Department of Justice MoneyPak - Windows 7

[kkm2]

Hello, I'm I'm a new member so I apologize if this is not the best way to ask for help but I have recently become infected with this Department of Justice MoneyPak ransomware on my Windows 7 system and for the life of me cannot remove it. I have a Farbar recovery scan report if that's useful. Can someone help me out? Thank you.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2013

Ran by SYSTEM on 24-05-2013 07:20:49

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [secure Applicayion] C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe [258664 2012-03-23] ()

HKLM\...\Run: [instantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] ()

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12476520 2012-04-10] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1158248 2012-03-08] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [1020576 2012-02-28] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [800416 2012-02-28] (Atheros Commnucations)

HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)

HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\kkm\AppData\Local\Temp\Rar$EXa0.217\mbar\mbar.exe" /cleanup /s [1398856 2013-03-22] (Malwarebytes Corporation)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [341360 2011-09-20] (Egis Technology Inc.)

HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [296984 2012-01-05] (NTI Corporation)

HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)

HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKU\kkm\...\Run: [spotify Web Helper] "C:\Users\kkm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-18] (Spotify Ltd)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer VCM.lnk

ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

Startup: C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy ()

Startup: C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-02-17] (Diskeeper Corporation)

S2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated)

S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-14] ()

S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-03-14] (Intel Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-14] (Intel Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)

S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1871032 2013-03-14] (Microsoft Corporation)

S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.)

S2 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [237160 2012-03-23] ()

==================== Drivers (Whitelisted) ====================

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3545088 2012-02-29] (Qualcomm Atheros Communications, Inc.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()

S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-02-17] (Diskeeper Corporation)

S0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [92976 2012-02-17] (Diskeeper Corporation)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

S3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-14] (Intel Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-24 07:20 - 2013-05-24 07:20 - 00000000 ____D C:\FRST

2013-05-23 18:01 - 2013-05-23 18:01 - 00001063 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk

2013-05-23 18:01 - 2013-05-23 18:01 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2013-05-23 17:51 - 2013-05-23 17:51 - 00006512 ____N C:\bootsqm.dat

2013-05-23 14:33 - 2013-05-23 14:33 - 00002258 ____A C:\Users\kkm\Desktop\SpyHunter.lnk

2013-05-23 14:33 - 2013-05-23 14:33 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP

2013-05-23 14:33 - 2013-05-23 14:33 - 00000000 ____D C:\sh4ldr

2013-05-23 14:33 - 2013-05-23 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-05-23 14:33 - 2012-06-22 08:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys

2013-05-23 14:29 - 2013-05-23 14:29 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\kkm\Downloads\SpyHunter-Installer.exe

2013-05-23 12:50 - 2013-05-23 12:50 - 00000000 __ASH C:\DkHyperbootSync

2013-05-23 10:16 - 2013-05-23 10:26 - 00000000 ____D C:\ProgramData\HitmanPro

2013-05-20 16:44 - 2013-05-20 16:44 - 00000065 ____A C:\Users\kkm\Desktop\malware.txt

2013-05-20 16:39 - 2013-05-20 16:40 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\kkm\Downloads\mbam-consumer.exe

2013-05-20 15:30 - 2013-05-20 15:34 - 00421603 ____A C:\Users\kkm\Desktop\Group Meeting 5-21.pptx

2013-05-20 11:26 - 2013-05-20 15:39 - 00010042 ____A C:\Users\kkm\Desktop\group meeting 5-21.xlsx

2013-05-19 17:44 - 2013-05-19 17:44 - 10690345 ____A C:\Users\kkm\Downloads\VIDEO0018.3gp

2013-05-19 12:21 - 2013-05-19 12:21 - 00288837 ____A C:\Users\kkm\Downloads\851 final version (1).pptx

2013-05-19 07:48 - 2013-05-19 07:48 - 00000000 ____D C:\Program Files (x86)\Lux

2013-05-19 07:37 - 2013-05-19 07:48 - 79901531 ____A (Sillysoft Games ) C:\Users\kkm\Downloads\LuxDeluxSetup.exe

2013-05-18 08:32 - 2013-05-23 03:47 - 00000000 ___HD C:\Users\Public\Documents\Report

2013-05-16 03:24 - 2013-05-16 03:24 - 00000000 ____D C:\89745e524c96c8c1cd70

2013-05-16 03:19 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 03:19 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 03:19 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-16 03:19 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 03:19 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-16 03:19 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-16 03:19 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 03:19 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-16 03:19 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 03:19 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 03:19 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-16 03:19 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-15 16:31 - 2013-05-15 16:32 - 00000000 ____D C:\Program Files (x86)\TuneUpMedia

2013-05-15 16:30 - 2013-05-17 15:03 - 00000000 ____D C:\Users\kkm\AppData\Roaming\TuneUpMedia

2013-05-15 16:30 - 2013-05-15 18:01 - 00000000 ____D C:\ProgramData\TuneUpMedia

2013-05-15 16:29 - 2013-05-15 16:30 - 35780008 ____A (TuneUp Media, Inc.) C:\Users\kkm\Downloads\TuneUpInst-2.4.6.4.exe

2013-05-15 04:23 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 04:23 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 04:23 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-15 04:23 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 04:23 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 04:23 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 04:23 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 04:23 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-15 04:23 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-15 04:23 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-15 04:23 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-13 06:24 - 2013-05-13 06:24 - 00426080 ____A (windows7download.com) C:\Users\kkm\Downloads\dhaatu_installer.exe

2013-05-12 10:06 - 2013-05-12 10:06 - 00000000 ____D C:\Users\kkm\Documents\OneNote Notebooks

2013-05-09 10:59 - 2013-05-09 10:59 - 00000000 ____D C:\Users\kkm\AppData\Local\{50C4BDA9-B52E-4833-B699-FE1DD0352D28}

2013-05-09 10:57 - 2013-05-09 10:57 - 00000000 ____D C:\Users\kkm\AppData\Local\{B08E33C0-4609-41CD-825B-D2521FD1B20A}

2013-05-09 10:57 - 2013-05-09 10:57 - 00000000 ____D C:\Users\kkm\AppData\Local\{4F10273A-4393-44E4-A6D6-71F3E3E1DCE1}

2013-05-09 06:01 - 2013-05-09 06:01 - 00000000 ____D C:\Users\kkm\Documents\Polymers w, Olivia

2013-05-09 05:56 - 2013-05-10 11:31 - 00000000 ____D C:\Users\kkm\Documents\Diels-Alder

2013-05-08 08:32 - 2013-05-08 08:32 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Malwarebytes

2013-05-08 08:31 - 2013-05-23 14:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-08 08:31 - 2013-05-08 08:31 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-05-08 08:31 - 2013-04-04 10:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-05-08 08:30 - 2013-05-08 08:30 - 10284816 ____A (Malwarebytes Corporation ) C:\Users\kkm\Downloads\mbam-setup.exe

2013-05-08 08:28 - 2013-05-08 08:29 - 00003350 ____A C:\Users\kkm\Desktop\Rkill.txt

2013-05-08 08:28 - 2013-05-08 08:28 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\kkm\Downloads\rkill.exe

2013-05-08 08:28 - 2013-05-08 08:28 - 00000000 ____D C:\Users\kkm\Desktop\rkill

2013-05-08 08:25 - 2013-05-08 08:25 - 00000000 ____D C:\TDSSKiller_Quarantine

2013-05-08 08:23 - 2013-05-08 08:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\kkm\Downloads\tdsskiller.exe

2013-05-08 08:12 - 2013-05-08 08:12 - 00280232 ____A C:\Windows\Minidump\050813-15350-01.dmp

2013-05-07 17:30 - 2013-05-08 08:12 - 487460330 ____A C:\Windows\MEMORY.DMP

2013-05-07 17:30 - 2013-05-08 08:12 - 00000000 ____D C:\Windows\Minidump

2013-05-07 17:30 - 2013-05-07 17:30 - 00280232 ____A C:\Windows\Minidump\050713-13400-01.dmp

2013-05-07 17:26 - 2013-05-07 17:26 - 00011139 ____A C:\jqs.exe

2013-05-06 11:30 - 2013-05-06 11:30 - 00207287 ____A C:\Users\kkm\Desktop\KM 5-7-13.pptx

2013-05-03 15:58 - 2013-05-03 15:58 - 00006354 ____A C:\Windows\SysWOW64\PerfStringBackup.TMP

2013-05-03 15:57 - 2013-05-03 15:57 - 00560312 ____A (Microsoft Corporation) C:\Users\kkm\Downloads\Setup.X86.en-US_OutlookRetail_a12c9233-7e7b-4343-805a-3b5fc698ed94_TX_PR_ (1).exe

2013-05-03 15:42 - 2013-05-03 15:42 - 00560312 ____A (Microsoft Corporation) C:\Users\kkm\Downloads\Setup.X86.en-US_OutlookRetail_a12c9233-7e7b-4343-805a-3b5fc698ed94_TX_PR_.exe

2013-05-03 15:19 - 2013-05-03 15:19 - 00011369 ____A C:\Users\kkm\Downloads\0912455FF8770CF3EE47DC565DF211736AFC07E0.torrent

2013-05-03 15:17 - 2013-05-03 15:17 - 00012862 ____A C:\Users\kkm\Downloads\[torrent.cd].Microsoft_Office_2010_OUTLOOK_Activated_Genuine.torrent

2013-05-03 15:12 - 2013-05-03 15:14 - 294027264 ____A C:\Users\kkm\Downloads\Microsoft Office Outlook 2010 x86 332bit.iso

2013-05-03 11:14 - 2013-05-03 11:14 - 00305162 ____A C:\Users\kkm\Desktop\851 final version, no like for reals.pptx

2013-05-03 10:11 - 2013-05-03 10:11 - 00309506 ____A C:\Users\kkm\Downloads\851 final version.pptx

2013-05-02 12:25 - 2013-05-02 12:25 - 00288837 ____A C:\Users\kkm\Desktop\851 final version.pptx

2013-05-02 09:25 - 2013-05-02 12:18 - 00288838 ____A C:\Users\kkm\Desktop\851 ver. 2.pptx

2013-05-02 08:55 - 2013-05-02 08:55 - 00143567 ____A C:\Users\kkm\Downloads\851 Literature Presentation.pptx

2013-05-01 07:40 - 2013-05-01 07:40 - 00176128 ____A C:\Users\kkm\Downloads\CEM255-SS-2013.xls

2013-04-29 16:35 - 2013-04-29 16:35 - 00000000 ____D C:\Users\kkm\Downloads\Microsoft Outlook 2010

2013-04-25 18:40 - 2013-04-26 14:41 - 00639305 ____A C:\Users\kkm\Desktop\wulff synthesis ppt.pptx

2013-04-25 11:11 - 2013-04-25 11:11 - 00000000 ____D C:\Program Files (x86)\ChemBioDraw

2013-04-25 11:10 - 2013-04-25 11:33 - 00000000 ____D C:\Users\kkm\AppData\Roaming\GetRightToGo

2013-04-25 11:10 - 2013-04-25 11:10 - 01417953 ____A (PerkinElmer,Inc) C:\Users\kkm\Downloads\CBOU_Downloader.exe

2013-04-24 03:53 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-24 07:20 - 2013-05-24 07:20 - 00000000 ____D C:\FRST

2013-05-24 03:08 - 2009-07-13 21:13 - 00804030 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-23 18:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-23 18:26 - 2009-07-13 20:51 - 00047574 ____A C:\Windows\setupact.log

2013-05-23 18:17 - 2013-03-08 16:38 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-23 18:15 - 2012-05-04 00:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-23 18:01 - 2013-05-23 18:01 - 00001063 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk

2013-05-23 18:01 - 2013-05-23 18:01 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2013-05-23 17:51 - 2013-05-23 17:51 - 00006512 ____N C:\bootsqm.dat

2013-05-23 17:02 - 2012-05-23 02:31 - 01088598 ____A C:\Windows\WindowsUpdate.log

2013-05-23 16:38 - 2013-03-08 16:38 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-23 14:33 - 2013-05-23 14:33 - 00002258 ____A C:\Users\kkm\Desktop\SpyHunter.lnk

2013-05-23 14:33 - 2013-05-23 14:33 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP

2013-05-23 14:33 - 2013-05-23 14:33 - 00000000 ____D C:\sh4ldr

2013-05-23 14:33 - 2013-05-23 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-05-23 14:29 - 2013-05-23 14:29 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\kkm\Downloads\SpyHunter-Installer.exe

2013-05-23 14:21 - 2013-03-09 04:29 - 00000000 ____D C:\users\kkm

2013-05-23 14:17 - 2013-05-08 08:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-23 14:17 - 2013-04-14 08:59 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-05-23 14:17 - 2013-03-17 09:38 - 00000000 ___RD C:\Users\kkm\SkyDrive

2013-05-23 14:17 - 2013-03-10 16:51 - 00000000 ____D C:\Program Files\WinRAR

2013-05-23 14:17 - 2013-03-08 20:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-23 14:17 - 2013-03-08 20:12 - 00000000 ____D C:\Program Files\iTunes

2013-05-23 14:17 - 2013-03-08 20:12 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-05-23 14:17 - 2013-03-08 20:09 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-05-23 14:17 - 2013-03-08 20:06 - 00000000 ____D C:\Program Files\Bonjour

2013-05-23 14:17 - 2013-03-08 20:06 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-05-23 14:17 - 2013-03-08 20:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-05-23 14:17 - 2013-03-08 17:08 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Launchy

2013-05-23 14:17 - 2012-05-23 03:25 - 00000000 ____D C:\Program Files\Smart Timer

2013-05-23 14:17 - 2012-05-23 03:20 - 00000000 ____D C:\Program Files\Sleep Memory Optimizer

2013-05-23 14:17 - 2012-05-23 03:03 - 00000000 ____D C:\ProgramData\Atheros

2013-05-23 14:17 - 2012-05-23 02:50 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite

2013-05-23 14:17 - 2012-05-23 02:48 - 00000000 ____D C:\Program Files\Elantech

2013-05-23 14:17 - 2012-05-23 02:43 - 00000000 ____D C:\Program Files (x86)\Launch Manager

2013-05-23 14:17 - 2012-05-23 02:39 - 00000000 ____D C:\Dolby PCEE4

2013-05-23 14:17 - 2012-05-04 00:05 - 00000000 ____D C:\Program Files\EgisTec IPS

