Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google keep redirecting


  • This topic is locked This topic is locked
7 replies to this topic

#1 norrathx

norrathx

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 01 August 2012 - 05:50 AM

Just recently when ever i search something i will be redirected to a site called allsafelist.com Which is causing alot of issues when i try to search things... its pretty annoying hope you can help :D


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by ADMIN at 3:22:21 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2447 [GMT -7:00]
.
AV: STOPzilla! *Disabled/Updated* {17032AB1-6644-0721-EEB5-A39B8B646009}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla! *Disabled/Updated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\STOPzilla!\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: {023372ED-6EC2-4D55-AE7E-DF9F9E5C7E65} - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: {0538cf1c-8419-4800-adbb-0c00c799fda2} - My Personal Homepage
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\ADMIN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{EC2B9979-7D53-46A1-8781-0A29FF092A1F} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
BHO-X64: {023372ED-6EC2-4D55-AE7E-DF9F9E5C7E65} - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - My Personal Homepage
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
BHO-X64: YSPManager - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\jynvila3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/r/all/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\ADMIN\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\jynvila3.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-3-26 20376]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-7 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-5-5 628040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-1 250056]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 hitmanpro36;HitmanPro 3.6 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 114144]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
.
=============== Created Last 30 ================
.
2012-08-01 08:55:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 08:29:17 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-08-01 08:13:07 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-01 08:12:18 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\Malwarebytes
2012-08-01 08:12:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-01 08:12:06 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-01 08:12:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-01 04:56:57 74872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2012-08-01 04:56:57 45936 ----a-w- C:\Windows\System32\SBBD.EXE
2012-08-01 04:56:48 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-08-01 04:56:47 -------- d-----w- C:\ProgramData\STOPzilla!
2012-07-31 20:16:50 23416 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2012-07-31 20:16:38 546680 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2012-07-31 20:16:34 497528 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2012-07-31 08:39:22 -------- d-----w- C:\Program Files (x86)\Steam
2012-07-30 08:36:28 -------- d-----w- C:\Users\ADMIN\AppData\Local\VS Revo Group
2012-07-27 16:13:30 -------- d-----w- C:\Games
2012-07-27 16:11:14 -------- d-----w- C:\Users\ADMIN\AppData\Local\Black_Tree_Gaming
2012-07-27 16:11:07 -------- d-----w- C:\Program Files\Nexus Mod Manager
2012-07-27 15:36:39 -------- d-----w- C:\BOSS
2012-07-23 09:40:18 -------- d-----w- C:\Users\ADMIN\AppData\Local\{28C1AB57-C92F-11E1-8270-B8AC6F996F26}
2012-07-23 05:02:27 -------- d-----w- C:\Users\ADMIN\AppData\Local\Google
2012-07-23 00:22:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-23 00:22:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-22 23:35:48 -------- d-----w- C:\Users\ADMIN\AppData\Local\dxhr
2012-07-22 23:34:55 -------- d-----w- C:\Users\ADMIN\AppData\Local\28050
2012-07-22 23:02:49 -------- d-----w- C:\Program Files (x86)\Square Enix
2012-07-22 08:09:36 -------- d-----w- C:\ProgramData\Nexon
2012-07-22 07:53:02 -------- d-----w- C:\ProgramData\NexonUS
2012-07-22 07:53:02 -------- d-----w- C:\Nexon
2012-07-21 02:27:33 -------- d-sh--w- C:\ProgramData\SecuROM
2012-07-20 15:17:23 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-07-17 15:36:16 29048 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2012-07-17 15:36:16 231288 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2012-07-17 15:36:14 391032 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2012-07-17 15:36:12 100216 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2012-07-17 15:36:06 132984 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2012-07-17 15:36:06 104312 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2012-07-17 15:36:04 67448 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2012-07-17 15:36:04 456568 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2012-07-17 15:36:02 812920 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2012-07-11 18:51:25 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\runic games
2012-07-11 18:49:37 -------- d-----w- C:\Program Files (x86)\Runic Games
2012-07-10 17:09:06 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\six-updater
2012-07-10 17:09:05 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\six-zsync
2012-07-10 17:06:04 -------- d-----w- C:\Program Files (x86)\SIX Projects
2012-07-10 17:05:14 -------- d-----w- C:\Users\ADMIN\AppData\Local\Downloaded Installations
2012-07-10 16:43:50 -------- d-----w- C:\Users\ADMIN\AppData\Local\ArmA 2 OA
2012-07-10 16:43:46 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive
2012-07-10 16:33:27 -------- d-----w- C:\Users\ADMIN\AppData\Local\ArmA 2
2012-07-10 09:32:07 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\CleanMyPC Software
2012-07-10 09:32:04 -------- d-----w- C:\Program Files (x86)\CleanMyPC
2012-07-10 09:29:36 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\Auslogics
2012-07-10 09:25:48 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\OpenCandy
2012-07-10 09:25:46 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\Nico Mak Computing
2012-07-10 09:25:42 -------- d-----w- C:\Program Files (x86)\WinZip Registry Optimizer
2012-07-10 03:21:12 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\TS3Client
2012-07-10 03:21:04 -------- d-----w- C:\Users\ADMIN\AppData\Local\TeamSpeak 3 Client
2012-07-09 20:19:53 -------- d-----w- C:\Program Files (x86)\Valve
2012-07-09 05:36:09 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-07-09 05:35:51 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-07-08 19:00:23 -------- d-----w- C:\Users\ADMIN\AppData\Local\{28C173AC-C92F-11E1-8270-B8AC6F996F26}
2012-07-04 20:26:25 -------- d-----w- C:\Program Files (x86)\DVD Shrink
.
==================== Find3M ====================
.
2012-07-27 10:15:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 10:15:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-27 06:13:44 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-26 08:53:14 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
2012-05-24 02:59:24 955848 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-05-24 02:59:24 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-05 02:29:22 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-05 02:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 3:22:38.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:12 AM

