FBI Moneypack virus preventing access to safemode (constant reboots)

[viriatus]

I am running windows 7 on a Dell alienware aurora and recently got infected with the fbimoneypack virus. This has happened before and I had no problem deleting it by using malwarebytes in safemode. This time around i am unable to access safemode either with or without networking because everytime I select it the computer begins to constantly reboot. I've poked around a bit and i see this is both not uncommon and not terribly easy to fix. Any help would be greatly appreciated

[Larusso]

Hy there.

32 or 64 bit based Windows ?

[viriatus]

Wow. That was fast. It's 64 bit.

[Larusso]

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Choose your language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Choose your language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst64 and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.

[viriatus]

Daniel:

Thanks very much for the help. Below are the results of the scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01

Ran by SYSTEM at 12-03-2013 18:46:46

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Launch Keyboard CI] "C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" /SHOWHIDE [3438088 2009-05-28] (Alienware)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)

HKLM\...\Run: [] [x]

HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [12656 2012-06-18] (Alienware)

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4090824 2012-11-16] (ESET)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)

HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)

HKU\Owner\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1602984 2013-02-25] (Valve Corporation)

HKU\Owner\...\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)

HKU\Owner\...\Winlogon: [shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [130048 2011-11-16] (SmartCart Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Startup: C:\ProgramData\Start Menu\Programs\Startup\AWMouseCI.lnk

ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

==================== Services (Whitelisted) ===================

2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913184 2012-11-16] (ESET)

==================== Drivers (Whitelisted) =====================

1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209808 2012-11-16] (ESET)

1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-28] (ESET)

2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-28] (ESET)

3 mio; C:\Windows\System32\Drivers\mio.sys [7680 2011-05-04] (Dell/Alienware)

0 SI3132; C:\Windows\System32\Drivers\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc)

0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc)

0 SiRemFil; C:\Windows\System32\Drivers\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc)

3 taphss6; C:\Windows\System32\Drivers\taphss6.sys [42184 2013-02-12] (Anchorfree Inc.)

2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-03-12 12:41 - 2013-03-12 12:51 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini

2013-03-11 14:51 - 2013-03-11 14:52 - 00000000 ____D C:\Users\Owner\Desktop\BMW528receipt

2013-03-06 16:33 - 2013-03-06 16:33 - 00020870 ____A C:\Users\Owner\Desktop\Indonesian Arbitration Cost Estimate Worksheet.xlsx

2013-03-01 06:23 - 2013-03-01 06:23 - 09269248 ____A C:\Users\Owner\Desktop\Owner's Quicken Data.QDF-backup

2013-02-27 22:12 - 2013-02-27 22:12 - 00094217 ____A C:\Users\Owner\Documents\What Forums Are Available.pptx

2013-02-26 20:23 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-02-26 20:23 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-02-26 20:23 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-02-26 20:23 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-02-26 20:23 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-02-26 20:23 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

[Larusso]

Hy there. Logfile appears incomplete.

Please make sure to copy the whole content of the textfile in this topic.

[viriatus]

Not sure what happened there. Let's try that again:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01

Ran by SYSTEM at 12-03-2013 18:46:46

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Launch Keyboard CI] "C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" /SHOWHIDE [3438088 2009-05-28] (Alienware)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)

HKLM\...\Run: [] [x]

HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [12656 2012-06-18] (Alienware)

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4090824 2012-11-16] (ESET)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)

HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)

HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)

HKU\Owner\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1602984 2013-02-25] (Valve Corporation)

HKU\Owner\...\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)

HKU\Owner\...\Winlogon: [shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [130048 2011-11-16] (SmartCart Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Startup: C:\ProgramData\Start Menu\Programs\Startup\AWMouseCI.lnk

ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

==================== Services (Whitelisted) ===================

2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913184 2012-11-16] (ESET)

==================== Drivers (Whitelisted) =====================

1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209808 2012-11-16] (ESET)

1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-28] (ESET)

2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-28] (ESET)

3 mio; C:\Windows\System32\Drivers\mio.sys [7680 2011-05-04] (Dell/Alienware)

0 SI3132; C:\Windows\System32\Drivers\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc)

0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc)

0 SiRemFil; C:\Windows\System32\Drivers\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc)

3 taphss6; C:\Windows\System32\Drivers\taphss6.sys [42184 2013-02-12] (Anchorfree Inc.)

2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-03-12 12:41 - 2013-03-12 12:51 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini

2013-03-11 14:51 - 2013-03-11 14:52 - 00000000 ____D C:\Users\Owner\Desktop\BMW528receipt

2013-03-06 16:33 - 2013-03-06 16:33 - 00020870 ____A C:\Users\Owner\Desktop\Indonesian Arbitration Cost Estimate Worksheet.xlsx

2013-03-01 06:23 - 2013-03-01 06:23 - 09269248 ____A C:\Users\Owner\Desktop\Owner's Quicken Data.QDF-backup

2013-02-27 22:12 - 2013-02-27 22:12 - 00094217 ____A C:\Users\Owner\Documents\What Forums Are Available.pptx

2013-02-26 20:23 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-02-26 20:23 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-02-26 20:23 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-02-26 20:23 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-02-26 20:23 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-02-26 20:23 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-02-26 20:23 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-02-26 20:23 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-02-26 20:23 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-02-26 20:23 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-02-26 20:23 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-02-26 20:23 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-02-26 20:23 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-02-26 20:23 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-02-26 20:23 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-02-26 20:23 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-02-26 20:23 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-02-26 20:23 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-02-26 20:23 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-02-26 20:23 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-02-26 20:23 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-02-26 20:23 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-02-26 20:23 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-02-26 20:23 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-02-26 20:23 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-02-26 20:23 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-02-26 20:23 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-02-26 20:23 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-02-26 20:23 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-02-26 20:23 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-02-26 20:23 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-02-26 20:23 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-02-26 20:23 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-02-26 20:23 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-02-26 20:23 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-02-26 19:08 - 2013-02-26 19:45 - 1931869665 ___RA C:\Users\Owner\Downloads\CH Pink Complex.mp4