2013-05-23 14:17 - 2012-05-04 00:05 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLocker

2013-05-23 14:17 - 2012-05-04 00:03 - 00000000 ____D C:\Windows\en

2013-05-23 14:17 - 2012-05-04 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-05-23 14:17 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-05-23 14:17 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore

2013-05-23 14:17 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-05-23 14:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing

2013-05-23 14:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-05-23 14:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME

2013-05-23 14:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors

2013-05-23 14:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-05-23 12:50 - 2013-05-23 12:50 - 00000000 __ASH C:\DkHyperbootSync

2013-05-23 11:44 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-23 11:44 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-23 10:26 - 2013-05-23 10:16 - 00000000 ____D C:\ProgramData\HitmanPro

2013-05-23 03:47 - 2013-05-18 08:32 - 00000000 ___HD C:\Users\Public\Documents\Report

2013-05-22 17:51 - 2013-04-13 05:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-22 17:51 - 2013-03-09 09:08 - 00000000 ____D C:\Users\kkm\Desktop\Get in shape

2013-05-22 13:41 - 2013-03-09 21:03 - 00000000 ____D C:\Users\kkm\Documents\Bluetooth Folder

2013-05-20 16:44 - 2013-05-20 16:44 - 00000065 ____A C:\Users\kkm\Desktop\malware.txt

2013-05-20 16:40 - 2013-05-20 16:39 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\kkm\Downloads\mbam-consumer.exe

2013-05-20 15:39 - 2013-05-20 11:26 - 00010042 ____A C:\Users\kkm\Desktop\group meeting 5-21.xlsx

2013-05-20 15:34 - 2013-05-20 15:30 - 00421603 ____A C:\Users\kkm\Desktop\Group Meeting 5-21.pptx

2013-05-20 05:54 - 2013-03-08 20:32 - 00000000 ____D C:\Program Files (x86)\Opera

2013-05-19 17:44 - 2013-05-19 17:44 - 10690345 ____A C:\Users\kkm\Downloads\VIDEO0018.3gp

2013-05-19 12:21 - 2013-05-19 12:21 - 00288837 ____A C:\Users\kkm\Downloads\851 final version (1).pptx

2013-05-19 07:48 - 2013-05-19 07:48 - 00000000 ____D C:\Program Files (x86)\Lux

2013-05-19 07:48 - 2013-05-19 07:37 - 79901531 ____A (Sillysoft Games ) C:\Users\kkm\Downloads\LuxDeluxSetup.exe

2013-05-18 05:00 - 2013-03-09 14:17 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Spotify

2013-05-18 04:41 - 2013-03-09 14:17 - 00000000 ____D C:\Users\kkm\AppData\Local\Spotify

2013-05-17 15:03 - 2013-05-15 16:30 - 00000000 ____D C:\Users\kkm\AppData\Roaming\TuneUpMedia

2013-05-16 15:10 - 2013-03-08 20:36 - 00000000 ____D C:\Users\kkm\AppData\Local\CrashDumps

2013-05-16 15:07 - 2009-07-13 20:45 - 00449664 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 03:29 - 2010-11-20 19:47 - 00035198 ____A C:\Windows\PFRO.log

2013-05-16 03:24 - 2013-05-16 03:24 - 00000000 ____D C:\89745e524c96c8c1cd70

2013-05-16 03:24 - 2013-03-17 04:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 18:01 - 2013-05-15 16:30 - 00000000 ____D C:\ProgramData\TuneUpMedia

2013-05-15 16:32 - 2013-05-15 16:31 - 00000000 ____D C:\Program Files (x86)\TuneUpMedia

2013-05-15 16:32 - 2013-03-08 21:46 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Mozilla

2013-05-15 16:30 - 2013-05-15 16:29 - 35780008 ____A (TuneUp Media, Inc.) C:\Users\kkm\Downloads\TuneUpInst-2.4.6.4.exe

2013-05-15 08:39 - 2012-05-04 00:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 08:39 - 2012-05-04 00:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-13 06:24 - 2013-05-13 06:24 - 00426080 ____A (windows7download.com) C:\Users\kkm\Downloads\dhaatu_installer.exe

2013-05-12 10:06 - 2013-05-12 10:06 - 00000000 ____D C:\Users\kkm\Documents\OneNote Notebooks

2013-05-10 11:31 - 2013-05-09 05:56 - 00000000 ____D C:\Users\kkm\Documents\Diels-Alder

2013-05-09 10:59 - 2013-05-09 10:59 - 00000000 ____D C:\Users\kkm\AppData\Local\{50C4BDA9-B52E-4833-B699-FE1DD0352D28}

2013-05-09 10:57 - 2013-05-09 10:57 - 00000000 ____D C:\Users\kkm\AppData\Local\{B08E33C0-4609-41CD-825B-D2521FD1B20A}

2013-05-09 10:57 - 2013-05-09 10:57 - 00000000 ____D C:\Users\kkm\AppData\Local\{4F10273A-4393-44E4-A6D6-71F3E3E1DCE1}

2013-05-09 06:01 - 2013-05-09 06:01 - 00000000 ____D C:\Users\kkm\Documents\Polymers w, Olivia

2013-05-08 08:32 - 2013-05-08 08:32 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Malwarebytes

2013-05-08 08:31 - 2013-05-08 08:31 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-05-08 08:30 - 2013-05-08 08:30 - 10284816 ____A (Malwarebytes Corporation ) C:\Users\kkm\Downloads\mbam-setup.exe

2013-05-08 08:29 - 2013-05-08 08:28 - 00003350 ____A C:\Users\kkm\Desktop\Rkill.txt

2013-05-08 08:28 - 2013-05-08 08:28 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\kkm\Downloads\rkill.exe

2013-05-08 08:28 - 2013-05-08 08:28 - 00000000 ____D C:\Users\kkm\Desktop\rkill

2013-05-08 08:25 - 2013-05-08 08:25 - 00000000 ____D C:\TDSSKiller_Quarantine

2013-05-08 08:23 - 2013-05-08 08:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\kkm\Downloads\tdsskiller.exe

2013-05-08 08:12 - 2013-05-08 08:12 - 00280232 ____A C:\Windows\Minidump\050813-15350-01.dmp

2013-05-08 08:12 - 2013-05-07 17:30 - 487460330 ____A C:\Windows\MEMORY.DMP

2013-05-08 08:12 - 2013-05-07 17:30 - 00000000 ____D C:\Windows\Minidump

2013-05-08 05:04 - 2013-04-07 03:57 - 00000000 ____D C:\Users\kkm\Desktop\BBC Planet Earth 2006

2013-05-07 17:30 - 2013-05-07 17:30 - 00280232 ____A C:\Windows\Minidump\050713-13400-01.dmp

2013-05-07 17:26 - 2013-05-07 17:26 - 00011139 ____A C:\jqs.exe

2013-05-06 11:30 - 2013-05-06 11:30 - 00207287 ____A C:\Users\kkm\Desktop\KM 5-7-13.pptx

2013-05-04 12:08 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-05-03 15:58 - 2013-05-03 15:58 - 00006354 ____A C:\Windows\SysWOW64\PerfStringBackup.TMP

2013-05-03 15:58 - 2013-03-17 09:22 - 00000000 ____D C:\Program Files\Microsoft Office 15

2013-05-03 15:57 - 2013-05-03 15:57 - 00560312 ____A (Microsoft Corporation) C:\Users\kkm\Downloads\Setup.X86.en-US_OutlookRetail_a12c9233-7e7b-4343-805a-3b5fc698ed94_TX_PR_ (1).exe

2013-05-03 15:53 - 2013-03-09 19:42 - 00000000 ____D C:\Program Files (x86)\utorrent

2013-05-03 15:53 - 2013-03-09 04:29 - 00113856 ____A C:\Users\kkm\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-03 15:52 - 2013-03-09 19:40 - 00000000 ____D C:\Users\kkm\AppData\Roaming\uTorrent

2013-05-03 15:43 - 2013-03-08 20:35 - 00796420 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-05-03 15:42 - 2013-05-03 15:42 - 00560312 ____A (Microsoft Corporation) C:\Users\kkm\Downloads\Setup.X86.en-US_OutlookRetail_a12c9233-7e7b-4343-805a-3b5fc698ed94_TX_PR_.exe

2013-05-03 15:19 - 2013-05-03 15:19 - 00011369 ____A C:\Users\kkm\Downloads\0912455FF8770CF3EE47DC565DF211736AFC07E0.torrent

2013-05-03 15:17 - 2013-05-03 15:17 - 00012862 ____A C:\Users\kkm\Downloads\[torrent.cd].Microsoft_Office_2010_OUTLOOK_Activated_Genuine.torrent

2013-05-03 15:15 - 2012-05-23 03:08 - 00001024 ___RH C:\Users\Public\Documents\NTILiveUpdateV9.dll

2013-05-03 15:15 - 2012-05-23 03:07 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll

2013-05-03 15:14 - 2013-05-03 15:12 - 294027264 ____A C:\Users\kkm\Downloads\Microsoft Office Outlook 2010 x86 332bit.iso

2013-05-03 11:14 - 2013-05-03 11:14 - 00305162 ____A C:\Users\kkm\Desktop\851 final version, no like for reals.pptx

2013-05-03 10:11 - 2013-05-03 10:11 - 00309506 ____A C:\Users\kkm\Downloads\851 final version.pptx

2013-05-02 12:25 - 2013-05-02 12:25 - 00288837 ____A C:\Users\kkm\Desktop\851 final version.pptx

2013-05-02 12:18 - 2013-05-02 09:25 - 00288838 ____A C:\Users\kkm\Desktop\851 ver. 2.pptx

2013-05-02 08:55 - 2013-05-02 08:55 - 00143567 ____A C:\Users\kkm\Downloads\851 Literature Presentation.pptx

2013-05-01 07:40 - 2013-05-01 07:40 - 00176128 ____A C:\Users\kkm\Downloads\CEM255-SS-2013.xls

2013-04-29 16:35 - 2013-04-29 16:35 - 00000000 ____D C:\Users\kkm\Downloads\Microsoft Outlook 2010

2013-04-26 14:41 - 2013-04-25 18:40 - 00639305 ____A C:\Users\kkm\Desktop\wulff synthesis ppt.pptx

2013-04-25 11:33 - 2013-04-25 11:10 - 00000000 ____D C:\Users\kkm\AppData\Roaming\GetRightToGo

2013-04-25 11:11 - 2013-04-25 11:11 - 00000000 ____D C:\Program Files (x86)\ChemBioDraw

2013-04-25 11:10 - 2013-04-25 11:10 - 01417953 ____A (PerkinElmer,Inc) C:\Users\kkm\Downloads\CBOU_Downloader.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll

[2010-11-20 19:24] - [2012-11-29 20:53] - 0869376 ____A (Microsoft Corporation) 3CC4B067E361765E44D9BD3CC26E5DB4

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-23 02:43:23

Restore point made on: 2013-05-23 12:50:44

==================== Memory info ===========================

Percentage of memory in use: 13%

Total physical RAM: 5980.36 MB

Available physical RAM: 5186.13 MB

Total Pagefile: 5978.56 MB

Available Pagefile: 5182.72 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:346.49 GB) NTFS (Disk=1 Partition=3)

Drive e: (PQSERVICE) (Fixed) (Total:16 GB) (Free:0.73 GB) NTFS (Disk=1 Partition=1)

Drive g: (CENTON USB) (Removable) (Total:1.88 GB) (Free:1.46 GB) FAT (Disk=2 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=1 Partition=2) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 19 GB) (Disk ID: 9BB78D53)

Partition 1: (Not Active) - (Size=4 GB) - (Type=84)

Partition 2: (Not Active) - (Size=15 GB) - (Type=73)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7CF3A700)

Partition 1: (Not Active) - (Size=16 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=2 GB) - (Type=06)

Last Boot: 2013-05-23 11:54

==================== End Of Log ============================

[MrCharlie]

Looking at it now......MrC

[MrCharlie]

Run FRST again and type the following into the search box:

User32.dll

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste the log in your reply.( Search.txt)

MrC

[kkm2]

Thank you so much for your help Mr. Charlie. Here is the result of my search:

Farbar Recovery Scan Tool (x64) Version: 24-05-2013

Ran by SYSTEM at 2013-05-24 11:37:22

Running from G:\

Boot Mode: Recovery

================== Search: "User32.dll" ===================

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010-11-20 19:24] - [2010-11-20 19:24] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\SysWOW64\user32.dll

[2010-11-20 19:24] - [2012-11-29 20:53] - 0869376 ____A (Microsoft Corporation) 3CC4B067E361765E44D9BD3CC26E5DB4

C:\Windows\System32\user32.dll

[2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

====== End Of Search ======

[MrCharlie]

I'm not seeing the malware or any load points for it, give this a try though:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now ........MrC

[kkm2]

Here is the fixlog. I'm still seeing the blocked computer message upon normal start up. The fact that the malware isn't leaving traces is a bit disconcerting. There isn't any way I could have ruined or hidden any load points by trying routine malware removal methods is there? No, probably not.

Farbar Recovery Scan Tool (x64) Version: 24-05-2013

Ran by SYSTEM at 2013-05-24 11:37:22

Running from G:\

Boot Mode: Recovery

================== Search: "User32.dll" ===================

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010-11-20 19:24] - [2010-11-20 19:24] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\SysWOW64\user32.dll

[2010-11-20 19:24] - [2012-11-29 20:53] - 0869376 ____A (Microsoft Corporation) 3CC4B067E361765E44D9BD3CC26E5DB4

C:\Windows\System32\user32.dll

[2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

====== End Of Search ======

[MrCharlie]

You posted the wrong log, I need to see the Fixlog.txt.

What methods did you try??

Are you seeing the FBI screen when you boot or it just won't boot?

When you run FRST, what account are you logging in to??

MrC

[kkm2]

Oh how dumb of me, here's the proper log. As far as methods, I ran malwarebytes which didn't find anything, then I tried googling a list of malware load points and deleted two that seemed suspicious. However, most people who claimed to have this virus pointed to various files attributed to the bug that I never saw on my computer. I tried a system restore as well but that failed.

When I boot normally I can sign into my account with my password but it will immediately take me to the Department of Justice prompt that talks about paying $300 to MoneyPak. Everything appears normal when I boot into any of the safe modes however.