Posted 01 August 2012 - 10:22 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    C:\Users\ADMIN\AppData\Local\{28C173AC-C92F-11E1-8270-B8AC6F996F26}\*.* /s
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    svchost.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 norrathx

norrathx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 01 August 2012 - 03:42 PM

1. Hello and thank you for getting back to me so fast SweetTech

2. TDSSKiller aquired no Threats

3.
Farbar Service Scanner Version: 26-07-2012
Ran by ADMIN (administrator) on 01-08-2012 at 13:17:20
Running from "C:\Users\ADMIN\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




4.

OTL logfile created on: 8/1/2012 1:19:11 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\ADMIN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 72.10% Memory free
8.00 Gb Paging File | 6.50 Gb Available in Paging File | 81.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 103.00 Gb Free Space | 34.55% Space Free | Partition Type: NTFS

Computer Name: KEITHJ-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 13:18:03 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
PRC - [2012/08/01 13:16:29 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\ADMIN\Downloads\FSS.exe
PRC - [2012/08/01 01:09:28 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ADMIN\Desktop\tdsskiller.exe
PRC - [2012/07/31 13:16:30 | 000,067,448 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\SZServer.exe
PRC - [2012/07/31 13:16:22 | 000,194,424 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2012/07/09 21:01:36 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 21:01:36 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/04/27 19:05:40 | 000,613,208 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
PRC - [2012/04/27 19:05:36 | 000,263,512 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\Boost.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/08/03 04:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 21:09:00 | 000,438,296 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/09 21:08:59 | 003,972,120 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/09 21:07:39 | 000,554,520 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/09 21:07:37 | 000,117,784 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/09 21:07:22 | 000,140,328 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/09 21:07:21 | 000,262,184 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/09 21:07:19 | 002,386,984 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 21:01:37 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 21:01:36 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/12/15 15:16:32 | 000,516,440 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster 3\sqlite3.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/31 20:45:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/31 13:16:30 | 000,067,448 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\STOPzilla!\SZServer.exe -- (szserver)
SRV - [2012/07/27 03:15:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 08:17:23 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/09 21:01:36 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/10 11:33:10 | 000,628,040 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [Auto | Running] -- C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe -- (WINZIPSSDiskOptimizer)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/03 04:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/01 01:29:17 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/05/26 23:13:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/12 09:28:48 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/19 02:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2011/08/19 02:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:13:56 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:13:54 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:52 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/04 23:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/10/31 08:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/05/26 17:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 72 33 02 C2 6E 55 4D AE 7E DF 9F 9E 5C 7E 65 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4dcc4cd8&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 72 33 02 C2 6E 55 4D AE 7E DF 9F 9E 5C 7E 65 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4dcc4cd8&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com [binary data]
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20111109
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://isearch.avg.com/?cid={188E31DB-567E-4529-963E-06DCA5F07C95}&mid=8c402f9918c947d6ac9cf186765d1031-68463078e1bb34cdcc62f043d879784c89d98019&lang=en&ds=tg026&pr=sa&d=2011-08-27 14:36:58&v=8.0.0.33&sap=hp
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 72 33 02 C2 6E 55 4D AE 7E DF 9F 9E 5C 7E 65 [binary data]
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111109&iesrc={referrer:source}
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={188E31DB-567E-4529-963E-06DCA5F07C95}&mid=8c402f9918c947d6ac9cf186765d1031-68463078e1bb34cdcc62f043d879784c89d98019&lang=en&ds=tg026&pr=sa&d=2011-08-27 14:36:58&v=8.0.0.33&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4d3bcb1f&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.reddit.com/r/all/"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ADMIN\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ADMIN\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 21:01:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/26 22:22:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 08:17:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/26 22:29:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{28C173AC-C92F-11E1-8270-B8AC6F996F26}: C:\Users\ADMIN\AppData\Local\{28C173AC-C92F-11E1-8270-B8AC6F996F26}\ [2012/07/08 12:00:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 08:17:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/26 22:29:24 | 000,000,000 | ---D | M]