2013-02-21 19:33 - 2013-02-21 19:33 - 00000000 ____D C:\Users\Owner\Documents\BlackBerry

2013-02-21 19:32 - 2013-02-21 21:00 - 00000077 ____A C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log

2013-02-21 19:32 - 2013-02-21 21:00 - 00000077 ____A C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log

2013-02-21 19:32 - 2013-02-21 19:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Research In Motion

2013-02-21 19:32 - 2013-02-21 19:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf

2013-02-21 19:32 - 2013-02-21 19:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf

2013-02-21 19:32 - 2013-02-21 19:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Research In Motion

2013-02-21 19:32 - 2011-07-20 11:58 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys

2013-02-21 19:31 - 2013-02-21 19:32 - 00001153 ____A C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2013-02-21 19:31 - 2013-02-21 19:31 - 00002231 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk

2013-02-21 19:31 - 2013-02-21 19:31 - 00000000 ____D C:\ProgramData\Research In Motion

2013-02-21 19:31 - 2013-02-21 19:31 - 00000000 ____D C:\Program Files (x86)\Research In Motion

2013-02-20 19:04 - 2013-02-20 21:29 - 1012292898 ___RA C:\Users\Owner\Downloads\CH-T&J3.mp4

2013-02-20 18:46 - 2013-02-20 19:00 - 1124627599 ___RA C:\Users\Owner\Downloads\CH Pinnacle.mp4

2013-02-19 20:01 - 2013-02-19 20:01 - 00000000 ____D C:\Users\Owner\Downloads\Pornstar WORKout 4

2013-02-19 19:36 - 2013-02-19 20:05 - 997194332 ___RA C:\Users\Owner\Downloads\CC2.mp4

2013-02-19 19:32 - 2013-03-09 22:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent

2013-02-14 18:51 - 2013-02-15 21:48 - 00772214 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-02-14 18:49 - 2013-02-14 18:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2013-02-14 18:48 - 2010-06-02 02:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll

2013-02-14 18:48 - 2010-06-02 02:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll

2013-02-14 18:48 - 2010-05-26 09:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll

2013-02-14 18:48 - 2010-05-26 09:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll

2013-02-14 18:48 - 2010-05-26 09:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll

2013-02-14 18:48 - 2010-05-26 09:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll

2013-02-14 18:48 - 2010-02-04 08:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll

2013-02-13 20:00 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-02-13 20:00 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-02-13 20:00 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-02-13 20:00 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-02-13 20:00 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-02-13 20:00 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-02-13 20:00 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-02-13 20:00 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-02-13 20:00 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-02-13 20:00 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-02-13 20:00 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-02-13 20:00 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-02-13 20:00 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-02-13 20:00 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-02-13 20:00 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-02-13 20:00 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-02-13 20:00 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-02-13 20:00 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-02-13 20:00 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-02-13 20:00 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-02-13 20:00 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-02-13 20:00 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-02-13 20:00 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-02-13 20:00 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-02-13 20:00 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-02-13 20:00 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-02-13 20:00 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-02-13 20:00 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-02-13 20:00 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-02-13 20:00 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-02-13 20:00 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-02-13 20:00 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-02-13 18:42 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-02-13 18:42 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-02-13 18:42 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-02-13 18:42 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-02-13 18:42 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-02-13 18:42 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-02-13 18:42 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-02-13 18:42 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-02-13 18:42 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-02-13 18:42 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-02-13 18:41 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-02-13 18:41 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2013-02-12 13:01 - 2013-02-12 13:01 - 00042184 ____A (Anchorfree Inc.) C:\Windows\System32\Drivers\taphss6.sys

2013-02-12 12:51 - 2013-02-12 12:51 - 00042184 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\hssdrv6.sys

==================== One Month Modified Files and Folders =======

2013-03-12 12:51 - 2013-03-12 12:41 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini

2013-03-12 12:50 - 2012-10-04 19:15 - 00000000 ____D C:\Program Files (x86)\Steam

2013-03-12 12:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-03-12 12:50 - 2009-07-13 20:51 - 00058249 ____A C:\Windows\setupact.log

2013-03-12 12:28 - 2012-09-30 15:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-03-12 12:27 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-03-12 12:27 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-03-12 12:24 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-12 12:22 - 2012-09-27 08:04 - 01327085 ____A C:\Windows\WindowsUpdate.log

2013-03-11 14:52 - 2013-03-11 14:51 - 00000000 ____D C:\Users\Owner\Desktop\BMW528receipt

2013-03-09 22:04 - 2013-02-19 19:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent

2013-03-06 16:33 - 2013-03-06 16:33 - 00020870 ____A C:\Users\Owner\Desktop\Indonesian Arbitration Cost Estimate Worksheet.xlsx

2013-03-01 06:23 - 2013-03-01 06:23 - 09269248 ____A C:\Users\Owner\Desktop\Owner's Quicken Data.QDF-backup

2013-02-27 22:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-02-27 22:12 - 2013-02-27 22:12 - 00094217 ____A C:\Users\Owner\Documents\What Forums Are Available.pptx

2013-02-27 19:29 - 2012-09-30 15:47 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-27 19:29 - 2012-09-30 15:47 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-27 18:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-02-27 18:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-02-27 18:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-02-27 18:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-02-26 19:45 - 2013-02-26 19:08 - 1931869665 ___RA C:\Users\Owner\Downloads\CH Pink Complex.mp4

2013-02-21 21:00 - 2013-02-21 19:32 - 00000077 ____A C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log

2013-02-21 21:00 - 2013-02-21 19:32 - 00000077 ____A C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log