When I run frst I log into my KKM account. Should I try the homegroup account instead?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-05-2013

Ran by SYSTEM at 2013-05-24 13:27:10 Run:1

Running from G:\

Boot Mode: Recovery

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

[MrCharlie]

If you can boot into safe mode then run this scan:

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

[kkm2]

Ok, I didn't attempt to fix anything and after running RougeKiller this is the report:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : kkm [Admin rights]

Mode : Scan -- Date : 05/24/2013 17:33:03

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\WLXPGSS.SCR) [7] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000LPVT-22G33T0 +++++

--- User ---

[MBR] 70a4b4cdfea7e9eeb039ae6c2e44850b

[bSP] d9bc1e84082633bba2a171499a6d75d1 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 460454 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SATA SSD +++++

--- User ---

[MBR] 0daac7660687061c8f525f0ff4e31425

[bSP] 5e2b217f40b9ae4a061dbda588c24d68 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 2048 | Size: 4096 Mo

1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 8392704 | Size: 14987 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05242013_02d1733.txt >>

RKreport[1]_S_05242013_02d1733.txt

[MrCharlie]

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[kkm2]

So I've tried running combofix but after stage 30 or so the malware steps in and the Department of Justice prompt appears again even though I am in safe mode. I can't get a report as combofix doesn't finish. I'll do what I can to get combofix to complete it's processes but it's not looking promising.

[MrCharlie]

If you can't get ComboFix to run....

Download a fresh copy of FRST into a folder and you can run it from there.

Click Scan and it will produce a log in that folder.

MrC

[kkm2]

I was unsuccessful in getting ComboFix to finish but I could run FRST from a folder on my desktop. It gave me two reports, here is the main log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2013 03

Ran by kkm (administrator) on 24-05-2013 19:15:30

Running from C:\Users\kkm\Desktop\frst

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\kkm\Desktop\frst\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [secure Applicayion] C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe [258664 2012-03-23] ()

HKLM\...\Run: [instantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] ()

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12476520 2012-04-10] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1158248 2012-03-09] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [1020576 2012-02-28] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [800416 2012-02-28] (Atheros Commnucations)

HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)

HKCU\...\Run: [spotify Web Helper] "C:\Users\kkm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-18] (Spotify Ltd)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [341360 2011-09-20] (Egis Technology Inc.)

HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [296984 2012-01-05] (NTI Corporation)

HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)

HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer VCM.lnk

ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

Startup: C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy ()

Startup: C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [36352] (Microsoft Corporation)

Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:

========

FF ProfilePath: C:\Users\kkm\AppData\Roaming\Mozilla\Firefox\Profiles\yzs8hbiy.default

FF Homepage: hxxp://www.sex.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()

FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: tineye - C:\Users\kkm\AppData\Roaming\Mozilla\Firefox\Profiles\yzs8hbiy.default\Extensions\tineye@ideeinc.com.xpi

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (SiteAdvisor) - C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0

CHR Extension: (Gmail) - C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-02-17] (Diskeeper Corporation)

S2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated)

S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()

S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-03-14] (Intel Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-26] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)

S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1871032 2013-03-15] (Microsoft Corporation)

S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

S2 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [237160 2012-03-23] ()

S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [x]

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3545088 2012-02-29] (Qualcomm Atheros Communications, Inc.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-02-17] (Diskeeper Corporation)

R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [92976 2012-02-17] (Diskeeper Corporation)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-14] (Intel Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-24 19:15 - 2013-05-24 19:15 - 00000000 ____D C:\Users\kkm\Desktop\frst

2013-05-24 18:23 - 2013-05-24 18:32 - 00000000 ___SD C:\ComboFix

2013-05-24 18:09 - 2013-05-24 18:09 - 00001102 ____A C:\Users\kkm\Desktop\ComboFix - Shortcut.lnk

2013-05-24 18:06 - 2013-05-24 18:06 - 00000000 ____D C:\Windows\erdnt

2013-05-24 18:06 - 2013-05-24 18:06 - 00000000 ____D C:\Qoobox

2013-05-24 18:06 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe

2013-05-24 18:06 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe

2013-05-24 18:06 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-05-24 18:06 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-05-24 18:06 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-05-24 18:06 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe

2013-05-24 18:06 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe

2013-05-24 18:06 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe

2013-05-24 18:03 - 2013-05-24 18:03 - 05070409 ____R (Swearware) C:\Users\kkm\Downloads\ComboFix.exe

2013-05-24 17:33 - 2013-05-24 17:33 - 00002714 ____A C:\Users\kkm\Desktop\RKreport[1]_S_05242013_02d1733.txt

2013-05-24 17:32 - 2013-05-24 17:33 - 00000000 ____D C:\Users\kkm\Desktop\RK_Quarantine

2013-05-24 17:30 - 2013-05-24 17:30 - 00791040 ____A C:\Users\kkm\Desktop\RogueKillerX64.exe

2013-05-24 17:27 - 2013-05-24 17:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup

2013-05-24 11:20 - 2013-05-24 11:20 - 00000000 ____D C:\FRST

2013-05-23 22:01 - 2013-05-23 22:01 - 00001063 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk

2013-05-23 22:01 - 2013-05-23 22:01 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2013-05-23 21:51 - 2013-05-23 21:51 - 00009800 ____N C:\bootsqm.dat

2013-05-23 18:33 - 2013-05-23 18:33 - 00002258 ____A C:\Users\kkm\Desktop\SpyHunter.lnk

2013-05-23 18:33 - 2013-05-23 18:33 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP

2013-05-23 18:33 - 2013-05-23 18:33 - 00000000 ____D C:\sh4ldr

2013-05-23 18:33 - 2013-05-23 18:33 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-05-23 18:33 - 2012-06-22 12:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys

2013-05-23 18:29 - 2013-05-23 18:29 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\kkm\Downloads\SpyHunter-Installer.exe

2013-05-23 16:50 - 2013-05-23 16:50 - 00000000 __ASH C:\DkHyperbootSync

2013-05-23 14:16 - 2013-05-23 14:26 - 00000000 ____D C:\ProgramData\HitmanPro

2013-05-20 20:44 - 2013-05-20 20:44 - 00000065 ____A C:\Users\kkm\Desktop\malware.txt

2013-05-20 20:39 - 2013-05-20 20:40 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\kkm\Downloads\mbam-consumer.exe

2013-05-20 19:30 - 2013-05-20 19:34 - 00421603 ____A C:\Users\kkm\Desktop\Group Meeting 5-21.pptx

2013-05-20 15:26 - 2013-05-20 19:39 - 00010042 ____A C:\Users\kkm\Desktop\group meeting 5-21.xlsx

2013-05-19 21:44 - 2013-05-19 21:44 - 10690345 ____A C:\Users\kkm\Downloads\VIDEO0018.3gp

2013-05-19 16:21 - 2013-05-19 16:21 - 00288837 ____A C:\Users\kkm\Downloads\851 final version (1).pptx

2013-05-19 11:48 - 2013-05-19 11:48 - 00000000 ____D C:\Program Files (x86)\Lux

2013-05-19 11:37 - 2013-05-19 11:48 - 79901531 ____A (Sillysoft Games ) C:\Users\kkm\Downloads\LuxDeluxSetup.exe

2013-05-18 12:32 - 2013-05-23 07:47 - 00000000 ___HD C:\Users\Public\Documents\Report

2013-05-16 07:24 - 2013-05-16 07:24 - 00000000 ____D C:\89745e524c96c8c1cd70

2013-05-16 07:19 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 07:19 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 07:19 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-16 07:19 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 07:19 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-16 07:19 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-16 07:19 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 07:19 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-16 07:19 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 07:19 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 07:19 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-16 07:19 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-15 20:31 - 2013-05-15 20:32 - 00000000 ____D C:\Program Files (x86)\TuneUpMedia

2013-05-15 20:30 - 2013-05-17 19:03 - 00000000 ____D C:\Users\kkm\AppData\Roaming\TuneUpMedia

2013-05-15 20:30 - 2013-05-15 22:01 - 00000000 ____D C:\ProgramData\TuneUpMedia

2013-05-15 20:29 - 2013-05-15 20:30 - 35780008 ____A (TuneUp Media, Inc.) C:\Users\kkm\Downloads\TuneUpInst-2.4.6.4.exe

2013-05-15 08:23 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 08:23 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 08:23 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-15 08:23 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 08:23 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 08:23 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 08:23 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 08:23 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-15 08:23 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-15 08:23 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-15 08:23 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-13 10:24 - 2013-05-13 10:24 - 00426080 ____A (windows7download.com) C:\Users\kkm\Downloads\dhaatu_installer.exe

2013-05-12 14:06 - 2013-05-12 14:06 - 00000000 ____D C:\Users\kkm\Documents\OneNote Notebooks

2013-05-09 14:59 - 2013-05-09 14:59 - 00000000 ____D C:\Users\kkm\AppData\Local\{50C4BDA9-B52E-4833-B699-FE1DD0352D28}

2013-05-09 14:57 - 2013-05-09 14:57 - 00000000 ____D C:\Users\kkm\AppData\Local\{B08E33C0-4609-41CD-825B-D2521FD1B20A}

2013-05-09 14:57 - 2013-05-09 14:57 - 00000000 ____D C:\Users\kkm\AppData\Local\{4F10273A-4393-44E4-A6D6-71F3E3E1DCE1}

2013-05-09 10:01 - 2013-05-09 10:01 - 00000000 ____D C:\Users\kkm\Documents\Polymers w, Olivia

2013-05-09 09:56 - 2013-05-10 15:31 - 00000000 ____D C:\Users\kkm\Documents\Diels-Alder

2013-05-08 12:32 - 2013-05-08 12:32 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Malwarebytes

2013-05-08 12:31 - 2013-05-23 18:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-08 12:31 - 2013-05-08 12:31 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-05-08 12:31 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-05-08 12:30 - 2013-05-08 12:30 - 10284816 ____A (Malwarebytes Corporation ) C:\Users\kkm\Downloads\mbam-setup.exe

2013-05-08 12:28 - 2013-05-08 12:29 - 00003350 ____A C:\Users\kkm\Desktop\Rkill.txt

2013-05-08 12:28 - 2013-05-08 12:28 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\kkm\Downloads\rkill.exe

2013-05-08 12:28 - 2013-05-08 12:28 - 00000000 ____D C:\Users\kkm\Desktop\rkill

2013-05-08 12:25 - 2013-05-08 12:25 - 00000000 ____D C:\TDSSKiller_Quarantine

2013-05-08 12:23 - 2013-05-08 12:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\kkm\Downloads\tdsskiller.exe

2013-05-08 12:12 - 2013-05-08 12:12 - 00280232 ____A C:\Windows\Minidump\050813-15350-01.dmp

2013-05-07 21:30 - 2013-05-08 12:12 - 487460330 ____A C:\Windows\MEMORY.DMP

2013-05-07 21:30 - 2013-05-08 12:12 - 00000000 ____D C:\Windows\Minidump

2013-05-07 21:30 - 2013-05-07 21:30 - 00280232 ____A C:\Windows\Minidump\050713-13400-01.dmp

2013-05-07 21:26 - 2013-05-07 21:26 - 00011139 ____A C:\jqs.exe

2013-05-06 15:30 - 2013-05-06 15:30 - 00207287 ____A C:\Users\kkm\Desktop\KM 5-7-13.pptx

2013-05-03 19:58 - 2013-05-03 19:58 - 00006354 ____A C:\Windows\SysWOW64\PerfStringBackup.TMP

2013-05-03 19:57 - 2013-05-03 19:57 - 00560312 ____A (Microsoft Corporation) C:\Users\kkm\Downloads\Setup.X86.en-US_OutlookRetail_a12c9233-7e7b-4343-805a-3b5fc698ed94_TX_PR_ (1).exe

2013-05-03 19:42 - 2013-05-03 19:42 - 00560312 ____A (Microsoft Corporation) C:\Users\kkm\Downloads\Setup.X86.en-US_OutlookRetail_a12c9233-7e7b-4343-805a-3b5fc698ed94_TX_PR_.exe

2013-05-03 19:19 - 2013-05-03 19:19 - 00011369 ____A C:\Users\kkm\Downloads\0912455FF8770CF3EE47DC565DF211736AFC07E0.torrent

2013-05-03 19:17 - 2013-05-03 19:17 - 00012862 ____A C:\Users\kkm\Downloads\[torrent.cd].Microsoft_Office_2010_OUTLOOK_Activated_Genuine.torrent

2013-05-03 19:12 - 2013-05-03 19:14 - 294027264 ____A C:\Users\kkm\Downloads\Microsoft Office Outlook 2010 x86 332bit.iso

2013-05-03 15:14 - 2013-05-03 15:14 - 00305162 ____A C:\Users\kkm\Desktop\851 final version, no like for reals.pptx

2013-05-03 14:11 - 2013-05-03 14:11 - 00309506 ____A C:\Users\kkm\Downloads\851 final version.pptx

2013-05-02 16:25 - 2013-05-02 16:25 - 00288837 ____A C:\Users\kkm\Desktop\851 final version.pptx

2013-05-02 13:25 - 2013-05-02 16:18 - 00288838 ____A C:\Users\kkm\Desktop\851 ver. 2.pptx

2013-05-02 12:55 - 2013-05-02 12:55 - 00143567 ____A C:\Users\kkm\Downloads\851 Literature Presentation.pptx

2013-05-01 11:40 - 2013-05-01 11:40 - 00176128 ____A C:\Users\kkm\Downloads\CEM255-SS-2013.xls

2013-04-29 20:35 - 2013-04-29 20:35 - 00000000 ____D C:\Users\kkm\Downloads\Microsoft Outlook 2010

2013-04-25 22:40 - 2013-04-26 18:41 - 00639305 ____A C:\Users\kkm\Desktop\wulff synthesis ppt.pptx

2013-04-25 15:11 - 2013-04-25 15:11 - 00000000 ____D C:\Program Files (x86)\ChemBioDraw

2013-04-25 15:10 - 2013-04-25 15:33 - 00000000 ____D C:\Users\kkm\AppData\Roaming\GetRightToGo

2013-04-25 15:10 - 2013-04-25 15:10 - 01417953 ____A (PerkinElmer,Inc) C:\Users\kkm\Downloads\CBOU_Downloader.exe