[2012/03/31 00:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Extensions
[2012/07/16 05:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\jynvila3.default\extensions
[2012/07/16 03:24:18 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\jynvila3.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/05/27 15:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/26 22:29:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/20 08:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/07/08 12:00:23 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ADMIN\APPDATA\LOCAL\{28C173AC-C92F-11E1-8270-B8AC6F996F26}
[2012/05/27 15:51:57 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYNVILA3.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/07/20 08:17:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/01/23 00:10:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/09 21:01:35 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/20 08:17:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/07/20 08:17:23 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ADMIN\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\
CHR - Extension: Skype Click to Call = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {023372ED-6EC2-4D55-AE7E-DF9F9E5C7E65} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003..\RunOnce: [DPAPIKeyMig] C:\Windows\SysWow64\dpapimig.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003..\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC2B9979-7D53-46A1-8781-0A29FF092A1F}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{669822d2-26bc-11e0-8f26-20cf30b9f9c2}\Shell - "" = AutoRun
O33 - MountPoints2\{669822d2-26bc-11e0-8f26-20cf30b9f9c2}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^cleanhlm.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: -88859999 - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Aim - hkey= - key= - C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
MsConfig:64bit - StartUpReg: aplean - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Apple Update - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ArmAData - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: AVG_TRAY - hkey= - key= - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DisplayFusion - hkey= - key= - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
MsConfig:64bit - StartUpReg: GenieoSystemTray - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: GenieoUpdaterService - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: JavaNotifierBackup - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: nmapp - hkey= - key= - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Registry Cleaner Scheduler - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: RockMelt Update - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Solid Update - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\ADMIN\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: vProt - hkey= - key= - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: XAudio2 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: 10026659.sys - Driver
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: hitmanpro36 - C:\Windows\SysNative\drivers\hitmanpro36.sys ()
SafeBootMin:64bit: hitmanpro36.sys - C:\Windows\SysNative\drivers\hitmanpro36.sys ()
SafeBootMin:64bit: HitmanPro36Crusader - Reg Error: Value error.
SafeBootMin:64bit: HitmanPro36CrusaderBoot - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 10026659.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: HitmanPro36Crusader - Reg Error: Value error.
SafeBootMin: HitmanPro36CrusaderBoot - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\LVCodec2.dll (Logitech Inc.)
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 13:18:15 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
[2012/08/01 13:17:03 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\ADMIN\Desktop\FSS (1).exe
[2012/08/01 03:18:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ADMIN\Desktop\dds.com
[2012/08/01 02:08:33 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Desktop\New folder
[2012/08/01 01:55:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/01 01:13:32 | 008,854,904 | ---- | C] (SurfRight B.V.) -- C:\Users\ADMIN\Desktop\HitmanPro36_x64.exe
[2012/08/01 01:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/01 01:12:18 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Malwarebytes
[2012/08/01 01:12:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/01 01:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/01 01:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/01 01:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/01 01:09:14 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ADMIN\Desktop\tdsskiller.exe
[2012/07/31 21:56:57 | 000,074,872 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2012/07/31 21:56:57 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\SBBD.EXE
[2012/07/31 21:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/07/31 21:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012/07/31 21:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/07/31 13:16:50 | 000,023,416 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2012/07/31 13:16:38 | 000,546,680 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2012/07/31 13:16:34 | 000,497,528 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2012/07/31 01:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/30 01:36:28 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\VS Revo Group
[2012/07/27 09:13:30 | 000,000,000 | ---D | C] -- C:\Games
[2012/07/27 09:11:14 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Documents\Nexus Mod Manager
[2012/07/27 09:11:14 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Black_Tree_Gaming
[2012/07/27 09:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012/07/27 09:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2012/07/27 08:36:39 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOSS
[2012/07/27 08:36:39 | 000,000,000 | ---D | C] -- C:\BOSS
[2012/07/27 08:26:00 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Desktop\Data
[2012/07/27 08:25:20 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Desktop\BowAssassinV1-2
[2012/07/23 02:40:18 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{28C1AB57-C92F-11E1-8270-B8AC6F996F26}
[2012/07/22 22:15:21 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/22 22:02:27 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Google
[2012/07/22 17:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/22 17:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/22 17:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/22 16:35:48 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\dxhr
