Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome keeps redirecting to inksdata


  • This topic is locked This topic is locked
12 replies to this topic

#1 jaw20

jaw20

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 07 June 2013 - 03:58 PM

When I am on the internet and i click on a link Chrome randomly redirects to inksdata which then brings me to an ad (which probably has malware). I have disabled any extension relating to tidy network, but it stills redirects. I ran Malware bytes pro and Malware bytes beta rootkit removal tool both came up with nothing. What should I do?



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:06 AM

Posted 07 June 2013 - 07:26 PM

Hello jaw20 and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt


----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------Step 5----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)




-DFB



#3 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 07 June 2013 - 09:14 PM

Here are the logs for TDSS, MBAR, Combofix, and Security Checkup

 

21:10:36.0995 13260  TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34
21:10:38.0671 13260  ============================================================
21:10:38.0671 13260  Current date / time: 2013/06/07 21:10:38.0671
21:10:38.0671 13260  SystemInfo:
21:10:38.0671 13260  
21:10:38.0671 13260  OS Version: 6.1.7601 ServicePack: 1.0
21:10:38.0671 13260  Product type: Workstation
21:10:38.0671 13260  ComputerName: JONATHANS-DIYPC
21:10:38.0671 13260  UserName: Jonathan
21:10:38.0671 13260  Windows directory: C:\Windows
21:10:38.0671 13260  System windows directory: C:\Windows
21:10:38.0671 13260  Running under WOW64
21:10:38.0671 13260  Processor architecture: Intel x64
21:10:38.0671 13260  Number of processors: 4
21:10:38.0671 13260  Page size: 0x1000
21:10:38.0671 13260  Boot type: Normal boot
21:10:38.0671 13260  ============================================================
21:10:38.0863 13260  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:10:38.0866 13260  ============================================================
21:10:38.0866 13260  \Device\Harddisk0\DR0:
21:10:38.0866 13260  MBR partitions:
21:10:38.0866 13260  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1F77C1
21:10:38.0866 13260  ============================================================
21:10:38.0866 13260  Initialize success
21:10:38.0866 13260  ============================================================
21:10:51.0802 11196  ============================================================
21:10:51.0802 11196  Scan started
21:10:51.0802 11196  Mode: Manual; 
21:10:51.0802 11196  ============================================================
21:10:51.0803 11196  ================ Scan system memory ========================
21:10:51.0803 11196  System memory - ok
21:10:51.0804 11196  ================ Scan services =============================
21:10:51.0820 11196  1394ohci - ok
21:10:51.0825 11196  ACPI - ok
21:10:51.0830 11196  AcpiPmi - ok
21:10:51.0835 11196  AdobeActiveFileMonitor9.0 - ok
21:10:51.0840 11196  AdobeFlashPlayerUpdateSvc - ok
21:10:51.0845 11196  adp94xx - ok
21:10:51.0850 11196  adpahci - ok
21:10:51.0854 11196  adpu320 - ok
21:10:51.0861 11196  AeLookupSvc - ok
21:10:51.0863 11196  AFD - ok
21:10:51.0866 11196  AfterFLICS v3 - ok
21:10:51.0868 11196  agp440 - ok
21:10:51.0872 11196  Akamai - ok
21:10:51.0875 11196  ALG - ok
21:10:51.0877 11196  aliide - ok
21:10:51.0879 11196  amdide - ok
21:10:51.0881 11196  AmdK8 - ok
21:10:51.0883 11196  AmdPPM - ok
21:10:51.0885 11196  amdsata - ok
21:10:51.0888 11196  amdsbs - ok
21:10:51.0890 11196  amdxata - ok
21:10:51.0892 11196  androidusb - ok
21:10:51.0894 11196  AppID - ok
21:10:51.0896 11196  AppIDSvc - ok
21:10:51.0899 11196  Appinfo - ok
21:10:51.0901 11196  Apple Mobile Device - ok
21:10:51.0904 11196  arc - ok
21:10:51.0906 11196  arcsas - ok
21:10:51.0908 11196  asmthub3 - ok
21:10:51.0911 11196  asmtxhci - ok
21:10:51.0916 11196  aspnet_state - ok
21:10:51.0919 11196  AsyncMac - ok
21:10:51.0921 11196  atapi - ok
21:10:51.0923 11196  AudioEndpointBuilder - ok
21:10:51.0925 11196  AudioSrv - ok
21:10:51.0929 11196  Avgfwfd - ok
21:10:51.0931 11196  avgfws - ok
21:10:51.0933 11196  AVGIDSAgent - ok
21:10:51.0936 11196  AVGIDSDriver - ok
21:10:51.0938 11196  AVGIDSFilter - ok
21:10:51.0941 11196  AVGIDSHA - ok