2013-04-24 07:53 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-24 19:15 - 2013-05-24 19:15 - 00000000 ____D C:\Users\kkm\Desktop\frst

2013-05-24 19:12 - 2010-11-20 23:47 - 00036854 ____A C:\Windows\PFRO.log

2013-05-24 18:32 - 2013-05-24 18:23 - 00000000 ___SD C:\ComboFix

2013-05-24 18:09 - 2013-05-24 18:09 - 00001102 ____A C:\Users\kkm\Desktop\ComboFix - Shortcut.lnk

2013-05-24 18:06 - 2013-05-24 18:06 - 00000000 ____D C:\Windows\erdnt

2013-05-24 18:06 - 2013-05-24 18:06 - 00000000 ____D C:\Qoobox

2013-05-24 18:03 - 2013-05-24 18:03 - 05070409 ____R (Swearware) C:\Users\kkm\Downloads\ComboFix.exe

2013-05-24 17:33 - 2013-05-24 17:33 - 00002714 ____A C:\Users\kkm\Desktop\RKreport[1]_S_05242013_02d1733.txt

2013-05-24 17:33 - 2013-05-24 17:32 - 00000000 ____D C:\Users\kkm\Desktop\RK_Quarantine

2013-05-24 17:30 - 2013-05-24 17:30 - 00791040 ____A C:\Users\kkm\Desktop\RogueKillerX64.exe

2013-05-24 17:27 - 2013-05-24 17:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup

2013-05-24 13:38 - 2013-03-08 20:38 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-24 13:36 - 2013-03-08 20:38 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-24 13:36 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-24 13:36 - 2009-07-14 00:51 - 00047686 ____A C:\Windows\setupact.log

2013-05-24 11:20 - 2013-05-24 11:20 - 00000000 ____D C:\FRST

2013-05-24 07:08 - 2009-07-14 01:13 - 00804030 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-23 22:15 - 2012-05-04 04:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-23 22:01 - 2013-05-23 22:01 - 00001063 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk

2013-05-23 22:01 - 2013-05-23 22:01 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2013-05-23 21:51 - 2013-05-23 21:51 - 00009800 ____N C:\bootsqm.dat

2013-05-23 21:02 - 2012-05-23 06:31 - 01088598 ____A C:\Windows\WindowsUpdate.log

2013-05-23 18:33 - 2013-05-23 18:33 - 00002258 ____A C:\Users\kkm\Desktop\SpyHunter.lnk

2013-05-23 18:33 - 2013-05-23 18:33 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP

2013-05-23 18:33 - 2013-05-23 18:33 - 00000000 ____D C:\sh4ldr

2013-05-23 18:33 - 2013-05-23 18:33 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-05-23 18:29 - 2013-05-23 18:29 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\kkm\Downloads\SpyHunter-Installer.exe

2013-05-23 18:21 - 2013-03-09 08:29 - 00000000 ____D C:\users\kkm

2013-05-23 18:17 - 2013-05-08 12:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-23 18:17 - 2013-04-14 12:59 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-05-23 18:17 - 2013-03-17 13:38 - 00000000 ___RD C:\Users\kkm\SkyDrive

2013-05-23 18:17 - 2013-03-10 20:51 - 00000000 ____D C:\Program Files\WinRAR

2013-05-23 18:17 - 2013-03-09 00:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-23 18:17 - 2013-03-09 00:12 - 00000000 ____D C:\Program Files\iTunes

2013-05-23 18:17 - 2013-03-09 00:12 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-05-23 18:17 - 2013-03-09 00:09 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-05-23 18:17 - 2013-03-09 00:06 - 00000000 ____D C:\Program Files\Bonjour

2013-05-23 18:17 - 2013-03-09 00:06 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-05-23 18:17 - 2013-03-09 00:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-05-23 18:17 - 2013-03-08 21:08 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Launchy

2013-05-23 18:17 - 2012-05-23 07:25 - 00000000 ____D C:\Program Files\Smart Timer

2013-05-23 18:17 - 2012-05-23 07:20 - 00000000 ____D C:\Program Files\Sleep Memory Optimizer

2013-05-23 18:17 - 2012-05-23 07:03 - 00000000 ____D C:\ProgramData\Atheros

2013-05-23 18:17 - 2012-05-23 06:50 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite

2013-05-23 18:17 - 2012-05-23 06:48 - 00000000 ____D C:\Program Files\Elantech

2013-05-23 18:17 - 2012-05-23 06:43 - 00000000 ____D C:\Program Files (x86)\Launch Manager

2013-05-23 18:17 - 2012-05-23 06:39 - 00000000 ____D C:\Dolby PCEE4

2013-05-23 18:17 - 2012-05-04 04:05 - 00000000 ____D C:\Program Files\EgisTec IPS

2013-05-23 18:17 - 2012-05-04 04:05 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLocker

2013-05-23 18:17 - 2012-05-04 04:03 - 00000000 ____D C:\Windows\en

2013-05-23 18:17 - 2012-05-04 04:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-05-23 18:17 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-05-23 18:17 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\System32\restore

2013-05-23 18:17 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-05-23 18:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing

2013-05-23 18:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-05-23 18:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME

2013-05-23 18:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors

2013-05-23 18:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

2013-05-23 16:50 - 2013-05-23 16:50 - 00000000 __ASH C:\DkHyperbootSync

2013-05-23 15:44 - 2009-07-14 00:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-23 15:44 - 2009-07-14 00:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-23 14:26 - 2013-05-23 14:16 - 00000000 ____D C:\ProgramData\HitmanPro

2013-05-23 07:47 - 2013-05-18 12:32 - 00000000 ___HD C:\Users\Public\Documents\Report

2013-05-22 21:51 - 2013-04-13 09:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-22 21:51 - 2013-03-09 13:08 - 00000000 ____D C:\Users\kkm\Desktop\Get in shape

2013-05-22 17:41 - 2013-03-10 01:03 - 00000000 ____D C:\Users\kkm\Documents\Bluetooth Folder

2013-05-20 20:44 - 2013-05-20 20:44 - 00000065 ____A C:\Users\kkm\Desktop\malware.txt

2013-05-20 20:40 - 2013-05-20 20:39 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\kkm\Downloads\mbam-consumer.exe

2013-05-20 19:39 - 2013-05-20 15:26 - 00010042 ____A C:\Users\kkm\Desktop\group meeting 5-21.xlsx

2013-05-20 19:34 - 2013-05-20 19:30 - 00421603 ____A C:\Users\kkm\Desktop\Group Meeting 5-21.pptx

2013-05-20 09:54 - 2013-03-09 00:32 - 00000000 ____D C:\Program Files (x86)\Opera

2013-05-19 21:44 - 2013-05-19 21:44 - 10690345 ____A C:\Users\kkm\Downloads\VIDEO0018.3gp

2013-05-19 16:21 - 2013-05-19 16:21 - 00288837 ____A C:\Users\kkm\Downloads\851 final version (1).pptx

2013-05-19 11:48 - 2013-05-19 11:48 - 00000000 ____D C:\Program Files (x86)\Lux

2013-05-19 11:48 - 2013-05-19 11:37 - 79901531 ____A (Sillysoft Games ) C:\Users\kkm\Downloads\LuxDeluxSetup.exe

2013-05-18 09:00 - 2013-03-09 18:17 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Spotify

2013-05-18 08:41 - 2013-03-09 18:17 - 00000000 ____D C:\Users\kkm\AppData\Local\Spotify

2013-05-17 19:03 - 2013-05-15 20:30 - 00000000 ____D C:\Users\kkm\AppData\Roaming\TuneUpMedia

2013-05-16 19:10 - 2013-03-09 00:36 - 00000000 ____D C:\Users\kkm\AppData\Local\CrashDumps

2013-05-16 19:07 - 2009-07-14 00:45 - 00449664 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 07:24 - 2013-05-16 07:24 - 00000000 ____D C:\89745e524c96c8c1cd70

2013-05-16 07:24 - 2013-03-17 08:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 22:01 - 2013-05-15 20:30 - 00000000 ____D C:\ProgramData\TuneUpMedia

2013-05-15 20:32 - 2013-05-15 20:31 - 00000000 ____D C:\Program Files (x86)\TuneUpMedia

2013-05-15 20:32 - 2013-03-09 01:46 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Mozilla

2013-05-15 20:30 - 2013-05-15 20:29 - 35780008 ____A (TuneUp Media, Inc.) C:\Users\kkm\Downloads\TuneUpInst-2.4.6.4.exe

2013-05-15 12:39 - 2012-05-04 04:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 12:39 - 2012-05-04 04:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-13 10:24 - 2013-05-13 10:24 - 00426080 ____A (windows7download.com) C:\Users\kkm\Downloads\dhaatu_installer.exe

2013-05-12 14:06 - 2013-05-12 14:06 - 00000000 ____D C:\Users\kkm\Documents\OneNote Notebooks

2013-05-10 15:31 - 2013-05-09 09:56 - 00000000 ____D C:\Users\kkm\Documents\Diels-Alder

2013-05-09 14:59 - 2013-05-09 14:59 - 00000000 ____D C:\Users\kkm\AppData\Local\{50C4BDA9-B52E-4833-B699-FE1DD0352D28}

2013-05-09 14:57 - 2013-05-09 14:57 - 00000000 ____D C:\Users\kkm\AppData\Local\{B08E33C0-4609-41CD-825B-D2521FD1B20A}

2013-05-09 14:57 - 2013-05-09 14:57 - 00000000 ____D C:\Users\kkm\AppData\Local\{4F10273A-4393-44E4-A6D6-71F3E3E1DCE1}

2013-05-09 10:01 - 2013-05-09 10:01 - 00000000 ____D C:\Users\kkm\Documents\Polymers w, Olivia

2013-05-08 12:32 - 2013-05-08 12:32 - 00000000 ____D C:\Users\kkm\AppData\Roaming\Malwarebytes

2013-05-08 12:31 - 2013-05-08 12:31 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-05-08 12:30 - 2013-05-08 12:30 - 10284816 ____A (Malwarebytes Corporation ) C:\Users\kkm\Downloads\mbam-setup.exe

2013-05-08 12:29 - 2013-05-08 12:28 - 00003350 ____A C:\Users\kkm\Desktop\Rkill.txt

2013-05-08 12:28 - 2013-05-08 12:28 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\kkm\Downloads\rkill.exe

2013-05-08 12:28 - 2013-05-08 12:28 - 00000000 ____D C:\Users\kkm\Desktop\rkill

2013-05-08 12:25 - 2013-05-08 12:25 - 00000000 ____D C:\TDSSKiller_Quarantine

2013-05-08 12:23 - 2013-05-08 12:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\kkm\Downloads\tdsskiller.exe

2013-05-08 12:12 - 2013-05-08 12:12 - 00280232 ____A C:\Windows\Minidump\050813-15350-01.dmp

2013-05-08 12:12 - 2013-05-07 21:30 - 487460330 ____A C:\Windows\MEMORY.DMP

2013-05-08 12:12 - 2013-05-07 21:30 - 00000000 ____D C:\Windows\Minidump

2013-05-08 09:04 - 2013-04-07 07:57 - 00000000 ____D C:\Users\kkm\Desktop\BBC Planet Earth 2006

2013-05-07 21:30 - 2013-05-07 21:30 - 00280232 ____A C:\Windows\Minidump\050713-13400-01.dmp

2013-05-07 21:26 - 2013-05-07 21:26 - 00011139 ____A C:\jqs.exe

2013-05-06 15:30 - 2013-05-06 15:30 - 00207287 ____A C:\Users\kkm\Desktop\KM 5-7-13.pptx

2013-05-04 16:08 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-05-03 19:58 - 2013-05-03 19:58 - 00006354 ____A C:\Windows\SysWOW64\PerfStringBackup.TMP

2013-05-03 19:58 - 2013-03-17 13:22 - 00000000 ____D C:\Program Files\Microsoft Office 15

2013-05-03 19:57 - 2013-05-03 19:57 - 00560312 ____A (Microsoft Corporation) C:\Users\kkm\Downloads\Setup.X86.en-US_OutlookRetail_a12c9233-7e7b-4343-805a-3b5fc698ed94_TX_PR_ (1).exe

2013-05-03 19:53 - 2013-03-09 23:42 - 00000000 ____D C:\Program Files (x86)\utorrent

2013-05-03 19:53 - 2013-03-09 08:29 - 00113856 ____A C:\Users\kkm\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-03 19:52 - 2013-03-09 23:40 - 00000000 ____D C:\Users\kkm\AppData\Roaming\uTorrent

2013-05-03 19:43 - 2013-03-09 00:35 - 00796420 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-05-03 19:42 - 2013-05-03 19:42 - 00560312 ____A (Microsoft Corporation) C:\Users\kkm\Downloads\Setup.X86.en-US_OutlookRetail_a12c9233-7e7b-4343-805a-3b5fc698ed94_TX_PR_.exe

2013-05-03 19:19 - 2013-05-03 19:19 - 00011369 ____A C:\Users\kkm\Downloads\0912455FF8770CF3EE47DC565DF211736AFC07E0.torrent

2013-05-03 19:17 - 2013-05-03 19:17 - 00012862 ____A C:\Users\kkm\Downloads\[torrent.cd].Microsoft_Office_2010_OUTLOOK_Activated_Genuine.torrent

2013-05-03 19:14 - 2013-05-03 19:12 - 294027264 ____A C:\Users\kkm\Downloads\Microsoft Office Outlook 2010 x86 332bit.iso

2013-05-03 15:14 - 2013-05-03 15:14 - 00305162 ____A C:\Users\kkm\Desktop\851 final version, no like for reals.pptx

2013-05-03 14:11 - 2013-05-03 14:11 - 00309506 ____A C:\Users\kkm\Downloads\851 final version.pptx

2013-05-02 16:25 - 2013-05-02 16:25 - 00288837 ____A C:\Users\kkm\Desktop\851 final version.pptx

2013-05-02 16:18 - 2013-05-02 13:25 - 00288838 ____A C:\Users\kkm\Desktop\851 ver. 2.pptx

2013-05-02 12:55 - 2013-05-02 12:55 - 00143567 ____A C:\Users\kkm\Downloads\851 Literature Presentation.pptx

2013-05-01 11:40 - 2013-05-01 11:40 - 00176128 ____A C:\Users\kkm\Downloads\CEM255-SS-2013.xls