2013-02-21 19:33 - 2013-02-21 19:33 - 00000000 ____D C:\Users\Owner\Documents\BlackBerry

2013-02-21 19:33 - 2013-02-21 19:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Research In Motion

2013-02-21 19:32 - 2013-02-21 19:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf

2013-02-21 19:32 - 2013-02-21 19:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf

2013-02-21 19:32 - 2013-02-21 19:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Research In Motion

2013-02-21 19:32 - 2013-02-21 19:31 - 00001153 ____A C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2013-02-21 19:31 - 2013-02-21 19:31 - 00002231 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk

2013-02-21 19:31 - 2013-02-21 19:31 - 00000000 ____D C:\ProgramData\Research In Motion

2013-02-21 19:31 - 2013-02-21 19:31 - 00000000 ____D C:\Program Files (x86)\Research In Motion

2013-02-20 21:29 - 2013-02-20 19:04 - 1012292898 ___RA C:\Users\Owner\Downloads\CH-T&J3.mp4

2013-02-20 19:00 - 2013-02-20 18:46 - 1124627599 ___RA C:\Users\Owner\Downloads\CH Pinnacle.mp4

2013-02-20 16:53 - 2012-09-27 08:05 - 00067390 ____A C:\Windows\PFRO.log

2013-02-19 20:05 - 2013-02-19 19:36 - 997194332 ___RA C:\Users\Owner\Downloads\CC2.mp4

2013-02-19 20:01 - 2013-02-19 20:01 - 00000000 ____D C:\Users\Owner\Downloads\Pornstar WORKout 4

2013-02-15 21:48 - 2013-02-14 18:51 - 00772214 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-02-14 18:49 - 2013-02-14 18:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2013-02-14 18:48 - 2012-10-05 18:06 - 00359060 ____A C:\Windows\DirectX.log

2013-02-14 05:10 - 2009-07-13 20:45 - 00423104 ____A C:\Windows\System32\FNTCACHE.DAT

2013-02-13 20:05 - 2012-12-03 18:59 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-02-13 20:04 - 2012-09-27 10:17 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-02-12 13:01 - 2013-02-12 13:01 - 00042184 ____A (Anchorfree Inc.) C:\Windows\System32\Drivers\taphss6.sys

2013-02-12 12:51 - 2013-02-12 12:51 - 00042184 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\hssdrv6.sys

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-19 00:08:00

Restore point made on: 2013-02-19 19:35:02

Restore point made on: 2013-02-19 19:35:39

Restore point made on: 2013-02-21 19:31:06

Restore point made on: 2013-02-22 18:36:04

Restore point made on: 2013-02-26 18:30:40

Restore point made on: 2013-02-26 20:23:41

Restore point made on: 2013-03-05 18:20:15

Restore point made on: 2013-03-09 07:01:16

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8182.93 MB

Available physical RAM: 7349.4 MB

Total Pagefile: 8181.07 MB

Available Pagefile: 7335.35 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:296.34 GB) NTFS

2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive h: () (Removable) (Total:3.92 GB) (Free:0.03 GB) FAT32

10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

11 Drive y: (New Volume) (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 1024 KB

Disk 1 Online 465 GB 0 B

Disk 2 Online 4020 MB 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Disk ID: 7131DC42

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 Y New Volume NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 78000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 1

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Disk ID: 00000001

Partition ### Type Size Offset

------------- ---------------- ------- -------

* Partition 1 Primary 4020 MB 0 B

==================================================================================

Disk: 2

There is no partition selected.

There is no partition selected.

Please select a partition and try again.

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: 7131DC42

Partition 1:

=========

Hex: 0020210007FEFFFF000800000048383A

Active: NO

Type: 07 (NTFS)

Size: 466 GB

==============================

Partitions of Disk 1:

===============

Disk ID: 78000000

Partition 1:

=========

Hex: 8020210007DF130C0008000000200300

Active: YES

Type: 07 (NTFS)

Size: 100 MB

Partition 2:

=========

Hex: 00DF140C07FEFFFF002803000030353A

Active: NO

Type: 07 (NTFS)

Size: 466 GB

==============================

Partitions of Disk 2:

===============

Disk ID: 69737369

Partition 1:

=========

Hex: FF0D0A4469736B206572726F72FF0D0A

Active: NO

Type: 69

Size: 80 GB

Partition 2:

=========

Hex: 507265737320616E79206B657920746F

Active: NO

Type: 73

Size: 892 GB

Partition 3:

=========

Hex: 20726573746172740D0A000000000000

Active: NO

Type: 74

Size: 0 byte

Partition 4:

=========

Hex: 0000000000000000000000ACBFCC0000

Active: NO

Type: 00

Size: 26 MB

Last Boot: 2013-03-05 06:27

==================== End Of Log =============================

[Larusso]

No problem. It can happen

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [130048 2011-11-16] (SmartCart Technologies)
2013-03-12 12:41 - 2013-03-12 12:51 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST by typing F:\frst64 and press the Fix button just once and wait.

Note: You might need to choose a different drive letter.

The tool will make a log on the flashdrive ( Fixlog.txt ) please post it to your reply.

You should now be able to boot in Windows again. If not, stop here and let me know.

Download OTL to your Desktop.

• Double click on the icon to run it.
  
• Under the box paste this in

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

• Make sure all other windows are closed to let it run uninterrupted.
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

[viriatus]

Larusso:

Worked like a charm. Booted into safe mode just fine. I am running Malwarebytes right now. The fixlog is:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-03-2013 01

Ran by SYSTEM at 2013-03-12 19:24:04 Run:1

Running from H:\

==============================================

HKEY_USERS\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.

C:\Users\Owner\AppData\Roaming\skype.ini moved successfully.

==== End of Fixlog ====

Anything else I should do to make sure the virus is gone?

[Larusso]

Please follow my instructions.

From my 2nd reply

Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.

