{E9C05533-0AC8-44C2-A1D5-D00F23417DE4}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{EF44AA59-CBA3-4FCC-AF81-8E62AC1FCBBE}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64 "{ABE286AE-C65D-B7DE-C8D1-DF79584169B4}" = AMD Fuel "{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "CutePDF Writer Installation" = CutePDF Writer 2.8 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "x64 Components_is1" = x64 Components v3.3.6 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional "{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian "{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French "{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish "{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English "{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 26 "{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish "{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese "{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{6072A581-5D8D-475F-812E-CF7B01F65552}" = UltraFileSearch 0.9.7.10031 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600 "{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German "{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{915C56D7-1EFD-4BF3-9FBE-2B0D39F36525}" = calibre "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy "{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource "{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean "{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = AMD VISION Engine Control Center "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek "{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian "{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash "{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai "{E65EFE5D-70E8-4BCE-BE85-9A3044F2A904}" = TrueForms NHAR 2010 "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Advanced SystemCare 3_is1" = Advanced SystemCare 3 "avast" = avast! Free Antivirus "Debut" = Debut Video Capture Software "DVBTCNXT" = KWorld PCI DVD Maker Driver "DVD Flick_is1" = DVD Flick 1.3.0.7 "DVD-Cloner 8_is1" = DVD-Cloner V8.20 Build 1007 "ENTERPRISE" = Microsoft Office Enterprise 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "MVApplication1" = Memorex exPressit Label Design Studio "TomTom HOME" = TomTom HOME 2.7.3.1894 "UltraFileSearch 0.9.7.10031" = UltraFileSearch 0.9.7.10031 "uTorrent" = µTorrent "VideoPad" = VideoPad Video Editor "VLC media player" = VLC media player 2.0.2 "VTechDownloadManager" = Learning Lodge Navigator "WavePad" = WavePad Sound Editor "WinRAR archiver" = WinRAR 4.00 (32-bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/18/2012 8:00:56 AM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 9/19/2012 8:12:19 AM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 9/20/2012 12:30:35 AM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 9/22/2012 12:30:45 AM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 9/24/2012 6:48:39 AM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 9/25/2012 7:09:44 AM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 9/26/2012 7:32:51 PM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 9/28/2012 8:43:40 AM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 9/29/2012 10:05:15 AM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 9/30/2012 4:05:13 PM | Computer Name = Badboy | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. [ Media Center Events ] Error - 2/24/2010 8:08:07 AM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 7:08:02 AM - Error connecting to the internet. 7:08:03 AM - Unable to contact server.. Error - 4/1/2010 8:27:51 PM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 8:27:51 PM - Failed to retrieve NetTV (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 5/13/2010 3:52:52 AM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 3:52:51 AM - Error connecting to the internet. 3:52:51 AM - Unable to contact server.. Error - 2/26/2011 8:08:40 PM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 7:08:40 PM - Error connecting to the internet. 7:08:40 PM - Unable to contact server.. Error - 2/26/2011 8:09:10 PM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 7:09:09 PM - Error connecting to the internet. 7:09:09 PM - Unable to contact server.. Error - 2/26/2011 9:09:45 PM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 8:09:45 PM - Error connecting to the internet. 8:09:45 PM - Unable to contact server.. Error - 2/26/2011 9:10:17 PM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 8:10:14 PM - Error connecting to the internet. 8:10:14 PM - Unable to contact server.. Error - 5/10/2011 8:08:16 PM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 8:08:16 PM - Error connecting to the internet. 8:08:16 PM - Unable to contact server.. Error - 5/10/2011 8:08:27 PM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 8:08:21 PM - Error connecting to the internet. 8:08:21 PM - Unable to contact server.. Error - 2/15/2012 9:52:55 AM | Computer Name = Badboy | Source = MCUpdate | ID = 0 Description = 8:52:51 AM - Error connecting to the internet. 8:52:51 AM - Unable to contact server.. [ OSession Events ] Error - 3/3/2010 5:53:46 PM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/14/2010 7:56:13 PM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/19/2010 3:51:39 PM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 5/3/2010 7:27:32 AM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error - 5/7/2010 2:04:14 PM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1913 seconds with 0 seconds of active time. This session ended with a crash. Error - 5/8/2010 8:16:08 AM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2110 seconds with 120 seconds of active time. This session ended with a crash. Error - 5/9/2010 5:17:28 AM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 420 seconds with 180 seconds of active time. This session ended with a crash. Error - 5/9/2010 9:16:08 AM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 961 seconds with 240 seconds of active time. This session ended with a crash. Error - 10/1/2010 11:55:53 AM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 8/30/2012 3:42:05 PM | Computer Name = Badboy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 32958 seconds with 180 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/12/2012 12:45:02 PM | Computer Name = Badboy | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 10/12/2012 12:45:04 PM | Computer Name = Badboy | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 10/12/2012 12:45:05 PM | Computer Name = Badboy | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 10/12/2012 12:45:08 PM | Computer Name = Badboy | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 10/12/2012 12:45:31 PM | Computer Name = Badboy | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: luafv Error - 10/12/2012 1:04:42 PM | Computer Name = Badboy | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 10/12/2012 1:04:45 PM | Computer Name = Badboy | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 10/12/2012 1:04:45 PM | Computer Name = Badboy | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 10/12/2012 1:04:49 PM | Computer Name = Badboy | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 10/12/2012 1:05:03 PM | Computer Name = Badboy | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: luafv < End of report >

I encountered a nasty version of the FBI Moneypak trojan on Oct 12. I ended up having to run chkdsk /f before I could roll back the registry, but that was successful and Malwarebytes removed the trojan afterwards. THE PROBLEM: I'm not sure if the following string is related to FBI Moneypak, but it shows up every time I run a Malwarebytes scan. Rebooting after a successful scan/delete tells me that a file is hiding in some sector of the HDD. Here's the string I get within the mbam log (see bold text): Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.12.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Pete :: BADBOY [administrator] 10/15/2012 12:25:02 PM mbam-log-2012-10-15 (12-25-02).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 437276 Time elapsed: 52 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|4501 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msyufim.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ______________________________________________________________________ Running a hdd search for msyufim.bat turned up nothing. I saved logs from several different utilities as suggested by a Malwarebytes moderator within a forum on this site, so I'll attach the logs to this post. I also ran the registry cleaner by Iobit after running the scans and creating these logs. The above-referenced string still comes up after scanning with Malwarebytes. Avast detects nothing, even misses the FBI Moneypak after it's infected the PC. Any help would be appreciated. Thanks. AdwCleanerS2.txt aswMBR.txt Extras.Txt mbam-log-2012-10-12 (13-03-00).txt mbam-log-2012-10-15 (16-39-26).txt OTL.Txt