2013-04-29 20:35 - 2013-04-29 20:35 - 00000000 ____D C:\Users\kkm\Downloads\Microsoft Outlook 2010

2013-04-26 18:41 - 2013-04-25 22:40 - 00639305 ____A C:\Users\kkm\Desktop\wulff synthesis ppt.pptx

2013-04-25 15:33 - 2013-04-25 15:10 - 00000000 ____D C:\Users\kkm\AppData\Roaming\GetRightToGo

2013-04-25 15:11 - 2013-04-25 15:11 - 00000000 ____D C:\Program Files (x86)\ChemBioDraw

2013-04-25 15:10 - 2013-04-25 15:10 - 01417953 ____A (PerkinElmer,Inc) C:\Users\kkm\Downloads\CBOU_Downloader.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll

[2010-11-20 23:24] - [2012-11-30 00:53] - 0869376 ____A (Microsoft Corporation) 3CC4B067E361765E44D9BD3CC26E5DB4

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-23 15:54

==================== End Of Log ============================

...and here is the addition file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2013 03

Ran by kkm at 2013-05-24 19:16:24 Run:

Running from C:\Users\kkm\Desktop\frst

Boot Mode: Safe Mode (with Networking)

==========================================================

==================== Installed Programs =======================

clear.fi SDK - MVP 2 (Version: 2.0.1505)

clear.fi SDK- Movie 2 (Version: 2.0.1502)

µTorrent (Version: 3.3.0.29625)

Acer Backup Manager (Version: 3.0.0.100)

Acer Crystal Eye Webcam (Version: 1.5.2728.00)

Acer ePower Management (Version: 6.00.3010)

Acer eRecovery Management (Version: 5.00.3508)

Acer Games (Version: 1.0.2.5)

Acer Instant Update Service (Version: 1.00.3004)

Acer Registration (Version: 1.04.3506)

Acer Theft Shield (Version: 1.00.3002)

Acer Updater (Version: 1.02.3501)

Acer USB Charge Manager (Version: 1.00.3002)

Acer VCM (Version: 4.05.3501)

Adobe AIR (Version: 2.6.0.19120)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)

Adobe Reader X (10.1.7) MUI (Version: 10.1.7)

Agatha Christie - Death on the Nile (Version: 2.2.0.98)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Atheros Bluetooth Suite (64) (Version: 7.4.0.125)

Backup Manager V3 (Version: 3.0.0.100)

Bejeweled 3 (Version: 2.2.0.98)

Bonjour (Version: 3.0.0.10)

Broadcom NetLink Controller (Version: 15.0.6.1)

ChemDraw Ultra 7.0 (Version: 7.0)

Chronicles of Albian (Version: 2.2.0.95)

Chuzzle Deluxe (Version: 2.2.0.95)

clear.fi Media (Version: 2.00.3004)

clear.fi Photo (Version: 2.00.3004)

Cradle of Rome 2 (Version: 2.2.0.98)

CyberLink MediaEspresso (Version: 6.5.1720_38230)

D3DX10 (Version: 15.4.2368.0902)

Dolby Home Theater v4 (Version: 7.2.7000.7)

Dora's World Adventure (Version: 2.2.0.95)

ETDWare PS/2-X64 10.6.10.8_WHQL (Version: 10.6.10.8)

Evernote v. 4.5.2 (Version: 4.5.2.5866)

ExpressCache (Version: 1.0.82)

FATE (Version: 2.2.0.97)

Final Drive: Nitro (Version: 2.2.0.95)

Galería fotográfica de Windows Live (Version: 15.4.3502.0922)

Galerie de photos Windows Live (Version: 15.4.3502.0922)

Google Chrome (Version: 26.0.1410.64)

Google Update Helper (Version: 1.3.21.145)

Governor of Poker 2 Premium Edition (Version: 2.2.0.95)

HitmanPro 3.7 (Version: 3.7.5.197)

iCloud (Version: 2.1.2.8)

Identity Card (Version: 1.00.3501)

Intel® Control Center (Version: 1.2.1.1007)

Intel® Management Engine Components (Version: 8.0.4.1441)

Intel® OpenCL CPU Runtime

Intel® Processor Graphics (Version: 8.15.10.2712)

Intel® Rapid Start Technology (Version: 1.0.0.1022)

Intel® Rapid Storage Technology (Version: 11.1.0.1006)

Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.4.220)

Intel® Trusted Connect Service Client (Version: 1.23.605.1)

iTunes (Version: 11.0.2.26)

Java 7 Update 17 (64-bit) (Version: 7.0.170)

Java 7 Update 17 (Version: 7.0.170)

Java Auto Updater (Version: 2.1.9.0)

Jewel Match 3 (Version: 2.2.0.98)

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (Version: 2.2.0.98)

Junk Mail filter update (Version: 15.4.3502.0922)

Launch Manager (Version: 5.1.15)

Launchy 2.5

Lux Delux 6.22

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

McAfee Internet Security Suite (Version: 11.6.511)

McAfee Security Scan Plus (Version: 3.0.318.3)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4481.1510)

Microsoft Outlook 2013 - en-us (Version: 15.0.4481.1510)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SkyDrive (Version: 17.0.2003.1112)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)

Mozilla Maintenance Service (Version: 20.0.1)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MyWinLocker (Version: 4.0.14.27)

MyWinLocker 4 (Version: 4.0.14.27)

MyWinLocker Suite (Version: 4.0.14.19)

Norton Online Backup (Version: 2.1.17869)

NTI Media Maker 9 (Version: 9.0.2.9006)

Office 15 Click-to-Run Extensibility Component (Version: 15.0.4481.1510)

Office 15 Click-to-Run Licensing Component (Version: 15.0.4481.1510)

Office 15 Click-to-Run Localization Component (Version: 15.0.4481.1510)

Opera 12.15 (Version: 12.15.1748)

Pegasus Mail

Pegasus Mail HTML Renderer 2.4.7.2

Penguins! (Version: 2.2.0.98)

Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)

Polar Bowler (Version: 2.2.0.97)

Polar Golfer (Version: 2.2.0.98)

Postbox (3.0.7) (Version: 3.0.7 (en-US))

QuickTime (Version: 7.73.80.64)

Realtek High Definition Audio Driver (Version: 6.0.1.6612)

Realtek PCIE Card Reader (Version: 6.1.7601.28104)

Shared C Run-time for x64 (Version: 10.0.0)

Shredder (Version: 2.0.8.9)

Skype™ 5.10 (Version: 5.10.116)

Sleep Memory Optimizer (Version: 1.00.3004)

Smart Timer (Version: 1.00.3004)

Spotify (Version: 0.9.0.133.gd18ed589)

Torchlight (Version: 2.2.0.98)

TuneUp 2.4.6.4 (Version: 2.4.6.4)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update Installer for WildTangent Games App

Virtual Villagers 5 - New Believers (Version: 2.2.0.97)

Welcome Center (Version: 1.02.3507)

WildTangent Games App (Acer Games) (Version: 4.0.5.32)

Windows Live (Version: 15.4.3502.0922)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3538.0513)

Windows Live Galeria de Fotos (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

WinRAR 4.20 (64-bit) (Version: 4.20.0)

Zuma's Revenge (Version: 2.2.0.98)

==================== Restore Points =========================

23-05-2013 10:42:59 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (05/24/2013 06:23:09 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (05/24/2013 06:23:09 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode

.

Operation:

Instantiating VSS server

Error: (05/24/2013 06:23:09 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.

The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode

]

Operation:

Instantiating VSS server

Error: (05/24/2013 06:09:58 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (05/24/2013 06:09:58 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode

.

Operation:

Instantiating VSS server

Error: (05/24/2013 06:09:58 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.

The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode

]

Operation:

Instantiating VSS server

Error: (05/24/2013 06:06:59 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (05/24/2013 06:06:59 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode

.

Operation:

Instantiating VSS server

Error: (05/24/2013 06:06:59 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.

The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode

]

Operation:

Instantiating VSS server

Error: (05/24/2013 11:43:54 AM) (Source: McLogEvent) (User: NT AUTHORITY)

Description: MCSCAN32 Engine Initialisation failed.

Engine returned error : 3

System errors:

=============

Error: (05/24/2013 07:14:44 PM) (Source: DCOM) (User: )

Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (05/24/2013 07:14:44 PM) (Source: DCOM) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (05/24/2013 07:13:26 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (05/24/2013 07:13:26 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (05/24/2013 07:13:26 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (05/24/2013 07:13:25 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (05/24/2013 07:13:25 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (05/24/2013 07:13:25 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (05/24/2013 07:13:25 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (05/24/2013 07:13:25 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Microsoft Office Sessions:

=========================

Error: (05/24/2013 06:23:09 PM) (Source: System Restore)(User: )

Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (05/24/2013 06:23:09 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (05/24/2013 06:23:09 PM) (Source: VSS)(User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (05/24/2013 06:09:58 PM) (Source: System Restore)(User: )

Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (05/24/2013 06:09:58 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (05/24/2013 06:09:58 PM) (Source: VSS)(User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (05/24/2013 06:06:59 PM) (Source: System Restore)(User: )

Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (05/24/2013 06:06:59 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (05/24/2013 06:06:59 PM) (Source: VSS)(User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (05/24/2013 11:43:54 AM) (Source: McLogEvent)(User: NT AUTHORITY)

Description: 3

CodeIntegrity Errors:

===================================

Date: 2013-05-24 18:32:22.305

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-24 18:32:22.243

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-23 22:51:04.488

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-23 22:51:04.473

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-23 22:51:04.473

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-23 12:17:23.876

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-23 12:17:23.861

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-23 12:17:23.861

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-08 12:47:21.842

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-08 12:47:21.842

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 23%

Total physical RAM: 5980.36 MB

Available physical RAM: 4573.93 MB

Total Pagefile: 11958.9 MB

Available Pagefile: 10579.55 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:350.96 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7CF3A700)

Partition 1: (Not Active) - (Size=16 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 19 GB) (Disk ID: 9BB78D53)

Partition 1: (Not Active) - (Size=4 GB) - (Type=84)

Partition 2: (Not Active) - (Size=15 GB) - (Type=73)

==================== End Of Log ============================

I really appreciate you sticking with me on this. Regardless of how the issue gets resolved, I am more than happy to show my support for your hard work through a donation.

[MrCharlie]

Do you remember what registry entries you deleted or changed??

then I tried googling a list of malware load points and deleted two that seemed suspicious

There should have been files associated with them.

--------------------------------------------------

I'm suspicious of this file, is it possible for you to upload it to Virus Total for a free scan and let me know the results: (just copy back the url)

C:\Windows\SysWOW64\User32.dll

[2010-11-20 23:24] - [2012-11-30 00:53] - 0869376 ____A (Microsoft Corporation) 3CC4B067E361765E44D9BD3CC26E5DB4

If you Google the MD5, you get no hits.....no good.

http://www.virustotal.com/

Let me know....MrC

[kkm2]

It looks like it's no good. The MD5 google search returned no results. Here is the virus total URL result.

https://www.virustotal.com/en/file/4c4cd47c801c00b8eb3cf6db97f48636ec9815834bdaa2375a084d3aedcbfefb/analysis/

As far as my mentioned deleted files, I moved two applications to the recycle bin: migautoplay.exe and displayswitch.exe. Any attempt to shred were unsuccessful so they are still sitting in my recycle bin. I don't recall touching any associated files to these applications.

[MrCharlie]

That file appears to be OK

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff....temLook_x64.exe

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  
  :Filefind
  migautoplay
  displayswitch
  :regfind
  migautoplay
  displayswitch
  

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

[kkm2]

<p>Alright MrC, here is the systemlook log: </p>

<p> </p>

<p> </p>

<div>SystemLook 30.07.11 by jpshortstuff</div>

<div>Log created at 20:59 on 24/05/2013 by kkm</div>

<div>Administrator - Elevation successful</div>

<div> </div>

<div>========== Filefind ==========</div>

<div> </div>

<div>Searching for "migautoplay"</div>

<div>No files found.</div>

<div> </div>

<div>Searching for "displayswitch"</div>

<div>No files found.</div>

<div> </div>

<div>========== regfind ==========</div>

<div> </div>

<div>Searching for "migautoplay"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MigAutoPlay.exe]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C776A5A-FC42-4870-8D65-D62ADD9184FF}\LocalServer32]</div>

<div>@="MigAutoPlay.exe"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\MigAutoPlay.exe]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\MigAutoPlay.exe]</div>

<div> </div>

<div>Searching for "displayswitch"</div>

<div>[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@C:\Windows\system32\displayswitch.exe,-320"="Connect to a Projector"</div>

<div>[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@%windir%\system32\displayswitch.exe,-321"="Connect your computer to a projector by display cable."</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_none_f8d52387aeb75736]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-displayswitch_31bf3856ad364e35_none_9cb68803f659e600]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DisplaySwitch/Diagnostic]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{192ede41-9175-4c86-ac02-9d003c9d43ab}]</div>

<div>@="Microsoft-Windows-DisplaySwitch"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{192ede41-9175-4c86-ac02-9d003c9d43ab}]</div>

<div>"ResourceFileName"="%SystemRoot%\system32\DisplaySwitch.exe"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{192ede41-9175-4c86-ac02-9d003c9d43ab}]</div>

<div>"MessageFileName"="%SystemRoot%\system32\DisplaySwitch.exe"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{192ede41-9175-4c86-ac02-9d003c9d43ab}\ChannelReferences\0]</div>

<div>@="Microsoft-Windows-DisplaySwitch/Diagnostic"</div>

<div>[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@%windir%\system32\displayswitch.exe,-321"="Connect your computer to a projector by display cable."</div>

<div>[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@C:\Windows\system32\displayswitch.exe,-320"="Connect to a Projector"</div>

<div>[HKEY_USERS\S-1-5-21-1020799056-3415802336-2497965464-1001\Software\Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@C:\Windows\system32\displayswitch.exe,-320"="Connect to a Projector"</div>

<div>[HKEY_USERS\S-1-5-21-1020799056-3415802336-2497965464-1001\Software\Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@%windir%\system32\displayswitch.exe,-321"="Connect your computer to a projector by display cable."</div>

<div>[HKEY_USERS\S-1-5-21-1020799056-3415802336-2497965464-1001_Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@C:\Windows\system32\displayswitch.exe,-320"="Connect to a Projector"</div>

<div>[HKEY_USERS\S-1-5-21-1020799056-3415802336-2497965464-1001_Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@%windir%\system32\displayswitch.exe,-321"="Connect your computer to a projector by display cable."</div>

<div>[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@%windir%\system32\displayswitch.exe,-321"="Connect your computer to a projector by display cable."</div>

<div>[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\14C\52C64B7E]</div>

<div>"@C:\Windows\system32\displayswitch.exe,-320"="Connect to a Projector"</div>

<div> </div>

<div>-= EOF =-</div>

[MrCharlie]

Nothing in that log.