21:10:51.0943 11196  Avgldx64 - ok
21:10:51.0946 11196  Avgmfx64 - ok
21:10:51.0948 11196  Avgrkx64 - ok
21:10:51.0950 11196  Avgtdia - ok
21:10:51.0953 11196  avgtp - ok
21:10:51.0955 11196  avgwd - ok
21:10:51.0958 11196  AxInstSV - ok
21:10:51.0960 11196  b06bdrv - ok
21:10:51.0962 11196  b57nd60a - ok
21:10:51.0965 11196  BDESVC - ok
21:10:51.0967 11196  Beep - ok
21:10:51.0970 11196  BFE - ok
21:10:51.0973 11196  BIOS - ok
21:10:51.0975 11196  BITS - ok
21:10:51.0977 11196  blbdrive - ok
21:10:51.0980 11196  Bonjour Service - ok
21:10:51.0982 11196  bowser - ok
21:10:51.0984 11196  BrFiltLo - ok
21:10:51.0986 11196  BrFiltUp - ok
21:10:51.0990 11196  Browser - ok
21:10:51.0992 11196  Brserid - ok
21:10:51.0994 11196  BrSerWdm - ok
21:10:51.0997 11196  BrUsbMdm - ok
21:10:51.0999 11196  BrUsbSer - ok
21:10:52.0001 11196  BS_I2cIo - ok
21:10:52.0003 11196  BS_TPIO - ok
21:10:52.0006 11196  BTHMODEM - ok
21:10:52.0009 11196  bthserv - ok
21:10:52.0012 11196  cdfs - ok
21:10:52.0014 11196  cdrom - ok
21:10:52.0018 11196  CertPropSvc - ok
21:10:52.0020 11196  circlass - ok
21:10:52.0022 11196  CLFS - ok
21:10:52.0025 11196  clr_optimization_v2.0.50727_32 - ok
21:10:52.0028 11196  clr_optimization_v2.0.50727_64 - ok
21:10:52.0031 11196  clr_optimization_v4.0.30319_32 - ok
21:10:52.0034 11196  clr_optimization_v4.0.30319_64 - ok
21:10:52.0036 11196  CmBatt - ok
21:10:52.0038 11196  cmdide - ok
21:10:52.0040 11196  CNG - ok
21:10:52.0042 11196  Compbatt - ok
21:10:52.0044 11196  CompositeBus - ok
21:10:52.0047 11196  COMSysApp - ok
21:10:52.0049 11196  cpuz135 - ok
21:10:52.0051 11196  crcdisk - ok
21:10:52.0055 11196  CryptSvc - ok
21:10:52.0057 11196  cvhsvc - ok
21:10:52.0061 11196  DcomLaunch - ok
21:10:52.0063 11196  defragsvc - ok
21:10:52.0065 11196  DfsC - ok
21:10:52.0067 11196  Dhcp - ok
21:10:52.0069 11196  discache - ok
21:10:52.0072 11196  Disk - ok
21:10:52.0074 11196  Dnscache - ok
21:10:52.0076 11196  dot3svc - ok
21:10:52.0078 11196  DPS - ok
21:10:52.0081 11196  DragonSvc - ok
21:10:52.0083 11196  drmkaud - ok
21:10:52.0085 11196  DXGKrnl - ok
21:10:52.0088 11196  EagleX64 - ok
21:10:52.0090 11196  EapHost - ok
21:10:52.0093 11196  ebdrv - ok
21:10:52.0095 11196  EFS - ok
21:10:52.0097 11196  ehRecvr - ok
21:10:52.0099 11196  ehSched - ok
21:10:52.0101 11196  ElRawDisk - ok
21:10:52.0104 11196  elxstor - ok
21:10:52.0106 11196  epmntdrv - ok
21:10:52.0108 11196  ErrDev - ok
21:10:52.0111 11196  EuGdiDrv - ok
21:10:52.0114 11196  EventSystem - ok
21:10:52.0117 11196  exfat - ok
21:10:52.0119 11196  fastfat - ok
21:10:52.0121 11196  Fax - ok
21:10:52.0123 11196  fdc - ok
21:10:52.0126 11196  fdPHost - ok
21:10:52.0128 11196  FDResPub - ok
21:10:52.0130 11196  FileInfo - ok
21:10:52.0133 11196  Filetrace - ok
21:10:52.0136 11196  FileZilla Server - ok
21:10:52.0138 11196  FLEXnet Licensing Service 64 - ok
21:10:52.0140 11196  flpydisk - ok
21:10:52.0142 11196  FltMgr - ok
21:10:52.0145 11196  FontCache - ok
21:10:52.0147 11196  FontCache3.0.0.0 - ok
21:10:52.0149 11196  FsDepends - ok
21:10:52.0152 11196  Fs_Rec - ok
21:10:52.0154 11196  Futuremark SystemInfo Service - ok
21:10:52.0156 11196  fvevol - ok
21:10:52.0159 11196  gagp30kx - ok
21:10:52.0163 11196  GEARAspiWDM - ok
21:10:52.0166 11196  gpsvc - ok
21:10:52.0169 11196  gupdate - ok
21:10:52.0172 11196  gupdatem - ok
21:10:52.0174 11196  hamachi - ok
21:10:52.0177 11196  Hamachi2Svc - ok
21:10:52.0180 11196  hcmon - ok
21:10:52.0182 11196  hcw85cir - ok
21:10:52.0184 11196  HdAudAddService - ok
21:10:52.0187 11196  HDAudBus - ok
21:10:52.0189 11196  HidBatt - ok
21:10:52.0191 11196  HidBth - ok
21:10:52.0193 11196  HideMyIpSRV - ok
21:10:52.0196 11196  HidIr - ok
21:10:52.0198 11196  hidserv - ok
21:10:52.0200 11196  HidUsb - ok
21:10:52.0203 11196  HiPatchService - ok
21:10:52.0205 11196  hkmsvc - ok
21:10:52.0207 11196  HomeGroupListener - ok
21:10:52.0209 11196  HomeGroupProvider - ok
21:10:52.0211 11196  HpSAMD - ok
21:10:52.0214 11196  HTTP - ok
21:10:52.0216 11196  hwpolicy - ok
21:10:52.0218 11196  i8042prt - ok
21:10:52.0220 11196  iaStorV - ok
21:10:52.0222 11196  idsvc - ok
21:10:52.0225 11196  iirsp - ok
21:10:52.0227 11196  IKEEXT - ok
21:10:52.0230 11196  IntcAzAudAddService - ok
21:10:52.0233 11196  intelide - ok
21:10:52.0236 11196  intelppm - ok
21:10:52.0238 11196  IPBusEnum - ok