[2012/07/22 16:34:55 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\28050
[2012/07/22 16:34:54 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Documents\ALI213
[2012/07/22 16:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2012/07/22 16:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Enix
[2012/07/22 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/07/22 00:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2012/07/22 00:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/07/22 00:53:02 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/07/21 23:10:33 | 3326,199,850 | ---- | C] (Nexon) -- C:\Users\ADMIN\Desktop\MSSetupv113.exe
[2012/07/20 19:27:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012/07/17 08:36:16 | 000,231,288 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2012/07/17 08:36:16 | 000,029,048 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2012/07/17 08:36:14 | 000,391,032 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2012/07/17 08:36:12 | 000,100,216 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2012/07/17 08:36:06 | 000,132,984 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2012/07/17 08:36:06 | 000,104,312 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2012/07/17 08:36:04 | 000,456,568 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2012/07/17 08:36:04 | 000,067,448 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2012/07/17 08:36:02 | 000,812,920 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2012/07/12 00:45:49 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\dvdcss
[2012/07/11 23:57:05 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Documents\ArmA 2 Other Profiles
[2012/07/11 11:51:25 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\runic games
[2012/07/11 11:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight
[2012/07/11 11:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2012/07/10 10:09:06 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\six-updater
[2012/07/10 10:09:05 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\six-zsync
[2012/07/10 10:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
[2012/07/10 10:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects
[2012/07/10 10:05:14 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Downloaded Installations
[2012/07/10 09:43:50 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\ArmA 2 OA
[2012/07/10 09:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2012/07/10 09:33:27 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Documents\ArmA 2
[2012/07/10 09:33:27 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\ArmA 2
[2012/07/10 09:33:19 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/07/10 09:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/07/10 02:32:27 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Desktop\backup
[2012/07/10 02:32:07 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\CleanMyPC Software
[2012/07/10 02:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanMyPC
[2012/07/10 02:29:36 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Auslogics
[2012/07/10 02:25:48 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\OpenCandy
[2012/07/10 02:25:46 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Nico Mak Computing
[2012/07/10 02:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
[2012/07/09 20:21:12 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\TS3Client
[2012/07/09 20:21:07 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/07/09 20:21:04 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\TeamSpeak 3 Client
[2012/07/09 14:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2012/07/09 13:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2012/07/08 22:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/07/08 22:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/07/08 22:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012/07/08 12:00:23 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{28C173AC-C92F-11E1-8270-B8AC6F996F26}
[2012/07/04 13:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2012/07/04 13:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012/07/04 13:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2012/04/06 16:06:24 | 019,123,536 | ---- | C] (Bethesda Softworks) -- C:\Users\ADMIN\TESV1
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/01 13:23:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1036782980-3220697760-4181624637-1004UA.job
[2012/08/01 13:18:03 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
[2012/08/01 13:16:55 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\ADMIN\Desktop\FSS (1).exe
[2012/08/01 13:15:28 | 000,010,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 13:15:28 | 000,010,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 13:15:07 | 000,000,280 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/08/01 13:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 13:07:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 13:07:35 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 04:33:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1036782980-3220697760-4181624637-1000UA.job
[2012/08/01 03:25:07 | 000,294,216 | ---- | M] () -- C:\Users\ADMIN\Desktop\gmer.zip
[2012/08/01 03:17:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ADMIN\Desktop\dds.com
[2012/08/01 03:14:05 | 000,000,000 | ---- | M] () -- C:\Users\ADMIN\defogger_reenable
[2012/08/01 02:15:26 | 014,254,926 | ---- | M] () -- C:\Users\ADMIN\Desktop\Lynn.zip
[2012/08/01 02:07:32 | 014,254,926 | ---- | M] () -- C:\Users\ADMIN\Desktop\Lynn (2).zip
[2012/08/01 01:29:17 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/08/01 01:28:16 | 000,004,290 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/08/01 01:18:37 | 003,879,856 | ---- | M] () -- C:\Users\ADMIN\Desktop\ccsetup321.zip
[2012/08/01 01:12:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/01 01:09:31 | 008,854,904 | ---- | M] (SurfRight B.V.) -- C:\Users\ADMIN\Desktop\HitmanPro36_x64.exe
[2012/08/01 01:09:28 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ADMIN\Desktop\tdsskiller.exe
[2012/07/31 23:33:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1036782980-3220697760-4181624637-1000Core.job
[2012/07/31 22:23:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1036782980-3220697760-4181624637-1004Core.job
[2012/07/31 20:50:30 | 000,000,221 | ---- | M] () -- C:\Users\ADMIN\Desktop\Star Wars Knights of the Old Republic.url