Have you tried scanning with Kaspersky Rescue Disk and Unlocker?

If not, you will have to burn a cd or dvd, instructions are at the link below..second half:

http://maddoktor2.com/forums/index.php/topic,55928.0.html

The key is to run WindowsUnlocker first and then run a scan.

Let me know.......MrC

[kkm2]

I was able to burn and boot Kaspersky Rescue and I could unlock windows and perform a scan but this didn't fix the issue. I wasn't able to update Kaspersky because some file was unable to be found so that might be the reason it didn't see this particular malware in the scan.

[MrCharlie]

Try to run ComboFix again:

Try it like this......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

[kkm2]

It worked slightly better but a zoomed in version of the malware prompt appeared again. It blinks routinely as if combofix is still trying but my computer remains locked down.

[MrCharlie]

Give this a try:

(For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.)

Download OTL to your desktop.

http://oldtimer.geekstogo.com/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check.

Under Custom Scan paste this in:

%USERPROFILE%\..|smtmp;true;true;true /FP

%temp%\smtmp\*.* /s >

/md5start

iexplore.*

explorer.*

winlogon.*

dll

zx.dll

hlp.dat

consrv.dll

services.*

/md5stop

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\Fonts\*.com

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.exe

%systemroot%\system32\spool\prtprocs\w32x86\*.*

%systemroot%\REPAIR\*.bak1

%systemroot%\REPAIR\*.ini

%systemroot%\system32\*.jpg

%systemroot%\*.jpg

%systemroot%\*.png

%systemroot%\*.scr

%systemroot%\*._sy

%APPDATA%\Adobe\Update\*.*

%ALLUSERSPROFILE%\Favorites\*.*

%APPDATA%\Microsoft\*.*

%PROGRAMFILES%\*.*

%APPDATA%\Update\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\bak. /s

%systemroot%\system32\bak. /s

%ALLUSERSPROFILE%\Start Menu\*.lnk /x

%systemroot%\system32\config\systemprofile\*.dat /x

%systemroot%\*.config

%systemroot%\system32\*.db

%PROGRAMFILES%\Internet Explorer\*.dat

%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x

%USERPROFILE%\Desktop\*.exe

%PROGRAMFILES%\Common Files\*.*

%systemroot%\*.src

%systemroot%\install\*.*

%systemroot%\system32\DLL\*.*

%systemroot%\system32\HelpFiles\*.*

%systemroot%\system32\rundll\*.*

%systemroot%\winn32\*.*

%systemroot%\Java\*.*

%systemroot%\system32\test\*.*

%systemroot%\system32\Rundll32\*.*

%systemroot%\AppPatch\Custom\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

You can attach them if needed.....MrC

[kkm2]

Here is OTL.txt:

OTL logfile created on: 5/25/2013 4:45:52 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kkm\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.84 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 71.40% Memory free

11.68 Gb Paging File | 10.03 Gb Available in Paging File | 85.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.66 Gb Total Space | 355.28 Gb Free Space | 79.01% Space Free | Partition Type: NTFS

Drive D: | 307.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RANDAL | User Name: kkm | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\kkm\Desktop\OTL.exe (OldTimer Tools)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe File not found

SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)

SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (USecuAppSvc) -- C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe ()

SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)

SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)

SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)

SRV:64bit: - (FFSOpzSvc) -- C:\Program Files\Sleep Memory Optimizer\FFSService.exe (Acer Incorporated)

SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()

SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)

SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)

SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)

SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)

SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)

DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)

DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)

DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)

DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)

DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)

DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)

DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)

DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)

DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)

DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)

DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)

DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)

DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)

DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)

DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)

DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sex.com/"

FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/05/23 18:17:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 09:24:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/23 18:17:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/03/08 21:01:38 | 000,000,000 | ---D | M]

[2013/03/09 01:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kkm\AppData\Roaming\Mozilla\Extensions

[2013/03/13 22:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kkm\AppData\Roaming\Mozilla\Firefox\Profiles\yzs8hbiy.default\extensions

[2013/03/13 22:31:45 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\kkm\AppData\Roaming\Mozilla\Firefox\Profiles\yzs8hbiy.default\extensions\tineye@ideeinc.com.xpi

[2013/04/13 09:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/04/13 09:24:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: SiteAdvisor = C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\

CHR - Extension: Gmail = C:\Users\kkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [instantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [secure Applicayion] C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - Startup: C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O4 - Startup: C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy [2013/05/23 18:17:47 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 File not found

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .cdx - C:\Program Files (x86)\Internet Explorer\Plugins\NPCDP32.DLL (CambridgeSoft.Com)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F89DB3C-D915-4D00-817E-3C9889E849D3}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A47BC55A-245E-4CC4-8D08-FCDB23D1BF38}: DhcpNameServer = 40.31.1.201 40.31.1.202

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/05/25 20:41:04 | 000,000,000 | -HSD | C] -- C:\found.000

[2013/05/25 16:44:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kkm\Desktop\OTL.exe

[2013/05/25 16:42:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/05/25 16:17:01 | 000,000,000 | ---D | C] -- C:\Users\kkm\AppData\Local\temp

[2013/05/25 16:17:00 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/05/25 16:08:08 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013/05/25 15:57:57 | 005,071,432 | R--- | C] (Swearware) -- C:\Users\kkm\Desktop\ComboFix.exe

[2013/05/25 15:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2013/05/25 13:51:13 | 000,000,000 | R--D | C] -- C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

[2013/05/25 09:03:16 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys

[2013/05/25 09:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies

[2013/05/25 09:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner

[2013/05/24 19:15:09 | 000,000,000 | ---D | C] -- C:\Users\kkm\Desktop\frst

[2013/05/24 18:06:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/05/24 18:06:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/05/24 18:06:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/05/24 18:06:49 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/05/24 18:06:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/05/24 17:32:00 | 000,000,000 | ---D | C] -- C:\Users\kkm\Desktop\RK_Quarantine

[2013/05/24 11:20:42 | 000,000,000 | ---D | C] -- C:\FRST

[2013/05/23 22:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

[2013/05/23 22:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN

[2013/05/23 18:33:50 | 000,000,000 | ---D | C] -- C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

[2013/05/23 18:33:49 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2013/05/23 18:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2013/05/23 18:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2013/05/23 14:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/05/19 11:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lux Delux

[2013/05/19 11:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lux

[2013/05/18 12:32:35 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Report

[2013/05/16 07:24:56 | 000,000,000 | ---D | C] -- C:\89745e524c96c8c1cd70

[2013/05/16 07:19:53 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/16 07:19:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/16 07:19:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/05/16 07:19:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/05/16 07:19:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/05/16 07:19:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/05/16 07:19:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/05/16 07:19:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/05/16 07:19:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/05/16 07:19:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/05/16 07:19:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/05/16 07:19:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/16 07:19:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/16 07:19:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/16 07:19:47 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/15 20:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia

[2013/05/15 20:30:38 | 000,000,000 | ---D | C] -- C:\Users\kkm\AppData\Roaming\TuneUpMedia

[2013/05/15 20:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia

[2013/05/15 08:23:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013/05/15 08:23:31 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/05/15 08:23:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/05/15 08:23:30 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/15 08:23:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/05/12 14:06:42 | 000,000,000 | ---D | C] -- C:\Users\kkm\Documents\OneNote Notebooks

[2013/05/09 14:59:00 | 000,000,000 | ---D | C] -- C:\Users\kkm\AppData\Local\{50C4BDA9-B52E-4833-B699-FE1DD0352D28}

[2013/05/09 14:57:15 | 000,000,000 | ---D | C] -- C:\Users\kkm\AppData\Local\{B08E33C0-4609-41CD-825B-D2521FD1B20A}

[2013/05/09 14:57:15 | 000,000,000 | ---D | C] -- C:\Users\kkm\AppData\Local\{4F10273A-4393-44E4-A6D6-71F3E3E1DCE1}

[2013/05/09 10:01:05 | 000,000,000 | ---D | C] -- C:\Users\kkm\Documents\Polymers w, Olivia

[2013/05/09 09:56:55 | 000,000,000 | ---D | C] -- C:\Users\kkm\Documents\Diels-Alder

[2013/05/08 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\kkm\AppData\Roaming\Malwarebytes

[2013/05/08 12:31:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/05/08 12:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/05/08 12:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/05/08 12:28:57 | 000,000,000 | ---D | C] -- C:\Users\kkm\Desktop\rkill

[2013/05/08 12:25:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013/05/07 21:30:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013/05/03 19:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/25 16:47:53 | 000,804,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/25 16:47:53 | 000,678,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/25 16:47:53 | 000,127,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/25 16:44:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kkm\Desktop\OTL.exe

[2013/05/25 16:42:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/25 16:42:04 | 408,178,687 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/25 15:57:57 | 005,071,432 | R--- | M] (Swearware) -- C:\Users\kkm\Desktop\ComboFix.exe

[2013/05/25 13:54:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/25 13:54:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/25 13:50:42 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/25 09:03:16 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys

[2013/05/25 08:56:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/24 20:57:36 | 000,165,376 | ---- | M] () -- C:\Users\kkm\Desktop\SystemLook_x64.exe

[2013/05/24 17:30:44 | 000,791,040 | ---- | M] () -- C:\Users\kkm\Desktop\RogueKillerX64.exe

[2013/05/23 22:15:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/23 22:01:15 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk

[2013/05/23 21:51:30 | 000,009,800 | ---- | M] () -- C:\bootsqm.dat

[2013/05/23 18:33:50 | 000,002,258 | ---- | M] () -- C:\Users\kkm\Desktop\SpyHunter.lnk

[2013/05/23 16:50:10 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync

[2013/05/17 17:41:29 | 000,205,053 | ---- | M] () -- C:\Users\kkm\Desktop\listening-to-music-all-the-time_1232.gif

[2013/05/16 19:07:13 | 000,449,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/15 17:13:04 | 002,366,488 | ---- | M] () -- C:\Users\kkm\Desktop\bkg.png

[2013/05/15 12:39:29 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/05/15 12:39:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/05/13 13:27:48 | 000,034,524 | ---- | M] () -- C:\Users\kkm\Desktop\rental application.pdf

[2013/05/12 14:06:45 | 000,001,099 | ---- | M] () -- C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

[2013/05/10 15:53:15 | 000,272,910 | ---- | M] () -- C:\Users\kkm\Desktop\Chiral Bis(oxazoline)copper(II) Complexes as Lewis Acid Catalysts for the Enantioselective Diels−Alder Reaction.pdf

[2013/05/10 15:51:32 | 002,104,524 | ---- | M] () -- C:\Users\kkm\Desktop\Review - C2-Symmetric Chiral Bis(Oxazoline) Ligands in Asymmetric Catalysis.pdf

[2013/05/10 15:48:56 | 000,207,919 | ---- | M] () -- C:\Users\kkm\Desktop\Salt, concentration, and temperature effects on an asparagine-based, aqueous Diels–Alder cycloaddition.pdf

[2013/05/10 15:47:15 | 000,284,121 | ---- | M] () -- C:\Users\kkm\Desktop\Asymmetric Diels–Alder addition of cyclopentadiene to chiral naphthoquinones.pdf

[2013/05/10 15:45:22 | 000,322,591 | ---- | M] () -- C:\Users\kkm\Desktop\Dendritic Bis(oxazoline)copper(II) Catalysts. 2.1 Synthesis, Reactivity, and Substrate Selectivity.pdf

[2013/05/10 15:43:24 | 000,108,457 | ---- | M] () -- C:\Users\kkm\Desktop\Diels–Alder reaction using a dendritic copper(II) triflate-catalyst a positive dendritic effect on the chemical yield.pdf

[2013/05/10 15:42:09 | 000,155,928 | ---- | M] () -- C:\Users\kkm\Desktop\Regioselectivity of Lewis acid catalyzed Diels-Alder reactions of methylcyclopentadiene.pdf

[2013/05/10 15:40:22 | 000,199,656 | ---- | M] () -- C:\Users\kkm\Desktop\Benzotriazole maleimide as a bifunctional reactant for SERS.pdf

[2013/05/10 15:35:51 | 000,675,794 | ---- | M] () -- C:\Users\kkm\Desktop\Diels-Alder reactions in nonaqueous polar solvents. Kinetic effects of chaotropic and antichaotropic agents and of .beta.-cyclodextrin.pdf

[2013/05/10 15:29:26 | 000,341,694 | ---- | M] () -- C:\Users\kkm\Desktop\Catalytic Enantioselective Diels–Alder Reactions Methods, Mechanistic Fundamentals, Pathways, and Applications.pdf

[2013/05/09 15:10:40 | 000,163,169 | ---- | M] () -- C:\Users\kkm\Desktop\Screen Shot 2013-05-09 at 3.05.17 PM (2).jpg

[2013/05/09 15:02:54 | 001,038,197 | ---- | M] () -- C:\Users\kkm\Desktop\proof.jpg

[2013/05/09 12:10:05 | 000,166,321 | ---- | M] () -- C:\Users\kkm\Desktop\Transition-metal trifluoromethane-sulphonates.pdf

[2013/05/09 12:07:46 | 000,478,963 | ---- | M] () -- C:\Users\kkm\Desktop\Copper(I)- and Copper(II)-catalyzed Diels-Alder Additions of α-Substituted Acrylonitrile to Furan. The Synthesis of 7-Oxa-bicyclo[2.2.1]hept-5-en-2-one.pdf

[2013/05/09 12:06:34 | 000,279,391 | ---- | M] () -- C:\Users\kkm\Desktop\Catalyzed addition of furan with acrylic monomers.pdf

[2013/05/09 12:04:13 | 000,286,599 | ---- | M] () -- C:\Users\kkm\Desktop\PHOTOCSEt4ICAT., CYCLOADDITIONS OF CYCLOSEXENES AND CYCLOHEPTENE WITS CONJUGATED DIENES.pdf