21:10:52.0241 11196  IPClampService - ok
21:10:52.0243 11196  IpFilterDriver - ok
21:10:52.0245 11196  iphlpsvc - ok
21:10:52.0247 11196  IPMIDRV - ok
21:10:52.0250 11196  IPNAT - ok
21:10:52.0252 11196  iPod Service - ok
21:10:52.0254 11196  IRENUM - ok
21:10:52.0257 11196  isapnp - ok
21:10:52.0259 11196  iScsiPrt - ok
21:10:52.0262 11196  kbdclass - ok
21:10:52.0264 11196  kbdhid - ok
21:10:52.0266 11196  KeyIso - ok
21:10:52.0268 11196  KSecDD - ok
21:10:52.0271 11196  KSecPkg - ok
21:10:52.0273 11196  ksthunk - ok
21:10:52.0275 11196  KtmRm - ok
21:10:52.0277 11196  LanmanServer - ok
21:10:52.0279 11196  LanmanWorkstation - ok
21:10:52.0283 11196  lltdio - ok
21:10:52.0285 11196  lltdsvc - ok
21:10:52.0287 11196  lmhosts - ok
21:10:52.0290 11196  LMS - ok
21:10:52.0293 11196  LSI_FC - ok
21:10:52.0295 11196  LSI_SAS - ok
21:10:52.0298 11196  LSI_SAS2 - ok
21:10:52.0299 11196  LSI_SCSI - ok
21:10:52.0302 11196  luafv - ok
21:10:52.0304 11196  ManyCam - ok
21:10:52.0308 11196  MarvinBus - ok
21:10:52.0312 11196  MBAMProtector - ok
21:10:52.0315 11196  MBAMScheduler - ok
21:10:52.0318 11196  MBAMService - ok
21:10:52.0320 11196  mcaudrv_simple - ok
21:10:52.0323 11196  Mcx2Svc - ok
21:10:52.0325 11196  megasas - ok
21:10:52.0327 11196  MegaSR - ok
21:10:52.0330 11196  MEIx64 - ok
21:10:52.0332 11196  mi-raysat_3dsmax2012_64 - ok
21:10:52.0334 11196  MMCSS - ok
21:10:52.0336 11196  Modem - ok
21:10:52.0339 11196  monitor - ok
21:10:52.0341 11196  mouclass - ok
21:10:52.0343 11196  mouhid - ok
21:10:52.0346 11196  mountmgr - ok
21:10:52.0348 11196  mpio - ok
21:10:52.0350 11196  mpsdrv - ok
21:10:52.0352 11196  MpsSvc - ok
21:10:52.0355 11196  MRxDAV - ok
21:10:52.0357 11196  mrxsmb - ok
21:10:52.0359 11196  mrxsmb10 - ok
21:10:52.0361 11196  mrxsmb20 - ok
21:10:52.0363 11196  msahci - ok
21:10:52.0366 11196  msdsm - ok
21:10:52.0368 11196  MSDTC - ok
21:10:52.0372 11196  Msfs - ok
21:10:52.0374 11196  mshidkmdf - ok
21:10:52.0376 11196  msisadrv - ok
21:10:52.0378 11196  MSiSCSI - ok
21:10:52.0380 11196  msiserver - ok
21:10:52.0382 11196  MSKSSRV - ok
21:10:52.0384 11196  MSPCLOCK - ok
21:10:52.0387 11196  MSPQM - ok
21:10:52.0389 11196  MsRPC - ok
21:10:52.0392 11196  mssmbios - ok
21:10:52.0394 11196  MSTEE - ok
21:10:52.0397 11196  msvsmon90 - ok
21:10:52.0399 11196  MTConfig - ok
21:10:52.0402 11196  Mup - ok
21:10:52.0404 11196  napagent - ok
21:10:52.0406 11196  NativeWifiP - ok
21:10:52.0409 11196  NAUpdate - ok
21:10:52.0411 11196  NDIS - ok
21:10:52.0413 11196  NdisCap - ok
21:10:52.0416 11196  NdisTapi - ok
21:10:52.0418 11196  Ndisuio - ok
21:10:52.0420 11196  NdisWan - ok
21:10:52.0422 11196  NDProxy - ok
21:10:52.0424 11196  NetBIOS - ok
21:10:52.0426 11196  NetBT - ok
21:10:52.0429 11196  Netlogon - ok
21:10:52.0431 11196  Netman - ok
21:10:52.0434 11196  NetMsmqActivator - ok
21:10:52.0436 11196  NetPipeActivator - ok
21:10:52.0438 11196  netprofm - ok
21:10:52.0441 11196  NetTcpActivator - ok
21:10:52.0443 11196  NetTcpPortSharing - ok
21:10:52.0445 11196  nfrd960 - ok
21:10:52.0447 11196  NlaSvc - ok
21:10:52.0450 11196  NPF - ok
21:10:52.0452 11196  Npfs - ok
21:10:52.0454 11196  nsi - ok
21:10:52.0456 11196  nsiproxy - ok
21:10:52.0461 11196  Ntfs - ok
21:10:52.0464 11196  nTuneService - ok
21:10:52.0466 11196  Null - ok
21:10:52.0470 11196  nvelodiskfltr - ok
21:10:52.0473 11196  nvelofsfltr - ok
21:10:52.0477 11196  nveloportfltr - ok
21:10:52.0479 11196  nveloSvc - ok
21:10:52.0481 11196  NVHDA - ok
21:10:52.0484 11196  nvlddmkm - ok
21:10:52.0486 11196  nvoclk64 - ok
21:10:52.0488 11196  nvraid - ok
21:10:52.0490 11196  nvstor - ok
21:10:52.0493 11196  NVSvc - ok
21:10:52.0495 11196  nvUpdatusService - ok
21:10:52.0498 11196  nv_agp - ok
21:10:52.0500 11196  ohci1394 - ok
21:10:52.0502 11196  ose - ok
21:10:52.0505 11196  osppsvc - ok
21:10:52.0509 11196  OverwolfUpdaterService - ok
21:10:52.0511 11196  p2pimsvc - ok
21:10:52.0513 11196  p2psvc - ok
21:10:52.0515 11196  Parport - ok
21:10:52.0517 11196  partmgr - ok
21:10:52.0519 11196  PcaSvc - ok
21:10:52.0522 11196  pci - ok
21:10:52.0524 11196  pciide - ok
21:10:52.0526 11196  pcmcia - ok
21:10:52.0528 11196  pcw - ok
21:10:52.0530 11196  PEAUTH - ok
21:10:52.0535 11196  PerfHost - ok
21:10:52.0540 11196  pla - ok
21:10:52.0542 11196  PlugPlay - ok
21:10:52.0544 11196  PNRPAutoReg - ok
21:10:52.0546 11196  PNRPsvc - ok