There are reasons for

[viriatus]

Sorry. I shut it down

[viriatus]

Results from running OTL:

OTL file:

OTL logfile created on: 3/12/2013 7:58:03 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.19% Memory free

15.98 Gb Paging File | 14.38 Gb Available in Paging File | 89.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 296.33 Gb Free Space | 63.64% Space Free | Partition Type: NTFS

Drive J: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/12 19:55:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012/11/16 15:24:44 | 000,913,184 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV:64bit: - [2012/06/18 16:43:48 | 000,014,704 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/02/27 22:29:08 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/09/27 10:55:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2012/09/27 10:54:38 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2012/02/10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 12:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/12/29 05:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/12 16:01:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

DRV:64bit: - [2012/11/16 14:57:30 | 000,209,808 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/28 14:06:56 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2012/03/28 14:06:56 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/25 02:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)

DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2011/05/04 13:24:14 | 000,007,680 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2009/07/29 18:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)

DRV:64bit: - [2009/07/29 18:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)

DRV:64bit: - [2009/07/29 18:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 001,192,448 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 21:34:50 | 000,639,512 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)

DRV:64bit: - [2009/04/22 17:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/04/22 17:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/05/11 15:59:58 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/09/27 10:03:55] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 62 3E F2 72 0F CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/01/02 22:04:07 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Launch Keyboard CI] C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [sPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF4A22B3-572C-4E2F-A662-29102E511DFE}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/12 21:46:34 | 000,000,000 | ---D | C] -- C:\FRST

[2013/03/12 19:55:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2013/03/11 17:51:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BMW528receipt

[2013/03/06 22:34:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2013/02/26 23:23:55 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll

[2013/02/26 23:23:55 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/02/26 23:23:55 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll

[2013/02/26 23:23:55 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/02/26 23:23:52 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll

[2013/02/26 23:23:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/02/26 23:23:49 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013/02/26 23:23:49 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013/02/26 23:23:49 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/02/26 23:23:49 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/02/26 23:23:49 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/02/26 23:23:49 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/02/26 23:23:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/02/26 23:23:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/02/26 23:23:49 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/02/26 23:23:49 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/02/26 23:23:48 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013/02/26 23:23:48 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/02/26 23:23:48 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/02/26 23:23:48 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll

[2013/02/26 23:23:48 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013/02/26 23:23:48 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll

[2013/02/26 23:23:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/02/26 23:23:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/02/26 23:23:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/02/26 23:23:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/02/26 23:23:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/02/26 23:23:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/02/26 23:23:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/02/26 23:23:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll

[2013/02/26 23:23:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/02/26 23:23:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/02/26 23:23:47 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/02/26 23:23:47 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013/02/26 23:23:47 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/02/26 23:23:47 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll

[2013/02/26 23:23:47 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/02/26 23:23:46 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/02/26 23:23:46 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/02/26 23:23:46 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/02/26 23:23:46 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2013/02/21 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\BlackBerry

[2013/02/21 22:32:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Research In Motion

[2013/02/21 22:32:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Research In Motion

[2013/02/21 22:32:01 | 000,044,032 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys

[2013/02/21 22:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry

[2013/02/21 22:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion

[2013/02/21 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM

[2013/02/21 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion

[2013/02/21 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion

[2013/02/19 22:32:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\uTorrent

[2013/02/14 21:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation

[2013/02/14 21:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2013/02/14 21:48:35 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll

[2013/02/14 21:48:34 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll

[2013/02/14 21:48:32 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll

[2013/02/14 21:48:32 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll

[2013/02/14 21:48:31 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll

[2013/02/14 21:48:30 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll

[2013/02/14 21:48:28 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll

[2013/02/13 23:00:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/02/13 23:00:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/02/13 23:00:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/02/13 23:00:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/02/13 23:00:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/02/13 23:00:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/02/13 23:00:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/02/13 23:00:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/02/13 23:00:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/02/13 23:00:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/02/13 23:00:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/02/13 23:00:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/02/13 23:00:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/02/13 23:00:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/02/13 23:00:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/02/13 21:42:18 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/02/13 21:42:16 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/02/13 21:42:15 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/02/13 21:42:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/02/13 21:42:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/02/13 21:42:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/02/13 21:42:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/02/13 21:42:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/02/13 21:42:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/02/13 21:41:57 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2013/02/12 16:01:36 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys

[2013/02/12 15:51:52 | 000,042,184 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2012/09/27 11:55:47 | 000,130,048 | ---- | C] (SmartCart Technologies) -- C:\Users\Owner\AppData\Roaming\skype.dat

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/12 19:55:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2013/03/12 19:26:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/03/12 19:26:04 | 2140,344,319 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/12 15:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/03/12 15:27:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/03/12 15:27:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/03/12 15:24:11 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/03/12 15:24:11 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/03/12 15:24:11 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/03/01 09:23:19 | 009,269,248 | ---- | M] () -- C:\Users\Owner\Desktop\Owner's Quicken Data.QDF-backup

[2013/02/27 22:29:08 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/02/27 22:29:08 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/02/21 22:32:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf

[2013/02/21 22:32:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf

[2013/02/21 22:31:51 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk

[2013/02/16 00:48:49 | 000,772,214 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/02/14 08:10:43 | 000,423,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/02/12 16:01:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys

[2013/02/12 15:51:52 | 000,042,184 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/01 09:23:19 | 009,269,248 | ---- | C] () -- C:\Users\Owner\Desktop\Owner's Quicken Data.QDF-backup

[2013/02/21 22:32:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf

[2013/02/21 22:32:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf

[2013/02/21 22:31:51 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk

[2013/02/14 21:51:08 | 000,772,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/01/14 01:00:03 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp

[2013/01/14 00:59:42 | 000,444,366 | ---- | C] () -- C:\ProgramData\1.jpg

[2012/10/09 22:54:44 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2012/09/28 07:37:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/09/27 10:55:51 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012/09/27 10:55:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012/09/27 10:55:50 | 000,148,992 | R--- | C] () -- C:\Windows\SysWow64\OemSpiE.dll

[2012/09/27 10:55:50 | 000,001,436 | R--- | C] () -- C:\Windows\CfgHPSp.ini

[2012/09/27 10:55:50 | 000,001,434 | R--- | C] () -- C:\Windows\Cfg05Sp.ini

[2012/09/27 10:55:50 | 000,001,434 | R--- | C] () -- C:\Windows\Cfg04Sp.ini

[2012/09/27 10:55:50 | 000,001,091 | R--- | C] () -- C:\Windows\Cfg03Sp.ini

[2012/09/27 10:55:50 | 000,001,091 | R--- | C] () -- C:\Windows\Cfg02Sp.ini

[2012/09/27 10:55:50 | 000,001,000 | R--- | C] () -- C:\Windows\Cfg01Sp.ini

[2012/09/27 10:55:50 | 000,000,932 | R--- | C] () -- C:\Windows\CfgHPHp.ini

[2012/09/27 10:55:50 | 000,000,932 | R--- | C] () -- C:\Windows\CfgHPDO.ini

[2012/09/27 10:55:50 | 000,000,932 | R--- | C] () -- C:\Windows\Cfg05DO.ini

[2012/09/27 10:55:50 | 000,000,932 | R--- | C] () -- C:\Windows\Cfg04DO.ini

[2012/09/27 10:55:50 | 000,000,930 | R--- | C] () -- C:\Windows\Cfg05Hp.ini

[2012/09/27 10:55:50 | 000,000,930 | R--- | C] () -- C:\Windows\Cfg04Hp.ini

[2012/09/27 10:55:50 | 000,000,818 | R--- | C] () -- C:\Windows\Cfg01APR.ini

[2012/09/27 10:55:50 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg03Hp.ini

[2012/09/27 10:55:50 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg03DO.ini

[2012/09/27 10:55:50 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg02Hp.ini

[2012/09/27 10:55:50 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg02DO.ini

[2012/09/27 10:55:50 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg01Hp.ini

[2012/09/27 10:55:50 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg01DO.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\CfgHPRMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\CfgHPRLI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\CfgHPFMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\CfgHPDI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg05RMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg05RLI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg05FMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg05DI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg04RMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg04RLI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg04FMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg04DI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RLI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03FMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03DI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RLI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02FMi.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02DI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01Mic.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01LI.ini

[2012/09/27 10:55:50 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01DI.ini

[2012/09/27 10:53:16 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg

[2012/06/18 17:07:08 | 000,022,384 | ---- | C] () -- C:\Windows\SysWow64\LightFX.dll

[2011/07/01 12:17:22 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

EXTRAS file:

OTL Extras logfile created on: 3/12/2013 7:58:03 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.19% Memory free

15.98 Gb Paging File | 14.38 Gb Available in Paging File | 89.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 296.33 Gb Free Space | 63.64% Space Free | Partition Type: NTFS

Drive J: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0121E18C-BA6B-40BF-BF97-7C8BDD9E5D08}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{08218CA0-0BD7-4F16-9A14-DA98A790CBCC}" = rport=10243 | protocol=6 | dir=out | app=system |

"{0A06A248-1824-43F2-BE93-A354779EDF3E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{0CE5AEC8-4F75-436A-9606-34CDEF291D3E}" = rport=137 | protocol=17 | dir=out | app=system |

"{0E17DF52-0C8A-47F1-B8D8-2163FC805A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2FC30CFE-5B57-4722-A436-5FA59E89C57F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3DABEE0A-79EA-4C51-A45D-2C56205EA163}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3F41851B-6AC0-4E02-BB20-2D39035D3B15}" = lport=10243 | protocol=6 | dir=in | app=system |

"{45E9601F-10F7-4F8B-848B-6A90A3FB997D}" = lport=139 | protocol=6 | dir=in | app=system |

"{48DAAA9A-2AEB-437A-A673-1E27EF5AD15F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{490770DE-D2D0-41B1-902E-EBB04897F344}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{4E85C62D-1472-47CC-9063-B34AD02B420D}" = lport=445 | protocol=6 | dir=in | app=system |

"{5ECC8A2B-D573-40F7-9C72-E6A9FC4DD0FF}" = rport=445 | protocol=6 | dir=out | app=system |

"{70BE78A3-3D7B-4105-BA45-9E5FC066300D}" = rport=139 | protocol=6 | dir=out | app=system |

"{764B857B-CC75-46AC-B5BF-0EE6FD2A4DC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7D71C6BD-6588-4A15-9B85-C8266DF78D6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{821E0AC8-90C5-4528-8F4F-4E8BDF0B8630}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8F625CDB-6238-4E2E-8062-375E7822403D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9C8638C3-56D3-48B9-9983-4816A4763168}" = rport=138 | protocol=17 | dir=out | app=system |

"{AD3BCFD0-1BB9-44D9-BC22-73A5BAEED421}" = lport=138 | protocol=17 | dir=in | app=system |

"{AE8C5C3C-315E-43A3-AE39-D2E3D39AC2A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BF1E19E3-B497-4C9F-85B9-08D7DA990EB2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{CA2557E2-2595-4970-81A0-4D30442CA80F}" = lport=137 | protocol=17 | dir=in | app=system |

"{F1F25ED5-5B58-41ED-9E17-8C3461D8F1AE}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{F370EC71-00EA-4C32-854F-446E1415C3EA}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{F7FC4A5F-709D-4394-95D8-B0CE0948F21A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003D7CEB-F129-4B18-BE06-384DAF264C12}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