[2012/07/31 13:16:50 | 000,023,416 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2012/07/31 13:16:38 | 000,546,680 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2012/07/31 13:16:34 | 000,497,528 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2012/07/31 02:16:07 | 000,000,221 | ---- | M] () -- C:\Users\ADMIN\Desktop\Dragon Age II.url
[2012/07/31 02:07:27 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/30 01:40:50 | 000,001,749 | ---- | M] () -- C:\Users\ADMIN\Desktop\RevoUninPro - Shortcut.lnk
[2012/07/27 09:11:08 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/07/27 08:00:24 | 000,028,661 | ---- | M] () -- C:\Users\ADMIN\Desktop\Deadly_Dragons_Armory_Hotfix-16474-4-4-0 (2).zip
[2012/07/27 03:52:53 | 013,152,691 | ---- | M] () -- C:\Users\ADMIN\Desktop\Bandolier_-_Bags_and_Pouches_v1dot1-16438-1-101.zip
[2012/07/27 03:15:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 03:15:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/24 04:54:31 | 1486,053,554 | ---- | M] () -- C:\Users\ADMIN\Desktop\TED.2012.TS.XViD-INSPiRAL.avi
[2012/07/22 17:22:28 | 000,001,262 | ---- | M] () -- C:\Users\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2012/07/22 00:52:52 | 3326,199,850 | ---- | M] (Nexon) -- C:\Users\ADMIN\Desktop\MSSetupv113.exe
[2012/07/17 08:36:16 | 000,231,288 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2012/07/17 08:36:16 | 000,029,048 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2012/07/17 08:36:14 | 000,391,032 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2012/07/17 08:36:12 | 000,100,216 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2012/07/17 08:36:06 | 000,132,984 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2012/07/17 08:36:06 | 000,104,312 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2012/07/17 08:36:04 | 000,456,568 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2012/07/17 08:36:04 | 000,067,448 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2012/07/17 08:36:02 | 000,812,920 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2012/07/12 16:19:00 | 000,003,584 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/12 15:18:37 | 000,000,222 | ---- | M] () -- C:\Users\ADMIN\Desktop\Portal 2 - The Final Hours.url
[2012/07/12 12:55:03 | 000,000,219 | ---- | M] () -- C:\Users\ADMIN\Desktop\Portal 2.url
[2012/07/09 23:47:11 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/07/09 23:47:11 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/07/09 20:21:07 | 000,001,173 | ---- | M] () -- C:\Users\ADMIN\Desktop\TeamSpeak 3 Client.lnk
[2012/07/09 14:05:43 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2012/07/08 22:36:11 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Smite Closed Beta.lnk
[2012/07/04 13:56:04 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 13:15:07 | 000,000,280 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/08/01 03:25:26 | 000,302,592 | ---- | C] () -- C:\Users\ADMIN\Desktop\gmer.exe
[2012/08/01 03:25:16 | 000,294,216 | ---- | C] () -- C:\Users\ADMIN\Desktop\gmer.zip
[2012/08/01 03:14:05 | 000,000,000 | ---- | C] () -- C:\Users\ADMIN\defogger_reenable
[2012/08/01 02:15:21 | 014,254,926 | ---- | C] () -- C:\Users\ADMIN\Desktop\Lynn.zip
[2012/08/01 02:07:29 | 014,254,926 | ---- | C] () -- C:\Users\ADMIN\Desktop\Lynn (2).zip
[2012/08/01 01:29:17 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/08/01 01:28:16 | 000,004,290 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/08/01 01:12:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/01 01:11:22 | 003,879,856 | ---- | C] () -- C:\Users\ADMIN\Desktop\ccsetup321.zip
[2012/07/31 02:16:07 | 000,000,221 | ---- | C] () -- C:\Users\ADMIN\Desktop\Dragon Age II.url
[2012/07/31 02:05:51 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/30 01:40:50 | 000,001,749 | ---- | C] () -- C:\Users\ADMIN\Desktop\RevoUninPro - Shortcut.lnk
[2012/07/27 09:11:08 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/07/27 08:00:36 | 000,028,661 | ---- | C] () -- C:\Users\ADMIN\Desktop\Deadly_Dragons_Armory_Hotfix-16474-4-4-0 (2).zip
[2012/07/27 03:54:52 | 013,152,691 | ---- | C] () -- C:\Users\ADMIN\Desktop\Bandolier_-_Bags_and_Pouches_v1dot1-16438-1-101.zip
[2012/07/22 22:13:38 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1036782980-3220697760-4181624637-1004UA.job
[2012/07/22 22:13:37 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1036782980-3220697760-4181624637-1004Core.job
[2012/07/22 17:22:28 | 000,001,262 | ---- | C] () -- C:\Users\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2012/07/22 02:17:13 | 000,000,221 | ---- | C] () -- C:\Users\ADMIN\Desktop\Star Wars Knights of the Old Republic.url
[2012/07/20 15:50:35 | 1486,053,554 | ---- | C] () -- C:\Users\ADMIN\Desktop\TED.2012.TS.XViD-INSPiRAL.avi
[2012/07/12 15:18:37 | 000,000,222 | ---- | C] () -- C:\Users\ADMIN\Desktop\Portal 2 - The Final Hours.url
[2012/07/12 12:55:03 | 000,000,219 | ---- | C] () -- C:\Users\ADMIN\Desktop\Portal 2.url
[2012/07/12 00:44:17 | 000,003,584 | ---- | C] () -- C:\Users\ADMIN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/09 23:47:11 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/07/09 20:21:07 | 000,001,173 | ---- | C] () -- C:\Users\ADMIN\Desktop\TeamSpeak 3 Client.lnk
[2012/07/09 14:05:43 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2012/07/08 22:36:12 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/07/08 22:36:11 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Smite Closed Beta.lnk
[2012/07/04 12:47:49 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/05/27 00:19:06 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/26 22:18:45 | 000,785,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/14 00:43:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/14 23:13:20 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/11/08 23:47:21 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/23 16:33:31 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/23 16:33:00 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/01/22 08:43:13 | 000,025,225 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/01/22 08:42:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/01/22 08:42:35 | 000,019,830 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< C:\Users\ADMIN\AppData\Local\{28C173AC-C92F-11E1-8270-B8AC6F996F26}\*.* /s >
[2012/07/08 12:00:23 | 000,000,129 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\{28C173AC-C92F-11E1-8270-B8AC6F996F26}\chrome.manifest
[2012/07/08 12:00:23 | 000,000,804 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\{28C173AC-C92F-11E1-8270-B8AC6F996F26}\install.rdf
[2012/07/08 12:00:23 | 000,006,527 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\{28C173AC-C92F-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul

< MD5 for: AFD.SYS >
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 20:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: NETBT.SYS >
[2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\ADMIN\AppData\Local\Temp\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TDX.SYS >
[2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\ADMIN\AppData\Local\Temp\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 08:17:23 | 000,883,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 08:17:23 | 000,883,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 08:17:23 | 000,883,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/20 08:17:23 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 08:17:23 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 08:17:23 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/05/27 03:42:38 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/05/27 03:42:38 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/05/27 03:42:38 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/27 03:42:40 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/05/27 03:42:40 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/20 08:17:23 | 000,883,856 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/20 08:17:23 | 000,883,856 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/20 08:17:23 | 000,883,856 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/20 08:17:23 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/20 08:17:23 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/20 08:17:23 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/05/27 03:42:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/05/27 03:42:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/05/27 03:42:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/27 03:42:40 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/05/27 03:42:40 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B9C96218

< End of report >


4/b.


OTL Extras logfile created on: 8/1/2012 1:19:11 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\ADMIN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 72.10% Memory free
8.00 Gb Paging File | 6.50 Gb Available in Paging File | 81.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 103.00 Gb Free Space | 34.55% Space Free | Partition Type: NTFS

Computer Name: KEITHJ-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0840551C-891B-4348-8496-5EC042D68B4E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62B5DA86-68D3-4D4D-B046-8AF659A2407A}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{70C6AB62-4DCB-4417-9999-2921A69B2EF2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C77BD9B9-651A-45AF-8646-BA72FE7B2AE5}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{D4F67FAA-8919-4348-A19B-D109E480F45C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022C1F04-F632-4D66-8ACF-E083AD3F2832}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0501EE94-1956-46BB-95EF-718EE02FC751}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{062B5C8F-F31D-43FD-8A22-B4D0AB5FF49C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{0A158A65-C49B-4294-9260-70BCA2F678EA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{0E5332CE-80EF-490F-83EF-2E3FFF373EAD}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{16056FCE-760A-4F78-AF6F-3293C5E14024}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{168BED56-04B1-4F25-9CDE-23AB17CCF48B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{1699C4C0-5921-48C9-B15E-EF654950BCA5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{1795E0C5-417A-4C2E-84DC-A86AA50E76AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1EE520FD-CB46-4809-9BA3-59F8B8C56535}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{1FAFD46B-A093-444A-90E3-7B3FA124F06C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{29BCDFE3-8261-4639-8B88-61ECE8BE8FB3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{2AB1EDEE-9507-4C89-8AA6-73CC81029752}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3D70D7D9-8F4C-4348-878E-E6D45B46EAF9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4197D911-78BE-4DB1-8DCB-A6BA54842D17}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{47839A27-80AE-4EA3-9C4C-CD357E0219F1}" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\mass effect 3\binaries\win32\masseffect3.exe |
"{4E30DBC5-CB70-4AD2-9F9C-062AB13F00AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{5283CF8D-F918-4ED6-9B03-EE57144DE4CA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{55290429-9BB9-434A-9825-227064716ACA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{557C060C-F406-43E9-8E98-D0FBF4519A1F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{57755DC5-F4CD-4569-855B-E132E34BB73C}" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\mass effect 3\binaries\win32\masseffect3.exe |
"{618691E6-1B76-4182-85D2-664D287AFE1A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{630F42BB-E0FE-49AF-8C9E-67D32AD6064B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{6869F321-6123-409A-9805-9663BE960B04}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{6C70BEF8-581D-4F94-A2C0-0A301BA7604C}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezlauncherui.exe |
"{6D00892D-21CD-4E75-9D41-0818B1A0E614}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{6EDDE7D6-2979-43E9-83EE-F6E00FDD7AD7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7105DF88-909B-4EA2-82D0-831D381AD17C}" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |
"{7418593E-05B6-4F11-922D-CE2B0CFE0112}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{7671E5D4-D9E0-4B54-8CE6-0E2D11B40EA4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7ECD2D89-5C09-41D8-85B8-AD4A06818EB3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{806BA200-1278-4E19-BEB4-1F1549D8F9C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
"{80C77AA2-860A-40BC-B915-AB99A3B6C0A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{82B5162B-9515-43BC-88E1-7ECD97E5E712}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{869FA31E-7B67-40E9-A797-5F94E2CD576B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8780E123-CFB1-4BE8-A6D8-6D275DA2C85F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{8B0765FF-D095-4B1C-9001-93345706744B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8C7C9403-3234-4A3E-BEF7-3A870D1BA43B}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{90FAF395-1508-4A2C-9A3B-D45EC8CCD6ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |
"{910173A3-D63F-4F10-ADBA-29A78CDE2F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{92C5E554-867D-42A3-B4E7-6C6A307078AE}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{93B33598-1A0D-4838-9BB8-D46D3791F994}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{93D4A17B-780F-4D69-A451-A141BD84ADA1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{93E9BCE7-895B-4525-BB2B-4A8E033C52C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ii\docs\ea help\electronic_arts_technical_support.htm |
"{94BB45B6-2965-4F4F-BEAB-1B233B8961C9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{96CA3AB2-7152-4E85-95C5-8A22B368F9AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{977E8342-E0BC-47FB-9963-8F2B88260244}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9866446B-84C8-4A55-8AB2-B01E188A397E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{9D717112-D9A4-481B-9E60-8EEC43848364}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{9E025F2D-E8EA-4D3A-BAE0-BFB3E3E4B0EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{A1CF9857-309B-497E-BBCB-766E57694076}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A417FC9E-DE53-4938-814F-DB7BEFB4B18F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{AB4A1131-86C5-4D45-8FCD-E488C8E09C28}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{AE3D8E42-37A4-4571-B2BF-6B6EE829FD79}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{B5763ED4-4401-4C5B-8B1D-99FD23E816CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BBD29B5C-2FDC-4C74-A197-16A5D8606BC7}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{BE201EB6-10A8-493D-A8E1-E183696272F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2E867C2-75CB-4F2C-9975-F4F7ECF1C05F}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{C3608641-9A5C-42EF-99D6-0A29351A8B9B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{C4BA412B-39BD-43E4-A75E-2C5FED521E31}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{C71252BC-7029-4A10-9298-3E15C28EBB9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CCF3F91A-BC83-4C1F-A708-4905260C4FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D59DE49C-969D-41E6-BC55-74401E0DBE7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D63FC590-8047-4E92-94E9-CDA295BAC710}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezlauncherui.exe |