[2013/05/08 12:12:50 | 487,460,330 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/05/08 11:37:43 | 001,616,340 | ---- | M] () -- C:\Users\kkm\Desktop\The Mechanism of the Diels-Alder Reaction.pdf

[2013/05/03 21:43:57 | 000,064,759 | ---- | M] () -- C:\Users\kkm\Desktop\308568_589522887735393_66814455_n.jpg

[2013/05/03 20:00:15 | 000,001,056 | ---- | M] () -- C:\Users\kkm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2013/05/03 19:43:27 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/04/30 12:28:57 | 000,056,452 | ---- | M] () -- C:\Users\kkm\Desktop\Gradual_Selection_of_Guidance_Committee_PhD.pdf

[2013/04/26 14:31:01 | 000,413,487 | ---- | M] () -- C:\Users\kkm\Documents\Palladium-Catalysed Vinylic Substitution of Aryl,Vinyl Iodides and Triflates.pdf

[2013/04/26 14:25:34 | 000,073,305 | ---- | M] () -- C:\Users\kkm\Documents\Consecutive Approach to Alkenes that.pdf

[2013/04/26 12:57:07 | 000,312,770 | ---- | M] () -- C:\Users\kkm\Documents\Natural deep eutectic salt promoted regioselective reduction of epoxides.pdf

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/24 20:57:34 | 000,165,376 | ---- | C] () -- C:\Users\kkm\Desktop\SystemLook_x64.exe

[2013/05/24 18:06:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/05/24 18:06:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/05/24 18:06:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/05/24 18:06:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/05/24 18:06:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/05/24 17:30:42 | 000,791,040 | ---- | C] () -- C:\Users\kkm\Desktop\RogueKillerX64.exe

[2013/05/23 22:01:15 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk

[2013/05/23 21:51:30 | 000,009,800 | ---- | C] () -- C:\bootsqm.dat

[2013/05/23 18:33:52 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys

[2013/05/23 18:33:50 | 000,002,258 | ---- | C] () -- C:\Users\kkm\Desktop\SpyHunter.lnk

[2013/05/23 16:50:10 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync

[2013/05/17 17:41:29 | 000,205,053 | ---- | C] () -- C:\Users\kkm\Desktop\listening-to-music-all-the-time_1232.gif

[2013/05/15 17:13:04 | 002,366,488 | ---- | C] () -- C:\Users\kkm\Desktop\bkg.png

[2013/05/13 13:27:47 | 000,034,524 | ---- | C] () -- C:\Users\kkm\Desktop\rental application.pdf

[2013/05/12 14:06:45 | 000,001,099 | ---- | C] () -- C:\Users\kkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

[2013/05/10 15:53:15 | 000,272,910 | ---- | C] () -- C:\Users\kkm\Desktop\Chiral Bis(oxazoline)copper(II) Complexes as Lewis Acid Catalysts for the Enantioselective Diels−Alder Reaction.pdf

[2013/05/10 15:51:31 | 002,104,524 | ---- | C] () -- C:\Users\kkm\Desktop\Review - C2-Symmetric Chiral Bis(Oxazoline) Ligands in Asymmetric Catalysis.pdf

[2013/05/10 15:48:56 | 000,207,919 | ---- | C] () -- C:\Users\kkm\Desktop\Salt, concentration, and temperature effects on an asparagine-based, aqueous Diels–Alder cycloaddition.pdf

[2013/05/10 15:47:15 | 000,284,121 | ---- | C] () -- C:\Users\kkm\Desktop\Asymmetric Diels–Alder addition of cyclopentadiene to chiral naphthoquinones.pdf

[2013/05/10 15:45:21 | 000,322,591 | ---- | C] () -- C:\Users\kkm\Desktop\Dendritic Bis(oxazoline)copper(II) Catalysts. 2.1 Synthesis, Reactivity, and Substrate Selectivity.pdf

[2013/05/10 15:43:24 | 000,108,457 | ---- | C] () -- C:\Users\kkm\Desktop\Diels–Alder reaction using a dendritic copper(II) triflate-catalyst a positive dendritic effect on the chemical yield.pdf

[2013/05/10 15:42:09 | 000,155,928 | ---- | C] () -- C:\Users\kkm\Desktop\Regioselectivity of Lewis acid catalyzed Diels-Alder reactions of methylcyclopentadiene.pdf

[2013/05/10 15:40:22 | 000,199,656 | ---- | C] () -- C:\Users\kkm\Desktop\Benzotriazole maleimide as a bifunctional reactant for SERS.pdf

[2013/05/10 15:35:51 | 000,675,794 | ---- | C] () -- C:\Users\kkm\Desktop\Diels-Alder reactions in nonaqueous polar solvents. Kinetic effects of chaotropic and antichaotropic agents and of .beta.-cyclodextrin.pdf

[2013/05/10 15:29:26 | 000,341,694 | ---- | C] () -- C:\Users\kkm\Desktop\Catalytic Enantioselective Diels–Alder Reactions Methods, Mechanistic Fundamentals, Pathways, and Applications.pdf

[2013/05/09 15:09:30 | 000,163,169 | ---- | C] () -- C:\Users\kkm\Desktop\Screen Shot 2013-05-09 at 3.05.17 PM (2).jpg

[2013/05/09 14:51:50 | 001,038,197 | ---- | C] () -- C:\Users\kkm\Desktop\proof.jpg

[2013/05/09 12:10:05 | 000,166,321 | ---- | C] () -- C:\Users\kkm\Desktop\Transition-metal trifluoromethane-sulphonates.pdf

[2013/05/09 12:07:46 | 000,478,963 | ---- | C] () -- C:\Users\kkm\Desktop\Copper(I)- and Copper(II)-catalyzed Diels-Alder Additions of α-Substituted Acrylonitrile to Furan. The Synthesis of 7-Oxa-bicyclo[2.2.1]hept-5-en-2-one.pdf

[2013/05/09 12:06:34 | 000,279,391 | ---- | C] () -- C:\Users\kkm\Desktop\Catalyzed addition of furan with acrylic monomers.pdf

[2013/05/09 12:04:13 | 000,286,599 | ---- | C] () -- C:\Users\kkm\Desktop\PHOTOCSEt4ICAT., CYCLOADDITIONS OF CYCLOSEXENES AND CYCLOHEPTENE WITS CONJUGATED DIENES.pdf

[2013/05/08 11:37:43 | 001,616,340 | ---- | C] () -- C:\Users\kkm\Desktop\The Mechanism of the Diels-Alder Reaction.pdf

[2013/05/07 21:30:10 | 487,460,330 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013/05/03 21:43:57 | 000,064,759 | ---- | C] () -- C:\Users\kkm\Desktop\308568_589522887735393_66814455_n.jpg

[2013/05/03 20:00:15 | 000,001,056 | ---- | C] () -- C:\Users\kkm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2013/04/30 12:28:57 | 000,056,452 | ---- | C] () -- C:\Users\kkm\Desktop\Gradual_Selection_of_Guidance_Committee_PhD.pdf

[2013/04/26 14:31:01 | 000,413,487 | ---- | C] () -- C:\Users\kkm\Documents\Palladium-Catalysed Vinylic Substitution of Aryl,Vinyl Iodides and Triflates.pdf

[2013/04/26 14:25:34 | 000,073,305 | ---- | C] () -- C:\Users\kkm\Documents\Consecutive Approach to Alkenes that.pdf

[2013/04/26 12:57:07 | 000,312,770 | ---- | C] () -- C:\Users\kkm\Documents\Natural deep eutectic salt promoted regioselective reduction of epoxides.pdf

[2013/03/09 11:50:35 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user32.ini

[2013/03/09 00:35:14 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/04 04:46:48 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/05/04 04:46:47 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/05/04 04:46:46 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012/05/04 04:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2012/05/04 04:46:46 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/02/03 01:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/25 15:33:51 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\GetRightToGo

[2013/03/09 00:44:51 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\iMobie

[2013/05/23 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\Launchy

[2013/03/09 00:33:17 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\Opera

[2013/04/16 07:46:44 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\Pegasus Mail

[2013/03/10 20:12:23 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\Postbox

[2013/05/18 09:00:35 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\Spotify

[2013/03/09 18:34:12 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\Thunderbird

[2013/05/17 19:03:30 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\TuneUpMedia

[2013/05/03 19:52:56 | 000,000,000 | ---D | M] -- C:\Users\kkm\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >

[2010/11/21 03:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >

[2009/06/10 16:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >

[2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe

[2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/07/14 01:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/07/14 01:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >

[2010/11/21 03:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui

[2010/11/21 03:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui

[2010/11/21 03:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui

[2010/11/21 03:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-D5E97654.PF >

[2013/03/09 08:29:30 | 000,035,684 | ---- | M] () MD5=AF6D3886D3918E7FFF61FCAE4CB8596C -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf

< MD5 for: IEXPLORE.EXE >

[2013/01/08 21:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe

[2013/04/02 07:10:35 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_20e4a040529a2792\iexplore.exe

[2013/02/24 20:58:09 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=28F93BAFB3EB407E99A7ED3D9DBDE04C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_ffb93ba237e760ce\iexplore.exe

[2013/04/05 01:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe

[2013/02/21 08:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_16920d4a1e377ea4\iexplore.exe

[2013/04/02 07:10:35 | 000,775,184 | ---- | M] (Microsoft Corporation) MD5=681B380492ACB571ED6CCC1F37F53343 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_168ff5ee1e396597\iexplore.exe

[2013/01/08 18:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe

[2009/04/20 00:56:28 | 000,060,416 | ---- | M] (NirSoft) MD5=753BC16326FEE4A421ACB636CCD602F4 -- C:\ComboFix\iexplore.exe

[2013/02/02 04:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe

[2010/11/20 23:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe

[2011/09/21 05:28:13 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe

[2013/02/24 19:52:40 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=A11C5E3E288256C540B7ED8BE3A04B01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_0a0de5f46c4822c9\iexplore.exe

[2013/02/02 00:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe

[2013/02/02 03:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe

[2013/04/05 02:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

[2013/04/05 02:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\erdnt\cache86\iexplore.exe

[2013/04/05 02:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe

[2005/08/15 13:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\ComboFix\en-US\iexplore.exe

[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe

[2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe

[2013/04/05 03:53:33 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Program Files\Internet Explorer\iexplore.exe

[2013/04/05 03:53:33 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe

[2013/02/02 00:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe

[2013/04/05 03:23:03 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=DE751E18F8DBF7BCCE46989CBA4A9828 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_ffbd812237e37947\iexplore.exe

[2013/02/21 07:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe

[2013/01/08 20:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe

[2013/01/08 17:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe

[2011/09/21 05:28:11 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >

[2011/09/21 05:28:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui

[2011/09/21 05:28:13 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui

[2013/04/02 07:10:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui

[2013/04/02 07:10:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

[2013/04/02 07:10:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui

[2013/04/02 07:10:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui

[2009/07/13 22:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui

[2009/07/13 22:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: SERVICES >

[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >

[2012/12/18 10:28:54 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx

[2012/12/18 10:28:56 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx

[2012/12/18 10:28:44 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx

[2012/12/18 10:28:38 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx

[2012/12/18 10:28:42 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx

[2012/12/18 10:28:42 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx

[2012/12/18 10:28:46 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx

[2012/12/18 10:28:50 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx

[2012/12/18 10:28:28 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx

[2012/12/18 10:28:48 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx

[2012/12/18 10:28:28 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx

[2012/12/18 10:28:52 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx

[2012/12/18 10:28:24 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx

[2012/12/18 10:28:40 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx

[2012/12/18 10:28:26 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx

[2012/12/18 10:28:58 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx

[2012/12/18 10:28:46 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx

[2012/12/18 10:28:58 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx

[2012/12/18 10:29:00 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx

[2012/12/18 10:28:34 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx

[2012/12/18 10:28:50 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx

[2012/12/18 10:28:30 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx

[2012/12/18 10:28:50 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx

[2010/11/16 00:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx

[2012/12/18 10:28:36 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx

[2012/12/18 10:28:34 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx

[2012/12/18 10:28:32 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >

[2010/11/16 00:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >

[2010/11/16 00:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >

[2010/11/16 00:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >

[2010/11/16 00:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >

[2010/11/16 00:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >

[2010/11/16 00:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >

[2010/11/16 00:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >

[2010/11/16 00:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >

[2010/11/16 00:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >

[2010/11/16 00:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >

[2010/11/16 00:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >

[2010/11/16 00:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >

[2010/11/16 00:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >

[2010/11/16 00:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >

[2010/11/16 00:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >

[2010/11/16 00:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >

[2010/11/16 00:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >

[2010/11/16 00:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >

[2010/11/16 00:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >

[2010/11/16 00:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >

[2010/11/16 00:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >

[2010/11/16 00:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >

[2010/11/16 00:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >

[2010/11/16 00:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >

[2010/11/16 00:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >

[2013/05/10 03:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

[2010/11/16 00:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui

[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.JSM >

[2012/03/10 19:30:24 | 000,006,317 | ---- | M] () MD5=C698274FE1590498B56DEDB947AEFF16 -- C:\Program Files (x86)\TuneUpMedia\xre\modules\Services.jsm

< MD5 for: SERVICES.LNK >

[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >

[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof

[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >

[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc

[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc

[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc

[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc

[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc

[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc

[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc

[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >

[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml

[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: WINLOGON.ADML >

[2010/11/21 03:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >

[2009/06/10 17:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >

[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe

[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >

[2010/11/21 03:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui

[2010/11/21 03:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >

[2010/11/21 03:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl

[2010/11/21 03:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >

[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof

[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >

[2012/05/04 04:48:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2013/05/23 21:51:30 | 000,009,800 | ---- | M] () -- C:\bootsqm.dat

[2013/05/23 16:50:10 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync

[2013/05/25 16:42:04 | 408,178,687 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/25 16:42:12 | 1975,894,015 | -HS- | M] () -- C:\pagefile.sys

[2013/05/08 12:25:56 | 000,151,480 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_08.05.2013_12.24.09_log.txt

< %systemroot%\Fonts\*.com >

[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2011/05/13 18:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2013/03/08 20:35:21 | 000,000,221 | -HS- | M] () -- C:\Users\kkm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

[2013/05/25 15:57:57 | 005,071,432 | R--- | M] (Swearware) -- C:\Users\kkm\Desktop\ComboFix.exe