"{04BDE341-A4B3-46B1-BAD4-92D1E70CF7DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0A068104-E242-4062-B9DC-994A76967C84}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{0A1975AE-5942-4505-87E0-722A6721701C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{0B9E3DC6-5CF9-4DE0-874F-BA5D3CF65F52}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{1EBE7609-4BEF-4C3F-AD87-9AA8D1452613}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |

"{2142E919-30ED-4E95-BF5C-954A8C72717A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{295F6845-2F45-4E4C-8576-2E9138A35D22}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{32B9EFC2-97A5-453E-8855-F2B3E58626A9}" = protocol=6 | dir=out | app=system |

"{32FF8899-3691-4B43-8A63-BEFD57C10FCE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{337A50FC-6065-4B3A-A9F0-68BF0062C231}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{35A304AE-3E76-40D7-A3E4-0D238F0884C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe |

"{39D581E1-92AD-4A73-8512-7AB1CE97D80D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |

"{3FE62B62-CFD5-41FF-B0BF-1041FC2DF7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{4155BA5B-8F44-42D2-B53D-21B00A956FEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{42D1656E-08D3-4D11-A636-693DD0FD7008}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{449B0222-9823-4BDD-BB67-EC3C12A35E5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stacking\stack.exe |

"{516558CC-B872-4170-BFA5-0F00473E21F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |

"{585B4446-B82A-483B-B8A3-215C61741AEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5863D7CD-25E3-4A07-AE3D-54A975F6D2A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe |

"{59EA4132-DB11-4D28-AE44-F650CA130126}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5AE9E37E-996C-4B59-BA26-DE96FA2228F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{5C48E4E8-146F-4C06-A856-0A7BF7F8D8C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5E1D844A-83D8-4C7A-BE1C-377D9F735826}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{667210F4-6D2B-4C2F-AC69-B40BEC7871C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6B98A840-3A5F-4119-BA57-4F91BF47F40E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ship simulator extremes\steam.exe |

"{6CE65723-18DA-4019-9294-EBD510252E87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{6FB56540-D365-44AC-AD41-E5CEECA625FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |

"{810D85AC-B9C3-421A-B96F-69C465875661}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{83B2CE99-A476-4197-9B42-6236C0F4E1EE}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{86D015C9-B5AC-4315-816E-1A677C47CFD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |

"{88CB2ED4-9E2F-48B3-9A48-517CE96D5CEF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{8BA95A34-4720-49A9-B35A-87C8C8928A8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |

"{8C38CA9E-3E19-416F-A22A-1833196C0BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe |

"{961C9183-22C5-431F-8CBF-B741294D84A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |

"{9C5DBBB6-1A25-488E-8F87-82FEF9039074}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ship simulator extremes\steam.exe |

"{9DB3C3E5-A58A-4EA4-BE01-8E76C14ACB71}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A9DBD693-43E4-415F-9294-8829FE410708}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{AF4CEA07-EF74-4069-8F4F-F7BC17D4B5E5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{AFA1ADFA-7592-4630-9EDB-6C6F8E6E3D43}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B4931807-F2BB-4EF4-A652-734D094E2588}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{BAB7052E-30FB-44B0-BBD2-4B465F730E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |

"{C8C6AAAB-145D-40FB-81FD-6D9052ED7641}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |

"{CABC9D82-F9D2-4922-A95C-9E85F29E2C1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{D086CA33-5003-4DA8-B307-6E487C70CF71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D8A431D8-C0A2-47A8-84A0-238E75A0BD42}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{DBB49C8E-D63F-4399-A98F-532B81A431E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |

"{DD30EEDA-55F7-402B-B248-57F6D9EE846A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |

"{DF4465E6-803E-487D-AD7D-7A9E7C888EAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |

"{E57AF8CF-5EC7-4879-87F2-C2F754F07DAF}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

"{E72C9087-0937-47C3-ACEF-98362A64F0BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |

"{EE986314-1DF3-46B1-854B-9EAA9517E23F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |

"{F0529BCB-0148-4562-9702-1A95B02F1F76}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{F3DD4D5E-1FB6-4B77-A232-B4ECD5796F1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F739C0CC-537C-4B8E-92B8-E1D261DDE7FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lego star wars saga\legostarwarssaga.exe |

"{F75F68DA-F8F1-4FAE-A4BC-A33442369856}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{FB9DE57A-DC91-41EC-A553-5DFAD42E11D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stacking\stack.exe |

"{FD1204A5-2037-4F5C-ACA3-C9BA2CD994A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{FFAA556D-DF0E-45F0-BBAD-6744FB997FBA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |

"TCP Query User{33363DE1-15F1-407F-B5DD-1957E302410E}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |

"TCP Query User{4702AB74-C08F-44C8-AA71-9212606BD3F0}C:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe |

"TCP Query User{CA37E701-D024-4284-8447-94672C2783BE}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |

"TCP Query User{DB74FFAF-80FB-4E7D-B803-EF4936A32F9D}C:\users\owner\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |

"UDP Query User{5BCAA887-03E2-414C-B3A2-2121ACDF0C5D}C:\users\owner\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |

"UDP Query User{67198F82-FC34-4591-B9BD-08D3693743C9}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |

"UDP Query User{B7A39E63-663D-45B7-A60D-19AAB7324446}C:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe |

"UDP Query User{E81DE867-B3BC-4107-BF2A-75283790CBEE}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study

"{13A3A271-B2AA-486C-9AD5-F272079BB9B5}" = Alienware TactX Keyboard CI 1.00.130

"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10

"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8A22EA5F-5507-4DC1-BD30-43C1EB95BFBD}" = ESET NOD32 Antivirus

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{ACBE8264-9018-49B8-9041-3A74E2596BF3}" = Alienware Command Center

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}" = Alienware TactX Mouse CI 1.00

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"UDK-6ae9f682-72ca-490a-9687-43c19c1fa38c" = My Game Long Name

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts

"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1

"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AudioCS" = Creative Audio Control Panel

"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Host OpenAL" = Host OpenAL

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}" = Alienware Command Center

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"PdaNet_is1" = PdaNet for Android 3.50

"Rockstar Games Social Club" = Rockstar Games Social Club

"Steam App 110800" = L.A. Noire

"Steam App 115110" = Stacking

"Steam App 203730" = Q.U.B.E.