"{D6B7528F-7518-479D-9AB9-2421771969C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ii\dragonage2launcher.exe |
"{DC28E285-8B9B-4C24-A932-D0773D7CE266}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{DDBD3FDC-934E-476A-8267-1E532C58C280}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{DE9B0FDD-266A-483D-8732-3246F8A32976}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{DFB276DD-CE88-4235-8DED-B8E2E45C956F}" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
"{E19B379B-A348-438A-AE1F-DC0B6C3A3BB0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E7A5D2BF-4F52-412D-8580-26C66037A2D7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{E7E5A6A8-B5B5-4F24-AE45-E3F5869EBA53}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{EADF56DF-7DC7-4ADD-ABD9-62951FB0F30A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EC733063-57BC-472E-8B1B-B56C5D132822}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F2F6FB9A-D132-495B-8805-C26237E285CF}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{FCF8BCB9-FF9E-4646-A725-219B7A008D4F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{01F0EF01-9A0A-4B3F-ADD8-77369BD3A6B1}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{1244B230-BDD5-4A34-8D44-DEE9B00A1CC7}C:\users\keith j\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\keith j\desktop\utorrent.exe |
"TCP Query User{182DFB92-020B-44AF-AE89-EA8B56E763C6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{378DB979-22F7-4DB9-A689-178B6AC7BA03}C:\program files (x86)\black_box\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{3C93E580-B1AE-4967-B2C8-BBF799629160}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"TCP Query User{3E005437-FB92-466B-8085-EA1054BBB2F5}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{487AD563-387C-4B55-B891-2908011625E0}C:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe |
"TCP Query User{4F21044E-8ECC-41BC-BB57-BBC920E6D511}C:\program files (x86)\recoil games\rochard\rochard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\recoil games\rochard\rochard.exe |
"TCP Query User{610387B6-88AE-4E57-A831-B18E06859851}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{84220D2E-7FDD-47B9-B8ED-ED590D79F347}C:\users\admin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{97C87FA5-0757-40AC-A4DF-8FC862D89BD2}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{A6749020-5D55-4827-B395-FAFA0B2286E0}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{AA25E5FD-601B-41C2-AF02-10DDB5512ADE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B231C7F7-E675-41E8-B43D-C29BDB85BD55}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"TCP Query User{C31FC12A-6250-46E8-9335-BDABD318CC93}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C568BF2C-EB35-4D3B-BD08-6701F8E42A1E}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"TCP Query User{C9268811-4D54-4E44-BE03-43FB2ADE0403}C:\program files (x86)\black_box\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{EFAB33EC-B6AE-4CB8-9CFC-7148FC754F35}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{F2A2B9B1-EA2F-4A20-984F-6996D6B7A9A7}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{F6928C6A-3587-4F64-806F-E9AE9ED9BFE9}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{0AA207D6-8313-42C9-82EF-81341E10D790}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1C0878BD-F9C5-489B-8C07-DB959AB4F0CB}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{24AA4256-AB47-4C4F-8C31-A8FA6581DCEB}C:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe |
"UDP Query User{2800EE47-041D-4B12-945A-980EC0D96F27}C:\users\admin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{35D80B2B-0EFE-410C-8AD0-35E0D83EE522}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{4213D33D-A958-4319-9025-DCC73F4E5504}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"UDP Query User{67E0449C-8ECD-4A58-BE08-CEA70C274363}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{683A0FFC-71C9-4CDB-81EE-7706EE53E515}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{6E9FA337-F8D0-4E62-A842-3CAB3A88F983}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{7FC16655-03B2-4157-9A23-6DA2ED10F1A5}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{845CCBDE-869D-4C02-9712-5391E2E6ED4F}C:\program files (x86)\black_box\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{9B198087-E248-4BC2-8235-F844A627564B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{9DFAAEEC-2F47-47A3-BFDA-DD3137F31B01}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{A5ADD362-1266-42F5-8530-3593E0CAF00F}C:\program files (x86)\recoil games\rochard\rochard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\recoil games\rochard\rochard.exe |
"UDP Query User{B38813E2-52E1-4B93-B555-6AB0773D71DF}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{BCAEA626-DCAB-4536-9C06-8E7C7C433E8F}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"UDP Query User{CE7D1775-5879-41B9-9050-42652245DD1D}C:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{DB96C091-5DE2-4CD9-BB5F-53D100C0CE64}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{E9BC3B25-42AD-4F69-B664-59668AD92148}C:\users\keith j\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\keith j\desktop\utorrent.exe |
"UDP Query User{FD37D911-C46A-4C3F-9A60-79300A87229F}C:\program files (x86)\black_box\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\mass effect 3\binaries\win32\masseffect3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java™ 7 Update 4 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2012
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Defraggler" = Defraggler
"Explorer Suite_is1" = Explorer Suite III
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018304}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018305}" = Fable III
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{61850CE8-D028-44C3-B59F-84384D87769E}" = STOPzilla
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73370408-B80E-4509-B9AF-957E2E0F512F}_is1" = WinZip System Utilities Suite
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1" = Nitronic Rush (2011-12-12) version 20111212.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"AIM_7" = AIM 7
"AVG Secure Search" = AVG Security Toolbar
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 4.0
"Bastion_is1" = Bastion
"Battlelog Web Plugins" = Battlelog Web Plugins
"BOSS" = BOSS
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo III" = Diablo III
"DVD Shrink_is1" = DVD Shrink 3.2
"ESN Sonar-0.70.4" = ESN Sonar
"Fallout_is1" = Fallout
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FLVVideoConverterFactory" = FLV Video Converter Factory
"Fraps" = Fraps
"Game Booster_is1" = Game Booster 3
"GameSpy Arcade" = GameSpy Arcade
"Just Cause 2_is1" = Just Cause 2
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"Logitech Vid" = Logitech Vid HD
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft DirectX SDK (March 2009)" = Microsoft DirectX SDK (March 2009)
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network MagicUninstall" = Network Magic
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Postal 2_is1" = Portal 2
"Precision" = EVGA Precision 1.3.1
"Rockstar Games Social Club" = Rockstar Games Social Club
"Runic Games Torchlight" = Torchlight
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"StartNow Toolbar" = StartNow Toolbar
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding Of Isaac
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 47900" = Dragon Age II
"Steam App 50820" = Max and the Magic Marker
"Steam App 61310" = Fractal
"Steam App 620" = Portal 2
"Steam App 8980" = Borderlands
"SystemRequirementsLab" = System Requirements Lab
"Treasure Adventure Game_is1" = Treasure Adventure Game
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 1.1.11
"Warcraft III Reign of Chaos & The Frozen Throne" = Warcraft III Reign of Chaos & The Frozen Throne
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1036782980-3220697760-4181624637-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Creator" = FoxTab PDF Creator
"genieo" = AVG Homepage
"Google Chrome" = Google Chrome
"World of Logs Client" = World of Logs Client