21:10:52.0548 11196  PolicyAgent - ok
21:10:52.0552 11196  Power - ok
21:10:52.0554 11196  PptpMiniport - ok
21:10:52.0556 11196  Processor - ok
21:10:52.0558 11196  ProfSvc - ok
21:10:52.0560 11196  ProtectedStorage - ok
21:10:52.0563 11196  Psched - ok
21:10:52.0566 11196  PxHlpa64 - ok
21:10:52.0569 11196  ql2300 - ok
21:10:52.0571 11196  ql40xx - ok
21:10:52.0573 11196  QWAVE - ok
21:10:52.0575 11196  QWAVEdrv - ok
21:10:52.0578 11196  RasAcd - ok
21:10:52.0581 11196  RasAgileVpn - ok
21:10:52.0583 11196  RasAuto - ok
21:10:52.0585 11196  Rasl2tp - ok
21:10:52.0588 11196  RasMan - ok
21:10:52.0590 11196  RasPppoe - ok
21:10:52.0592 11196  RasSstp - ok
21:10:52.0595 11196  rdbss - ok
21:10:52.0597 11196  rdpbus - ok
21:10:52.0599 11196  RDPCDD - ok
21:10:52.0602 11196  RDPENCDD - ok
21:10:52.0606 11196  RDPREFMP - ok
21:10:52.0608 11196  RDPWD - ok
21:10:52.0610 11196  rdyboost - ok
21:10:52.0613 11196  Realtek11nSU - ok
21:10:52.0616 11196  RemoteAccess - ok
21:10:52.0618 11196  RemoteRegistry - ok
21:10:52.0621 11196  rpcapd - ok
21:10:52.0623 11196  RpcEptMapper - ok
21:10:52.0625 11196  RpcLocator - ok
21:10:52.0627 11196  RpcSs - ok
21:10:52.0630 11196  rspndr - ok
21:10:52.0632 11196  RTL8167 - ok
21:10:52.0637 11196  RTL8192su - ok
21:10:52.0639 11196  SamSs - ok
21:10:52.0641 11196  SbieDrv - ok
21:10:52.0644 11196  SbieSvc - ok
21:10:52.0646 11196  sbp2port - ok
21:10:52.0648 11196  SCardSvr - ok
21:10:52.0651 11196  SCDEmu - ok
21:10:52.0653 11196  scfilter - ok
21:10:52.0655 11196  Schedule - ok
21:10:52.0657 11196  SCPolicySvc - ok
21:10:52.0659 11196  SDRSVC - ok
21:10:52.0662 11196  secdrv - ok
21:10:52.0664 11196  seclogon - ok
21:10:52.0667 11196  SENS - ok
21:10:52.0669 11196  SensrSvc - ok
21:10:52.0672 11196  Serenum - ok
21:10:52.0674 11196  Serial - ok
21:10:52.0677 11196  sermouse - ok
21:10:52.0684 11196  SessionEnv - ok
21:10:52.0686 11196  sffdisk - ok
21:10:52.0689 11196  sffp_mmc - ok
21:10:52.0691 11196  sffp_sd - ok
21:10:52.0694 11196  sfloppy - ok
21:10:52.0696 11196  Sftfs - ok
21:10:52.0698 11196  sftlist - ok
21:10:52.0700 11196  Sftplay - ok
21:10:52.0703 11196  Sftredir - ok
21:10:52.0705 11196  Sftvol - ok
21:10:52.0707 11196  sftvsa - ok
21:10:52.0711 11196  SharedAccess - ok
21:10:52.0713 11196  ShellHWDetection - ok
21:10:52.0716 11196  silabenm - ok
21:10:52.0719 11196  silabser - ok
21:10:52.0721 11196  SiSRaid2 - ok
21:10:52.0723 11196  SiSRaid4 - ok
21:10:52.0726 11196  SIUSBXP - ok
21:10:52.0729 11196  SkypeUpdate - ok
21:10:52.0732 11196  Smb - ok
21:10:52.0736 11196  SNMPTRAP - ok
21:10:52.0738 11196  spldr - ok
21:10:52.0740 11196  Spooler - ok
21:10:52.0742 11196  sppsvc - ok
21:10:52.0745 11196  sppuinotify - ok
21:10:52.0747 11196  srv - ok
21:10:52.0749 11196  srv2 - ok
21:10:52.0751 11196  srvnet - ok
21:10:52.0754 11196  ssadbus - ok
21:10:52.0757 11196  ssadmdfl - ok
21:10:52.0759 11196  ssadmdm - ok
21:10:52.0762 11196  ssadserd - ok
21:10:52.0764 11196  SSDPSRV - ok
21:10:52.0766 11196  SstpSvc - ok
21:10:52.0769 11196  Steam Client Service - ok
21:10:52.0771 11196  stexstor - ok
21:10:52.0774 11196  stisvc - ok
21:10:52.0778 11196  SWDUMon - ok
21:10:52.0780 11196  swenum - ok
21:10:52.0782 11196  swprv - ok
21:10:52.0784 11196  SysMain - ok
21:10:52.0786 11196  TabletInputService - ok
21:10:52.0789 11196  taphss - ok
21:10:52.0791 11196  TapiSrv - ok
21:10:52.0793 11196  TBS - ok
21:10:52.0796 11196  Tcpip - ok
21:10:52.0799 11196  TCPIP6 - ok
21:10:52.0802 11196  tcpipreg - ok
21:10:52.0805 11196  TDPIPE - ok
21:10:52.0808 11196  TDTCP - ok
21:10:52.0810 11196  tdx - ok
21:10:52.0812 11196  TeamViewer7 - ok
21:10:52.0815 11196  teamviewervpn - ok
21:10:52.0818 11196  TermDD - ok
21:10:52.0820 11196  TermService - ok
21:10:52.0822 11196  Themes - ok
21:10:52.0825 11196  THREADORDER - ok
21:10:52.0827 11196  TlntSvr - ok
21:10:52.0830 11196  TrkWks - ok
21:10:52.0832 11196  TrustedInstaller - ok
21:10:52.0835 11196  tssecsrv - ok
21:10:52.0837 11196  TsUsbFlt - ok
21:10:52.0840 11196  TsUsbGD - ok
21:10:52.0843 11196  TuneUp.UtilitiesSvc - ok
21:10:52.0845 11196  TuneUpUtilitiesDrv - ok
21:10:52.0848 11196  tunnel - ok
21:10:52.0851 11196  tvnserver - ok
21:10:52.0853 11196  U6000ALL - ok
21:10:52.0855 11196  uagp35 - ok
21:10:52.0858 11196  udfs - ok
21:10:52.0862 11196  UI0Detect - ok
21:10:52.0864 11196  uliagpkx - ok
21:10:52.0867 11196  umbus - ok