"Steam App 23490" = Tropico 3 - Steam Special Edition

"Steam App 32440" = Lego Star Wars Saga

"Steam App 34030" = Napoleon: Total War

"Steam App 400" = Portal

"Steam App 4570" = Warhammer 40,000: Dawn of War - Game of the Year Edition

"Steam App 4580" = Warhammer 40,000: Dawn of War – Dark Crusade

"Steam App 48800" = Ship Simulator Extremes

"Steam App 50130" = Mafia II

"Steam App 57600" = Tropico 3: Absolute Power

"Steam App 620" = Portal 2

"Steam App 9310" = Warhammer 40,000: Dawn of War – Winter Assault

"uTorrent" = µTorrent

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"9204f5692a8faf3b" = Dell System Detect

"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/16/2013 12:21:43 AM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1144 Start

Time: 01cdf3996c66b592 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet

Explorer\iexplore.exe Report Id:

Error - 1/16/2013 12:22:42 AM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 3228 Start

Time: 01cdf3a0fd936f1d Termination Time: 8 Application Path: C:\Program Files (x86)\Internet

Explorer\iexplore.exe Report Id:

Error - 1/17/2013 10:51:17 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 1/17/2013 10:51:17 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = 504: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 1/22/2013 2:32:09 AM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: c98 Start

Time: 01cdf848522f807d Termination Time: 59 Application Path: C:\Program Files (x86)\Internet

Explorer\iexplore.exe Report Id:

Error - 2/27/2013 11:23:21 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002

Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1834 Start

Time: 01ce1561d3719ac2 Termination Time: 26 Application Path: C:\Program Files (x86)\Windows

Media Player\wmplayer.exe Report Id: 295803d6-8156-11e2-8e0a-a4badb037577

Error - 3/5/2013 10:17:55 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,

time stamp: 0x4d672ee4 Faulting module name: Explorer.EXE, version: 6.1.7601.17567,

time stamp: 0x4d672ee4 Exception code: 0xc0000005 Fault offset: 0x00000000000679c9

Faulting

process id: 0x48c Faulting application start time: 0x01ce1a10c513934c Faulting application

path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report

Id: 0d955fa3-8604-11e2-a5a2-a4badb037577

Error - 3/5/2013 10:18:10 PM | Computer Name = Owner-PC | Source = .NET Runtime | ID = 1026

Description =

Error - 3/5/2013 10:18:10 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ThermalController.exe, version: 2.8.9.0,

time stamp: 0x4fdf6f54 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x000007ff00142fe1 Faulting process

id: 0xa78 Faulting application start time: 0x01ce1a10d19c7095 Faulting application

path: C:\Program Files\Alienware\Command Center\ThermalController.exe Faulting module

path: unknown Report Id: 16ea47d3-8604-11e2-a5a2-a4badb037577

Error - 3/5/2013 10:18:16 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ThermalController.exe, version: 2.8.9.0,

time stamp: 0x4fdf6f54 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,

time stamp: 0x50b8479b Exception code: 0xc000041d Fault offset: 0x0000000000009e5d

Faulting

process id: 0xa78 Faulting application start time: 0x01ce1a10d19c7095 Faulting application

path: C:\Program Files\Alienware\Command Center\ThermalController.exe Faulting module

path: C:\Windows\system32\KERNELBASE.dll Report Id: 1a3c1315-8604-11e2-a5a2-a4badb037577

[ System Events ]

Error - 3/12/2013 8:47:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 3/12/2013 8:49:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 3/12/2013 8:49:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 3/12/2013 8:49:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 3/12/2013 8:54:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 3/12/2013 8:54:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 3/12/2013 8:54:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 3/12/2013 8:56:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 3/12/2013 8:56:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 3/12/2013 8:56:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

< End of report >

[Larusso]

Hy there.

I rarely have seen a junkfree computer like yours.

One file needs our attention here but before I have you running a "senceless" fix, I want to completely check your system for any remaints.

( it is 2am here so good nite )

Use Internet Explorer to perform an online scan with Panda ActiveScan

• Click on Scan your PC
  
• Ensure Full scan is still selected.
  
• Click Scan now
  
• Install the ActiveX Control if prompted, then click Install to install the software.
  
• Wait for the components to be loaded, installed, and updated. Don't close this window or go to another page while it is downloading.
  
• Please be patient as it may take a while to complete, especially if you have a large hard drive.
  
• When finished, click on the document next to Export to:
  
  
• Export the log and Save it to your Desktop.
  
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Please post the contents of that log in your next reply.
  
• If you are presented with the message Today you are not infected, there will be no log, just let your helper know no infections were found.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
  
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

[viriatus]

Results of PANDA scan:

;***********************************************************************************************************************************************************************************

ANALYSIS: 2013-03-12 21:07:52

PROTECTIONS: 1

MALWARE: 42

SUSPECTS: 2

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

ESET NOD32 Antivirus 5.2 Yes Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\uujd121t.txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\4qji2ioq.txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\v88wh9tq.txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\hfzbxl7m.txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\s7ruhsjd.txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\vbgd3eb5.txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\bkovl3jo.txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\pmlz5kh0.txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\qsdmuvx2.txt

00145792 Cookie/SexList TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\thf6p1eu.txt

00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\xirsajo7.txt

00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\hzyhy7f8.txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\wv8zui39.txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\yy865o5t.txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\7jzzt2ez.txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\5ae7w63m.txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\c42zr0tt.txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\ae8p6dzv.txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\7p8u82pf.txt