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1036782980-3220697760-4181624637-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2012 3:14:32 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 3:21:49 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 4:09:51 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 4:11:16 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 4:11:17 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 4:14:05 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 4:17:03 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 4:51:49 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 6:00:40 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 6:12:55 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 6:13:50 PM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/24/2012 6:13:50 PM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2012 2:51:41 PM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2012 2:55:58 PM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2012 3:23:57 PM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2012 8:12:45 PM | Computer Name = KeithJ-PC | Source = VSS | ID = 8194
Description =

Error - 2/27/2012 12:33:14 AM | Computer Name = KeithJ-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 9/13/2011 7:03:20 PM | Computer Name = KeithJ-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:28:15 PM on 9/13/2011 was unexpected.

Error - 9/13/2011 7:03:21 PM | Computer Name = KEITHJ-PC | Source = Dhcp | ID = 1002
Description =

Error - 9/13/2011 7:03:21 PM | Computer Name = KeithJ-PC | Source = HTTP | ID = 15016
Description =

Error - 9/13/2011 7:06:12 PM | Computer Name = KeithJ-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 9/13/2011 7:08:06 PM | Computer Name = KeithJ-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 9/13/2011 7:08:06 PM | Computer Name = KeithJ-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 9/21/2011 6:08:49 AM | Computer Name = KeithJ-PC | Source = DCOM | ID = 10016
Description =

Error - 9/21/2011 6:08:49 AM | Computer Name = KeithJ-PC | Source = DCOM | ID = 10016
Description =

Error - 9/21/2011 6:08:49 AM | Computer Name = KeithJ-PC | Source = DCOM | ID = 10016
Description =

Error - 9/22/2011 4:58:24 PM | Computer Name = KeithJ-PC | Source = HTTP | ID = 15016
Description =


< End of report >



5. issue is still here :(

Edited by norrathx, 01 August 2012 - 04:41 PM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:12 AM

Posted 02 August 2012 - 03:51 PM

Hi norrathhx!

Not a problem! I'm glad to be of assistance.

2. TDSSKiller aquired no Threats

Okay.

wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


It looks like this infection has done some damage to the values of a few registry keys, we'll have to go ahead and address this a little bit later.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://isearch.avg.com/?cid={188E31DB-567E-4529-963E-06DCA5F07C95}&mid=8c402f9918c947d6ac9cf186765d1031-68463078e1bb34cdcc62f043d879784c89d98019&lang=en&ds=tg026&pr=sa&d=2011-08-27 14:36:58&v=8.0.0.33&sap=hp
    IE - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={188E31DB-567E-4529-963E-06DCA5F07C95}&mid=8c402f9918c947d6ac9cf186765d1031-68463078e1bb34cdcc62f043d879784c89d98019&lang=en&ds=tg026&pr=sa&d=2011-08-27 14:36:58&v=8.0.0.33&sap=dsp&q={searchTerms}
    O2 - BHO: (no name) - {023372ED-6EC2-4D55-AE7E-DF9F9E5C7E65} - No CLSID value found.
    O2 - BHO: (no name) - {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-1036782980-3220697760-4181624637-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O33 - MountPoints2\{669822d2-26bc-11e0-8f26-20cf30b9f9c2}\Shell - "" = AutoRun
    O33 - MountPoints2\{669822d2-26bc-11e0-8f26-20cf30b9f9c2}\Shell\AutoRun\command - "" = E:\setup.exe
    MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^cleanhlm.lnk - - File not found
    MsConfig:64bit - StartUpReg: Apple Update - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: GenieoSystemTray - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: GenieoUpdaterService - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Registry Cleaner Scheduler - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: RockMelt Update - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Solid Update - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: XAudio2 - hkey= - key= - File not found
    MsConfig:64bit - State: "startup" - Reg Error: Key error.
    [2012/07/23 02:40:18 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{28C1AB57-C92F-11E1-8270-B8AC6F996F26}
    [2012/07/08 12:00:23 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{28C173AC-C92F-11E1-8270-B8AC6F996F26}
    @Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:ECF54A0E
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B9C96218
    
    :Files
    dir /s /a "C:\Users\ADMIN\AppData\Local\dxhr" /c
    dir /s /a "C:\Users\ADMIN\AppData\Local\28050" /c
    dir /s /a "C:\Users\ADMIN\Documents\ALI213" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 norrathx

norrathx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 02 August 2012 - 05:30 PM

Woohoo! you fixed it :) thank you so much SweetTech!!! you are a boss!

i dont know if you still want the OTL and Combofix but ill attach them just in case you wanted them


P.S. THANK YOU soooo much for the help it was really annoying getting redirected thanks :D

Attached Files



#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:12 AM

Posted 06 August 2012 - 03:22 PM

Hello!

I truly apologize for the delay in responding back to you. I have been absolutely swamped lately with work. I've been having to work some long days, and have had no time to open up my computer.

Please do not think that I forgot about you, because I did not.

I am currently in the process of reviewing your latest logs, and should have something more for you within an hour or two.

I once again apologize for the long delay in responding back to you.

Warmest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:12 AM

Posted 06 August 2012 - 03:30 PM

Hi again!

Do you happen to recognize these files?

c:\users\ADMIN\AppData\Roaming\bsetter-own.exe
C:\torrent.exe


Lets run a few more scans:

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
DirLook::
c:\program files (x86)\smartdl
c:\users\ADMIN\AppData\Local\dxhr
c:\users\ADMIN\AppData\Local\28050

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log file.
3. MalwareBytes' Anti-Malware log file.
4. ESET Online Virus Scan log file.
5. SecurityCheck log file.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:12 AM

Posted 29 August 2012 - 02:38 PM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users