21:10:52.0869 11196  UmPass - ok
21:10:52.0873 11196  UNS - ok
21:10:52.0875 11196  UpdateCenterService - ok
21:10:52.0877 11196  upnphost - ok
21:10:52.0879 11196  usbccgp - ok
21:10:52.0881 11196  usbcir - ok
21:10:52.0884 11196  usbehci - ok
21:10:52.0886 11196  usbhub - ok
21:10:52.0888 11196  usbohci - ok
21:10:52.0891 11196  usbprint - ok
21:10:52.0893 11196  USBSTOR - ok
21:10:52.0896 11196  usbuhci - ok
21:10:52.0898 11196  UxSms - ok
21:10:52.0902 11196  UxTuneUp - ok
21:10:52.0904 11196  VaultSvc - ok
21:10:52.0907 11196  VBoxDrv - ok
21:10:52.0909 11196  VBoxNetAdp - ok
21:10:52.0911 11196  VBoxNetFlt - ok
21:10:52.0914 11196  VBoxUSB - ok
21:10:52.0916 11196  VBoxUSBMon - ok
21:10:52.0919 11196  vdrvroot - ok
21:10:52.0921 11196  vds - ok
21:10:52.0924 11196  vga - ok
21:10:52.0926 11196  VgaSave - ok
21:10:52.0929 11196  vhdmp - ok
21:10:52.0931 11196  viaide - ok
21:10:52.0934 11196  VMAuthdService - ok
21:10:52.0937 11196  vmci - ok
21:10:52.0940 11196  vmkbd - ok
21:10:52.0943 11196  VMnetAdapter - ok
21:10:52.0946 11196  VMnetBridge - ok
21:10:52.0948 11196  VMnetDHCP - ok
21:10:52.0950 11196  VMnetuserif - ok
21:10:52.0953 11196  VMparport - ok
21:10:52.0956 11196  vmusb - ok
21:10:52.0959 11196  VMUSBArbService - ok
21:10:52.0962 11196  VMware NAT Service - ok
21:10:52.0965 11196  vmx86 - ok
21:10:52.0967 11196  volmgr - ok
21:10:52.0969 11196  volmgrx - ok
21:10:52.0972 11196  volsnap - ok
21:10:52.0975 11196  vpcbus - ok
21:10:52.0978 11196  vpcnfltr - ok
21:10:52.0980 11196  vpcusb - ok
21:10:52.0984 11196  vpcvmm - ok
21:10:52.0987 11196  vsmraid - ok
21:10:52.0989 11196  vsock - ok
21:10:52.0992 11196  VSS - ok
21:10:52.0995 11196  vToolbarUpdater15.2.0 - ok
21:10:52.0998 11196  vwifibus - ok
21:10:53.0000 11196  vwififlt - ok
21:10:53.0003 11196  vwifimp - ok
21:10:53.0006 11196  W32Time - ok
21:10:53.0009 11196  WacomPen - ok
21:10:53.0012 11196  WANARP - ok
21:10:53.0015 11196  Wanarpv6 - ok
21:10:53.0017 11196  WatAdminSvc - ok
21:10:53.0019 11196  wbengine - ok
21:10:53.0022 11196  WbioSrvc - ok
21:10:53.0024 11196  wcncsvc - ok
21:10:53.0027 11196  WcsPlugInService - ok
21:10:53.0029 11196  Wd - ok
21:10:53.0032 11196  Wdf01000 - ok
21:10:53.0034 11196  WdiServiceHost - ok
21:10:53.0036 11196  WdiSystemHost - ok
21:10:53.0039 11196  WebClient - ok
21:10:53.0041 11196  Wecsvc - ok
21:10:53.0043 11196  wercplsupport - ok
21:10:53.0046 11196  WerSvc - ok
21:10:53.0049 11196  WfpLwf - ok
21:10:53.0051 11196  WIMMount - ok
21:10:53.0054 11196  WinDefend - ok
21:10:53.0059 11196  WinHttpAutoProxySvc - ok
21:10:53.0061 11196  Winmgmt - ok
21:10:53.0064 11196  WinRM - ok
21:10:53.0069 11196  WinUSB - ok
21:10:53.0072 11196  Wlansvc - ok
21:10:53.0075 11196  wlcrasvc - ok
21:10:53.0078 11196  wlidsvc - ok
21:10:53.0081 11196  WmiAcpi - ok
21:10:53.0084 11196  wmiApSrv - ok
21:10:53.0087 11196  WMPNetworkSvc - ok
21:10:53.0089 11196  WMZuneComm - ok
21:10:53.0092 11196  WPCSvc - ok
21:10:53.0094 11196  WPDBusEnum - ok
21:10:53.0096 11196  ws2ifsl - ok
21:10:53.0099 11196  wscsvc - ok
21:10:53.0101 11196  WSearch - ok
21:10:53.0105 11196  wuauserv - ok
21:10:53.0107 11196  WudfPf - ok
21:10:53.0109 11196  WUDFRd - ok
21:10:53.0112 11196  wudfsvc - ok
21:10:53.0114 11196  WwanSvc - ok
21:10:53.0118 11196  ZuneNetworkSvc - ok
21:10:53.0121 11196  ZuneWlanCfgSvc - ok
21:10:53.0133 11196  ================ Scan global ===============================
21:10:53.0134 11196  [Global] - ok
21:10:53.0135 11196  ================ Scan MBR ==================================
21:10:53.0136 11196  [ 62ACC74EBEC78746B3B2F5750A1A4805 ] \Device\Harddisk0\DR0
21:10:53.0138 11196  Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:10:53.0154 11196  \Device\Harddisk0\DR0 - ok
21:10:53.0154 11196  ================ Scan VBR ==================================
21:10:53.0155 11196  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
21:10:53.0156 11196  \Device\Harddisk0\DR0\Partition1 - ok
21:10:53.0156 11196  ============================================================
21:10:53.0156 11196  Scan finished
21:10:53.0156 11196  ============================================================
21:10:53.0162 5952  Detected object count: 0
21:10:53.0162 5952  Actual detected object count: 0
21:11:02.0935 12680  Deinitialize success
 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
 