00167761 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\zrfzydt3.txt

00167764 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\leigjcie.txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\6x2azh4b.txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\xb2lnwz5.txt

00168057 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\shvlbltz.txt

00168058 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\uyp2way9.txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\hs9ebgqr.txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\os89znf4.txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\bd3ql0d7.txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\1jxj1bq7.txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\7cxf6sfb.txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\lm2ambf3.txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\iqpuba4g.txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\qft28szy.txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\544x3nv7.txt

00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\8s6dn22n.txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\lxoevha5.txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\2jho9wob.txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\i98ahe7m.txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\9jhb0q80.txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\x4ayjtd2.txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\egl4k4j0.txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\v1ckcmly.txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\p0u1g2kk.txt

00180153 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\yoxc48ps.txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\vlvovvsh.txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\5240zn2s.txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\zkz3s8ba.txt

00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\vib4komh.txt

00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\sfibvm94.txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\2vm8sx9s.txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\gwkqayv5.txt

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\3jhg47pq.txt

04731062 Trj/Dtcontx.B Virus/Trojan No 0 Yes No c:\users\owner\appdata\locallow\sun\java\deployment\cache\6.0\57\58ab55f9-7d8848f5[jucy.exe]

05670149 Trj/Dtcontx.C Virus/Trojan No 0 Yes No c:\users\owner\appdata\locallow\sun\java\deployment\cache\6.0\30\4081e81e-2d26f37f[usjuicy.exe]

;===================================================================================================================================================================================

SUSPECTS

Sent Location

;===================================================================================================================================================================================

No c:\users\owner\appdata\local\temp\7414096257082602068382.exe

No c:\users\owner\appdata\roaming\skype.dat

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description

;===================================================================================================================================================================================

;===================================================================================================================================================================================

[Larusso]

Still here cause another user having much more troubles than you

Most of the detections are Cookies so no worries about them. The 2 files are these I expected.

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Box:

:files
c:\users\owner\appdata\roaming\skype.dat
:commands
[emptytemp]

• Please close all other programs now.
  
• Then click the Run Fix button at the top.
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
• Scroll down to where it says Java SE 7u17
• Click the Download button under JRE to the right.
• Read the License Agreement then select Accept License Agreement
• Click on the link to download Windows x86 Offline and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-7u17-windows-i586.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Leave these two Checked
    
    • 
      Trace and Log Files
      Cached Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Any open issues ?

[viriatus]

Late night for you. Glad I'm not the cause!

Here is the result from the OTL log:

All processes killed

Error: Unable to interpret <:filesc:\users\owner\appdata\roaming\skype.dat:commands[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 03122013_212536

Is that right?

[Larusso]

Hm, nope not the correct one but I dont see a mistake in my script.

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Box:

:otl
[2012/09/27 11:55:47 | 000,130,048 | ---- | C] (SmartCart Technologies) -- C:\Users\Owner\AppData\Roaming\skype.dat
:commands
[emptytemp]

• Please close all other programs now.
  
• Then click the Run Fix button at the top.
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

[viriatus]

Looks like a similar result?

All processes killed

Error: Unable to interpret <:otl[2012/09/27 11:55:47 | 000,130,048 | ---- | C] (SmartCart Technologies) -- C:\Users\Owner\AppData\Roaming\skype.dat:commands[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 03122013_214322

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Larusso]

The easy way would be boring, not.

Please download the attached fix.txt to the same location as OTL.exe.

Run OTL.

Press the red Run Fix button. OTL will ask you if you want to load a file. Choose OK, navigate to the fix.txt and press OK again.

Now the script should be copied into the fixbox.

Press Run Fix

fix.txt

[viriatus]

Success?!?

All processes killed

========== OTL ==========

C:\Users\Owner\AppData\Roaming\skype.dat moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Owner

->Temp folder emptied: 683098002 bytes

->Temporary Internet Files folder emptied: 1849383877 bytes

->Java cache emptied: 1605579 bytes

->Flash cache emptied: 174815 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 1564672 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 511421983 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46441298 bytes

RecycleBin emptied: 4466311 bytes

Total Files Cleaned = 2,955.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03122013_220246

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZDFQNP9E\ddc[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZDFQNP9E\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZDFQNP9E\fastbutton[8].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7O3JK3P\160x600dbros5[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7O3JK3P\160x600dbros6[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7O3JK3P\728x90dbros[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7O3JK3P\ddc[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7O3JK3P\ddc[2].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7O3JK3P\impi[3].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7O3JK3P\iu3[4].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7O3JK3P\p-01-0VIaSjnOLg[1].gif moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7O3JK3P\p-01-0VIaSjnOLg[2].gif moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9MV6E2CL\andes_c[3].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9MV6E2CL\index[2].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9MV6E2CL\pd[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9MV6E2CL\push[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9MV6E2CL\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\0RFM53zxTL_1527333099[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\160x600dbros1[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\160x600dbros2[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\160x600dbros3[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\160x600dbros4[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\300x250dbrosatf[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\728x90dbrosatf[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\cms-2c[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\ddc[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\ddc[2].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\index[2].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\pd[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RS2HF7X\pd[2].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Larusso]

If not done yet, please update your Java as instructed above and let me know how your system behaves now.

[viriatus]

For some reason, I can't uninstall Java. I found "Java 7 Update 9" in add/remove programs but every time I tell it to uninstall it asks me if I want to allow the program to update. When I click "no" the whole process stops. I checked to see if Java is running in the background but I don't see it listed in the task manager. Thoughts?

[Larusso]

Always these troubles with uninstalling Java. Not sure if Version 9 will be automatically uninstalled.

If you haven't installed Java Update 17 yet, allow it to update and check if Java Update 9 is still present after the update

[viriatus]

Success!

Many, many thanks Larusso. I very much appreciate all the help.

[Larusso]

You are welcome.

Any open issues ?