[2013/05/25 16:44:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kkm\Desktop\OTL.exe

[2013/05/24 17:30:44 | 000,791,040 | ---- | M] () -- C:\Users\kkm\Desktop\RogueKillerX64.exe

[2013/05/24 20:57:36 | 000,165,376 | ---- | M] () -- C:\Users\kkm\Desktop\SystemLook_x64.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========

[2013/03/09 12:57:51 | 000,348,400 | ---- | C] ()(C:\Users\kkm\Documents\Enantioselective Total Syntheses of Communesins A and B??.pdf) -- C:\Users\kkm\Documents\Enantioselective Total Syntheses of Communesins A and B.pdf

[2013/02/13 10:02:50 | 000,348,400 | ---- | M] ()(C:\Users\kkm\Documents\Enantioselective Total Syntheses of Communesins A and B??.pdf) -- C:\Users\kkm\Documents\Enantioselective Total Syntheses of Communesins A and B.pdf

< End of report >

[kkm2]

And here is Extras.txt:

OTL Extras logfile created on: 5/25/2013 4:45:52 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kkm\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.84 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 71.40% Memory free

11.68 Gb Paging File | 10.03 Gb Available in Paging File | 85.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.66 Gb Total Space | 355.28 Gb Free Space | 79.01% Space Free | Partition Type: NTFS

Drive D: | 307.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RANDAL | User Name: kkm | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0868C6C3-6214-4995-808A-8CFD359803D7}" = rport=10243 | protocol=6 | dir=out | app=system |

"{0C1CB871-B54F-4684-BA1C-B024EC346D1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{112CEEDF-417A-4CB1-9DD8-E5D8B9A8E442}" = lport=445 | protocol=6 | dir=in | app=system |

"{1B4F7DA1-1475-490A-811E-E5275E37844C}" = rport=139 | protocol=6 | dir=out | app=system |

"{275DEA72-1E4C-42F6-B3A0-800692B1491D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{31907854-2F10-4BA9-93C6-F661AA6C1750}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{35A0AA4A-D79E-4A9D-92F1-8CDB0108DF4B}" = rport=138 | protocol=17 | dir=out | app=system |

"{37E69EC3-0612-41E8-93A4-E8FFF5A6534B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{38A91058-EE0F-4998-AEB0-13501E784CB2}" = lport=10243 | protocol=6 | dir=in | app=system |

"{593A6258-9B29-4155-A7B2-9941536D744C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5A2FD231-9B29-408D-8473-F8A7DDF17667}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6CE3C215-2FD7-4D06-BE8D-84F2616D1CED}" = rport=445 | protocol=6 | dir=out | app=system |

"{714F2714-86ED-48E3-ABEA-0A2A92C465A2}" = lport=139 | protocol=6 | dir=in | app=system |

"{7C2BDDF1-358C-40ED-8F65-2DE5E5CEDC5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8461945D-D1CA-4FB5-9F72-E9F8820E2669}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{88D3A552-CD47-4E03-AF5C-C2DACC8A1C14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8E0FD02E-68BD-480B-9B2C-102276D295C2}" = lport=137 | protocol=17 | dir=in | app=system |

"{ABBD7BBA-9EDE-4215-8DBA-DE7801F10ED6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{CB9D5643-17AB-4BF0-A465-641B890C33F4}" = lport=138 | protocol=17 | dir=in | app=system |

"{DA932721-00CD-4E2F-A201-682F2D644603}" = rport=137 | protocol=17 | dir=out | app=system |

"{DE820137-4297-4955-84EF-2F094CCA5302}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EFC6AA80-809E-47E9-86A4-87DE87A1140D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F0D9E83B-5344-405E-A2B2-6B94E090DA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |

"{F24EA41B-FD06-4FC9-8FA6-E577BE42DBCA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F646F0DC-EBCE-4998-8084-EE46852F85CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F65A0B4A-BD8F-4F6D-BB39-39A68B4411B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05CEBA15-9EDC-483D-BD24-8AB41F454BF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{1024DC5C-9404-4845-AA5C-171972054A24}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{1F01C7A3-8754-45CD-A4B6-FBAE93D978F2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1F37154B-CAA4-43AE-8C7D-ADBE074C94BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1FED77B8-6CA4-4719-96D4-A835CF8ECE3A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{22F1AE04-8989-4630-9B81-21E8483FCC14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{247AFF4F-4A47-4386-A97D-CA4F883BF9D8}" = protocol=17 | dir=in | app=c:\users\kkm\appdata\local\vghd\bin\virtuagirl_downloader.exe |

"{2EA6FE03-A539-4882-9009-4F387C810227}" = dir=in | app=c:\users\kkm\appdata\local\microsoft\skydrive\skydrive.exe |

"{2FC7F5AC-675E-42DF-93CF-452DC2CE9FE1}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe |

"{2FCCAF62-5D6C-41F2-9632-8C60B0AD900F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |

"{3D290474-15D4-42D7-841A-8118ACA069F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3E217DBE-34B7-4274-8630-AAA62542A536}" = dir=in | app=c:\program files\acer\acer theft shield\usecuappclient.exe |

"{42EE3AC0-9AD5-4F4D-B299-3785A24807B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{50050374-F25B-430A-A483-B83011035301}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe |

"{5259DB90-2BD7-424E-97FE-D3359DBBEC6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{55160A82-3B2F-4C5E-9BA6-E12CEAED95B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{582BCBF1-83AE-401F-977A-EC3003AD2858}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |

"{59F06229-2896-4CF4-87FE-B6BB641E76F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{5DEA4C70-98BB-4A1E-8E70-BA2F073FDA81}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{5FB7F99A-FF93-417C-81D2-A132A1C0CF61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6174D24D-FD8A-47C5-8CA6-DAA993ACF28A}" = protocol=6 | dir=out | app=system |

"{67E06140-7328-4679-82BA-3436F9833F78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{7061095C-F6EF-4865-B97B-B4A21636B0FC}" = protocol=17 | dir=in | app=c:\users\kkm\appdata\roaming\spotify\spotify.exe |

"{7130F5CA-4BF5-499A-B181-F1F1D2000A00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7290B850-AB09-4BE8-8DDA-ED166E406358}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |

"{73CF2833-7774-4086-B931-E3F78725CDA5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{7711E7DE-8905-4F2E-A326-68D757A0AA7C}" = protocol=6 | dir=in | app=c:\users\kkm\appdata\local\vghd\bin\virtuagirl_downloader.exe |

"{8165A104-E16D-4B59-9CE8-E8123F28513F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{82DCEBEF-7E0E-4B4D-959B-4C0F748E2726}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{862A6C34-EFC6-4ADA-B699-436A6FC507F3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{870A0E33-8DA7-4FF0-8511-487DB2AB654E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{871C234C-A423-4E9C-A75B-23A8EB50270B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{89581CCD-6EB1-49F9-9EC7-F51FBDE65CAD}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |

"{8F969DED-F3D4-4256-8353-AB90AD6942F5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{989D2DBE-8BA5-441A-8BA2-B9F59422B798}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |

"{A1A482A8-3531-439F-82B3-88E6D3E383E5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A48A596A-E988-41EF-92B1-D301F0D0C718}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A538B1E6-EEC0-42A2-B502-B25CFC975608}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{AA73DB13-2871-4E96-ADAB-9732CC417BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{ADA2C8DA-3DB8-4011-BD12-E257EC6ACF42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{BF377B1C-7847-4527-9857-8E865FE7A1BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{C066E431-7E4E-467B-82A6-D287049DFC1B}" = protocol=6 | dir=in | app=c:\users\kkm\appdata\roaming\spotify\spotify.exe |

"{C08961D3-3A78-4920-9B85-09E210225F82}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{C7416403-10BD-4A9E-B66D-CF563C906F6A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{CFF16F17-DC83-4660-9BB4-8312C0F12E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |

"{D09BF720-759D-46D7-B935-028632F28499}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe |

"{D13C1E14-469A-4F11-855A-F8DAA2881DDC}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |

"{D174DC17-51D4-4512-8A42-FFA5CAE3E3C0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{D1D1BA7C-F84F-4E72-960C-A5A67F35D106}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |

"{DE54D5D9-033D-4CE7-B1DE-C29272C359C0}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |

"{E5B1A182-EA21-4FA8-894B-C42E5FF47825}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EA7BC5F0-ABEB-476D-AFCA-41C3F6E426C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EAE092A9-4E9C-4392-B223-6A125D2136ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EC2A9BCC-9363-4D66-BCEB-382249BDC34E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{F3288AA0-012F-4DE0-8CC1-7EB5918CFD61}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |

"{F63ECF8B-E0BE-419A-888A-FD329FE59B7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E084588-8CC6-4D1B-B904-B1A09DA22A52}" = ExpressCache

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)

"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}" = Acer Instant Update Service

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}" = Acer Theft Shield

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller

"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Elantech" = ETDWare PS/2-X64 10.6.10.8_WHQL

"HitmanPro37" = HitmanPro 3.7

"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"OutlookRetail - en-us" = Microsoft Outlook 2013 - en-us

"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34BE2594-1D20-4A2E-97A0-B9E2837520AE}" = Sleep Memory Optimizer

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}" = Smart Timer

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger

"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component

"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker

"{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" = clear.fi SDK - MVP 2

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1" = Pegasus Mail HTML Renderer 2.4.7.2

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B1C145A4-E36E-4ABB-A8FA-EBD5168AFB45}" = ChemDraw Ultra 7.0

"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer

"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" = clear.fi SDK- Movie 2

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}" = Acer USB Charge Manager

"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2

"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology

"Acer Registration" = Acer Registration

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Google Chrome" = Google Chrome

"Identity Card" = Identity Card

"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso

"Launchy_21344213_is1" = Launchy 2.5

"LManager" = Launch Manager

"Lux Delux_is1" = Lux Delux 6.22

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSC" = McAfee Internet Security Suite

"Opera 12.15.1748" = Opera 12.15

"Pegasus Mail" = Pegasus Mail

"Postbox (3.0.7)" = Postbox (3.0.7)

"TuneUpMedia" = TuneUp 2.4.6.4

"uTorrent" = µTorrent

"WildTangent acer Master Uninstall" = Acer Games

"WinLiveSuite" = Windows Live Essentials

"WTA-0fab39a3-b118-46f8-bb1c-e006563468ab" = Dora's World Adventure

"WTA-27c9acb5-660a-447c-93f6-9f0216634305" = Torchlight

"WTA-2e6965e6-badd-4366-b2ea-5362fdfd7d29" = Polar Golfer

"WTA-36ecef43-1c80-4521-a8c6-316fec15aac2" = Agatha Christie - Death on the Nile

"WTA-3ba9b152-0576-4d97-9051-24a804221c09" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition

"WTA-46754afa-bfa6-42fb-8d46-d5ec85f2c5c2" = Chuzzle Deluxe

"WTA-4aecee7f-5aba-41ae-a0cf-c46da9f1f1fb" = Jewel Match 3

"WTA-5084589c-535e-4fce-ab1f-b4f20bd78047" = Zuma's Revenge

"WTA-51ab623e-a7b5-4988-9748-f4ab1e36060b" = Polar Bowler

"WTA-51c21911-2e85-4743-bd34-33eb36949551" = Chronicles of Albian

"WTA-703cecb3-2159-4758-83df-b5fc9b9b2f03" = FATE

"WTA-7ff27b3a-49cd-4339-b308-86c33a5b977e" = Final Drive: Nitro

"WTA-932c05f8-f5bc-4167-84d6-0dccfbd7a643" = Cradle of Rome 2

"WTA-a2334ff8-6d8b-42c0-8e9a-0694a9119bda" = Governor of Poker 2 Premium Edition

"WTA-aa1af6f8-ef39-4582-9be5-6c350c7d05aa" = Bejeweled 3

"WTA-b724f5f2-b6a6-42c1-8af0-ee5f70566ffd" = Penguins!

"WTA-c45fe121-fb47-4bef-9f0e-68078d026255" = Plants vs. Zombies - Game of the Year

"WTA-c8dd6ddf-d883-4a40-8203-6ddf7062e87f" = Virtual Villagers 5 - New Believers

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"SkyDriveSetup.exe" = Microsoft SkyDrive

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/13/2013 5:10:21 PM | Computer Name = Randal | Source = Bonjour Service | ID = 100

Description = mDNS_Execute: SendResponses didn't send all its responses; will try

again in one second

Error - 5/13/2013 5:10:22 PM | Computer Name = Randal | Source = Bonjour Service | ID = 100

Description = mDNS_Execute: SendResponses didn't send all its responses; will try

again in one second

Error - 5/13/2013 5:10:23 PM | Computer Name = Randal | Source = Bonjour Service | ID = 100

Description = mDNS_Execute: SendResponses didn't send all its responses; will try

again in one second

Error - 5/13/2013 5:10:24 PM | Computer Name = Randal | Source = Bonjour Service | ID = 100

Description = mDNS_Execute: SendResponses didn't send all its responses; will try

again in one second

Error - 5/13/2013 5:10:25 PM | Computer Name = Randal | Source = Bonjour Service | ID = 100

Description = mDNS_Execute: SendResponses didn't send all its responses; will try

again in one second

Error - 5/13/2013 5:10:26 PM | Computer Name = Randal | Source = Bonjour Service | ID = 100

Description = mDNS_Execute: SendResponses didn't send all its responses; will try

again in one second

Error - 5/13/2013 5:10:27 PM | Computer Name = Randal | Source = Bonjour Service | ID = 100

Description = mDNS_Execute: SendResponses didn't send all its responses; will try

again in one second

Error - 5/14/2013 8:47:25 AM | Computer Name = Randal | Source = WinMgmt | ID = 10

Description =

Error - 5/14/2013 12:39:01 PM | Computer Name = Randal | Source = Application Hang | ID = 1002

Description = The program OUTLOOK.EXE version 15.0.4481.1508 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1c74 Start

Time: 01ce50c14cda6c78 Termination Time: 31 Application Path: C:\Program Files\Microsoft

Office 15\root\office15\OUTLOOK.EXE Report Id: ba57504c-bcb4-11e2-ae4e-08edb912d1b4

Error - 5/15/2013 7:59:58 AM | Computer Name = Randal | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 5/23/2013 5:22:06 PM | Computer Name = Randal | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

< End of report >