Database version: v2013.06.07.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Jonathan :: JONATHANS-DIYPC [administrator]
 
6/7/2013 9:14:36 PM
mbar-log-2013-06-07 (21-14-36).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 342148
Time elapsed: 10 minute(s), 53 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16576
 
Java version: 1.6.0_35
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.294000 GHz
Memory total: 17160134656, free: 13042327552
 
Downloaded database version: v2013.06.07.10
Initializing...
------------ Kernel report ------------
     06/07/2013 21:14:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvelodiskfltr.sys
\SystemRoot\system32\DRIVERS\nveloportfltr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\avgfwd6a.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\system32\drivers\rsdrvx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\BS_TPIO64.sys
\??\C:\Windows\system32\drivers\BS_I2cIo.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Windows\system32\drivers\BIOS64.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mcvidrv_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\mcaudrv_x64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\teamviewervpn.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\nvoclk64.sys
\SystemRoot\system32\DRIVERS\MarvinBus64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\??\D:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\VMparport.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800dd9b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-0\
Lower Device Object: 0xfffffa800d6cf680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800dd9b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800dcaa930, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800dd9b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dcaade0, DeviceName: Unknown, DriverName: \Driver\nvelodiskfltr\
DevicePointer: 0xfffffa800dca59b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800d6cf680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\Windows\system32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 28499284
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 130865152
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 131072000  Numsec = 1822447616
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

ComboFix 13-06-07.03 - Jonathan 06/07/2013  21:32:31.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16365.12234 [GMT -4:00]
Running from: d:\downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealBulldog Toolbar
c:\program files (x86)\DealBulldog Toolbar\affid.dat
c:\program files (x86)\DealBulldog Toolbar\alert_plugin.dll
c:\program files (x86)\DealBulldog Toolbar\basis.xml
c:\program files (x86)\DealBulldog Toolbar\icons.bmp
c:\program files (x86)\DealBulldog Toolbar\info.txt
c:\program files (x86)\DealBulldog Toolbar\install.ico
c:\program files (x86)\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files (x86)\DealBulldog Toolbar\mbback.bmp
c:\program files (x86)\DealBulldog Toolbar\mbbigopen.bmp
c:\program files (x86)\DealBulldog Toolbar\mbclose.bmp
c:\program files (x86)\DealBulldog Toolbar\mbfwd.bmp
c:\program files (x86)\DealBulldog Toolbar\mbsep.bmp
c:\program files (x86)\DealBulldog Toolbar\nav1c.bmp
c:\program files (x86)\DealBulldog Toolbar\somoto.dll
c:\program files (x86)\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.inf
c:\program files (x86)\DealBulldog Toolbar\tbHElper.dll
c:\program files (x86)\DealBulldog Toolbar\TbHelper2.exe
c:\program files (x86)\DealBulldog Toolbar\uninstall.exe
c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files (x86)\DealBulldog Toolbar\update.exe
c:\program files (x86)\DealBulldog Toolbar\version.txt
c:\programdata\boost_interprocess\20130607202336.125599
c:\programdata\boost_interprocess\20130607202336.125599\datastore_named_mutex4a6f6e617468616e
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\_ctypes.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\_elementtree.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\_hashlib.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\_multiprocessing.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\_socket.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\_ssl.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\pyexpat.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\pysqlite2._sqlite.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\python27.dll
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\pythoncom27.dll
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\PyWinTypes27.dll
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\select.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\unicodedata.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32api.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32com.shell.shell.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32crypt.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32event.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32file.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32inet.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32pdh.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32process.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32profile.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32security.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\win32ts.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\windows._cacheinvalidation.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wx._controls_.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wx._core_.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wx._gdi_.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wx._html2.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wx._misc_.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wx._windows_.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wx._wizard.pyd
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wxbase294u_net_vc90.dll
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wxbase294u_vc90.dll
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wxmsw294u_adv_vc90.dll
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wxmsw294u_core_vc90.dll
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wxmsw294u_html_vc90.dll
c:\users\Jonathan\AppData\Local\Temp\_MEI57682\wxmsw294u_webview_vc90.dll
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM11F2.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM12AF.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM130F.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM134F.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM139F.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM13E0.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM1430.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM1470.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM14DF.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM1510.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM1570.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM15B0.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM164E.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM16DD.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM176B.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM17CB.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM184B.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM18BB.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM18DC.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM18FD.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM2F.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM4B5.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM4D6.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM536.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM586.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM5D6.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM60.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM645.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM676.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM87B.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM928.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9B7.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMA07.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMA38.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMB04.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMC03.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMC91.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMFCE.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMFE5A.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMFE8B.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMFEBC.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMFEFC.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMFF2D.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMFF7D.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMFFAE.tmp
c:\users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEMFFEE.tmp
c:\users\Jonathan\AppData\Local\Temp\YTMP7MC8AA\TAAC01.tmp
c:\users\Jonathan\AppData\Roaming\5ad325ad.dat
c:\users\Jonathan\AppData\Roaming\technic-launcher.jar
c:\users\Jonathan\Desktop\Internet Explorer.lnk
c:\users\Jonathan\Documents\~WRL0005.tmp
c:\users\Jonathan\Documents\~WRL1131.tmp
c:\users\Jonathan\Documents\~WRL2271.tmp
c:\users\Jonathan\Documents\~WRL2814.tmp
c:\users\Jonathan\Documents\~WRL2816.tmp
c:\users\Jonathan\Documents\~WRL3464.tmp
c:\windows\SysWow64\frapsvid.dll
D:\install.exe
D:\setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-08 to 2013-06-08  )))))))))))))))))))))))))))))))
.
.
2013-06-08 01:46 . 2013-06-08 01:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-08 01:46 . 2013-06-08 01:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-06-08 01:46 . 2013-06-08 01:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-08 01:46 . 2013-06-08 01:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-06-07 18:46 . 2013-06-08 01:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-07 18:37 . 2013-06-07 21:33 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Dxbx
2013-06-01 15:41 . 2013-06-01 15:42 -------- d-----r- c:\users\Administrator\Virtual Machines
2013-05-15 18:29 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-10 20:00 . 2013-05-10 20:07 -------- d-----w- c:\users\Jonathan\AppData\Roaming\geany
2013-05-10 19:53 . 2013-05-10 19:53 -------- d-----w- c:\users\Jonathan\AppData\Roaming\fltk.org
2013-05-10 19:53 . 2013-05-10 19:53 -------- d-----w- c:\programdata\fltk.org
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 01:53 . 2012-05-26 12:20 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-05-21 18:51 . 2012-11-08 22:57 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-15 21:03 . 2011-07-25 19:15 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 19:48 . 2012-04-16 12:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 19:48 . 2011-07-24 17:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 19:48 . 2013-03-16 16:48 9195912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 13:10 . 2012-05-28 19:55 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 18:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 18:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 18:29 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 18:29 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 18:29 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:29 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-26 23:24 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 07:18 . 2013-04-11 07:18 384800 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-04-04 18:50 . 2012-04-28 01:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 15:15 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 15:15 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 15:15 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:15 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 15:15 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 15:15 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-05-21 18:51 1991344 ----a-w- c:\program files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-21 1991344]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-04 222496]
"Akamai NetSession Interface"="c:\users\Jonathan\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"SandboxieControl"="d:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048]
"MediaFire Tray"="c:\users\Jonathan\AppData\Local\MediaFire Express\mf_systray.exe" [2013-04-04 2349640]
"3D0182130A77C0A088C84D83629451976D2D682C._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-05-29 825808]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"uTorrent"="d:\program files (x86)\uTorrent\uTorrent.exe" [2013-04-14 802136]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2013-03-05 35256]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Cracked Steam Service"="d:\program files (x86)\Cracked Steam\Cracked Steam.exe" [2013-02-16 713575]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-05-01 34929728]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2013-02-12 5402960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-05-21 1226928]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"EaseUS EPM tray"="d:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"AVG_TRAY"="d:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"LogMeIn Hamachi Ui"="d:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Canon IJ Status Monitor Canon Inkjet MX310 series.lnk - c:\windows\system32\rundll32.exe [2009-7-13 45568]
GameStop Now.lnk - d:\program files (x86)\GameStop App\Now\GameStopNow.exe [2012-5-14 2039536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0d:\progra~1\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DNS7reminder"="d:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking11\Ereg.ini"
"Adobe Reader Speed Launcher"="d:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe"
"LogMeIn Hamachi Ui"="d:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"FileZilla Server Interface"="d:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe"
.
R0 nvelofsfltr;nvelofsfltr;c:\windows\system32\DRIVERS\nvelofsfltr.sys;c:\windows\SYSNATIVE\DRIVERS\nvelofsfltr.sys [x]
R2 AfterFLICS v3;AfterFLICS v3;c:\program files (x86)\AFLICS\AfterFLICS.exe;c:\program files (x86)\AFLICS\AfterFLICS.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.;c:\program files (x86)\cebas\ip-clamp\ipclamp.exe;c:\program files (x86)\cebas\ip-clamp\ipclamp.exe [x]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;d:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;d:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\DRIVERS\dmdcap.sys;c:\windows\SYSNATIVE\DRIVERS\dmdcap.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 nvelodiskfltr;NVCache Policy Driver;c:\windows\system32\DRIVERS\nvelodiskfltr.sys;c:\windows\SYSNATIVE\DRIVERS\nvelodiskfltr.sys [x]
S0 nveloportfltr;NVELO Port Filter Driver;c:\windows\system32\DRIVERS\nveloportfltr.sys;c:\windows\SYSNATIVE\DRIVERS\nveloportfltr.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys;c:\windows\SYSNATIVE\drivers\BS_I2cIo.sys [x]
S1 BS_TPIO;BS_TPIO;c:\windows\system32\drivers\BS_TPIO64.sys;c:\windows\SYSNATIVE\drivers\BS_TPIO64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;d:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;d:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 avgfws;AVG Firewall;d:\program files (x86)\AVG\AVG2012\avgfws.exe;d:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;d:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;d:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;d:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;d:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 nveloSvc;NVELO Dataplex Service;c:\windows\system32\Dataplex\nveloSvc.exe;c:\windows\SYSNATIVE\Dataplex\nveloSvc.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 tvnserver;TightVNC Server;d:\program files\TightVNC\tvnserver.exe;d:\program files\TightVNC\tvnserver.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 HideMyIpSRV;HideMyIpSRV;d:\program files (x86)\Hide My IP\HideMyIpSrv.exe;d:\program files (x86)\Hide My IP\HideMyIpSrv.exe [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 21:56 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:48]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 00:09]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 00:09]
.
2013-06-02 c:\windows\Tasks\SlimCleaner Scan.job
- c:\program files (x86)\SlimCleaner\SlimCleaner.exe [2012-07-09 18:47]
.
2013-06-08 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-03-29 20:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="d:\program files\ZuneLauncher.exe" [2011-08-05 163552]
"tvncontrol"="d:\program files\TightVNC\tvnserver.exe" [2012-04-27 1633296]
"nveloApp"="c:\program files\Dataplex\CacheFilter\nveloApp.exe" [2012-09-24 117904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12503184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:80
uInternet Settings,ProxyOverride = <local>
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
Trusted Zone: millipore.com\naremote
TCP: Interfaces\{1B9DE0D8-7D93-4F86-8FB0-37D13D1273D7}: NameServer = 192.168.0.254,8.8.8.8
TCP: Interfaces\{1B9DE0D8-7D93-4F86-8FB0-37D13D1273D7}\778696475686F6573756: NameServer = 192.168.0.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://sc1.checkpoint.com/sc/update/CSHELL/extender.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://wondla.com/plugin/DFusionHomeWebPlugIn.Installer.exe
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-GameStop App - c:\programdata\{AC1FA872-E696-4D01-A2D5-76D53ED9BA09}\GameStopApp_setup.exe
AddRemove-SIUSBXP&10C4&EA61 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\SIUSBXP&10C4&EA61
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{25175695-4B20-4298-9F34-C2C57CD277B3} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7} - c:\programdata\{AC1FA872-E696-4D01-A2D5-76D53ED9BA09}\GameStopApp_setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\windows\SysWOW64\vmnat.exe
d:\program files (x86)\Vmware\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
d:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-06-07  22:05:34 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-08 02:05
.
Pre-Run: 2,380,759,040 bytes free
Post-Run: 3,256,573,952 bytes free
.
- - End Of File - - 3E1C0D0BD8CE2AC71465ADA7F02D3248
 
Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
AVG Internet Security 2012   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities 2013   
 AVG PC Tuneup 2011  
 TuneUp Utilities Language Pack (en-US) 
 TuneUp Utilities 2013   
 SlimCleaner     
 Java™ 6 Update 35  
 Java 7 Update 9  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe 
 AVG avgtray.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 8% 
````````````````````End of Log`````````````````````` 
 

 



#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:06 AM

Posted 07 June 2013 - 10:31 PM

Looks a whole lot better. I'd like to run a few more scans to verify we haven't missed anything.

----------Step 1----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 2----------------
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 3----------------
Please post the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

 



#5 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 08 June 2013 - 10:03 AM

Here is OTL's 2 log files. I will post ESET's log later when it is finished.

 

OTL logfile created on: 6/8/2013 10:51:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.98 Gb Total Physical Memory | 11.80 Gb Available Physical Memory | 73.83% Memory free
32.74 Gb Paging File | 27.65 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): c:\pagefile.sys 800 800d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 62.40 Gb Total Space | 3.06 Gb Free Space | 4.90% Space Free | Partition Type: NTFS
Drive D: | 869.01 Gb Total Space | 351.90 Gb Free Space | 40.49% Space Free | Partition Type: NTFS
 
Computer Name: JONATHANS-DIYPC | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/08 10:49:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013/06/08 10:07:47 | 001,071,104 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\is-QM877.tmp\Cracked Steam.tmp
PRC - [2013/05/29 01:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/21 14:51:36 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/05/21 14:51:36 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
PRC - [2013/05/01 09:32:28 | 034,929,728 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/04/14 07:38:15 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- D:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/04 14:48:03 | 002,349,640 | ---- | M] (MediaFire LLC) -- C:\Users\Jonathan\AppData\Local\MediaFire Express\mf_systray.exe
PRC - [2013/04/04 14:47:09 | 002,084,424 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\MediaFire Express\mf_status.exe
PRC - [2013/04/04 14:45:28 | 003,302,984 | ---- | M] (MediaFire) -- C:\Users\Jonathan\AppData\Local\MediaFire Express\mf_services.exe
PRC - [2013/04/04 14:40:39 | 002,433,608 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\MediaFire Express\mf_daemon.exe
PRC - [2013/03/29 16:22:28 | 029,387,072 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2013/03/05 16:47:06 | 000,026,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
PRC - [2013/03/05 16:47:04 | 000,035,256 | ---- | M] (Overwolf) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
PRC - [2013/02/26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/02/26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/02/26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- D:\Program Files (x86)\Vmware\vmware-authd.exe
PRC - [2013/02/15 23:46:48 | 000,713,575 | ---- | M] (Anti-Valve Software                                         ) -- D:\Program Files (x86)\Cracked Steam\Cracked Steam.exe
PRC - [2013/02/12 04:35:36 | 005,402,960 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/11/29 11:32:16 | 002,086,984 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- D:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/16 10:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 10:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/05/14 14:51:31 | 002,039,536 | ---- | M] (GameStop Corp.) -- D:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
PRC - [2012/02/26 10:42:28 | 000,632,320 | ---- | M] (FileZilla Project) -- D:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/09 02:06:48 | 000,312,376 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/08 15:43:02 | 001,953,792 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2011/06/04 10:44:33 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/06/04 10:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011/06/04 01:56:02 | 003,249,512 | ---- | M] (Hide My IP) -- D:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- D:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2011/04/15 01:59:24 | 000,135,170 | ---- | M] () -- C:\Program Files (x86)\AFLICS\AfterFLICS.exe
PRC - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () -- D:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2011/02/01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2007/11/20 11:52:30 | 000,045,700 | ---- | M] () -- C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9AFE.tmp
MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9A9E.tmp
MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9A5E.tmp
MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9A1D.tmp
MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM99BE.tmp
MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM997D.tmp
MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM991E.tmp
MOD - [2013/06/08 10:07:53 | 000,086,016 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9BE2.tmp
MOD - [2013/06/08 10:07:53 | 000,086,016 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9BC1.tmp
MOD - [2013/06/08 10:07:53 | 000,086,016 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9BA0.tmp
MOD - [2013/06/08 10:07:53 | 000,086,016 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9B6F.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM98FC.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM984F.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM97A1.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9751.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9720.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM96E0.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM96A0.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM966F.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM963E.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM95FE.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM95AE.tmp
MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM953E.tmp
MOD - [2013/06/08 10:07:51 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM94BF.tmp
MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM92E6.tmp
MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM92C5.tmp
MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9292.tmp
MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9252.tmp
MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9231.tmp
MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9133.tmp
MOD - [2013/06/08 10:07:51 | 000,072,704 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM940B.tmp
MOD - [2013/06/08 10:07:51 | 000,072,192 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM945D.tmp
MOD - [2013/06/08 10:07:51 | 000,072,192 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM943C.tmp
MOD - [2013/06/08 10:07:51 | 000,072,192 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM93F9.tmp
MOD - [2013/06/08 10:07:51 | 000,064,000 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9396.tmp
MOD - [2013/06/08 10:07:51 | 000,057,344 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM93D8.tmp
MOD - [2013/06/08 10:07:51 | 000,056,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9200.tmp
MOD - [2013/06/08 10:07:51 | 000,056,320 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM92A4.tmp
MOD - [2013/06/08 10:07:51 | 000,053,760 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM93B7.tmp
MOD - [2013/06/08 10:07:51 | 000,053,760 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9346.tmp
MOD - [2013/06/08 10:07:51 | 000,033,792 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\YTMP7MC8AA\TAA949D.tmp
MOD - [2013/06/08 10:07:50 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9102.tmp
MOD - [2013/06/08 10:07:50 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM90C2.tmp
MOD - [2013/06/08 10:07:50 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM8FA1.tmp
MOD - [2013/06/08 10:07:50 | 000,068,608 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9081.tmp
MOD - [2013/06/08 10:07:50 | 000,056,320 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9010.tmp
MOD - [2013/06/08 10:07:50 | 000,055,296 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9031.tmp
MOD - [2013/06/08 10:07:47 | 001,071,104 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\is-QM877.tmp\Cracked Steam.tmp
MOD - [2013/06/08 10:07:46 | 001,175,040 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._core_.pyd
MOD - [2013/06/08 10:07:46 | 001,153,024 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_ssl.pyd
MOD - [2013/06/08 10:07:46 | 001,062,400 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._controls_.pyd
MOD - [2013/06/08 10:07:46 | 001,022,416 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\windows._cacheinvalidation.pyd
MOD - [2013/06/08 10:07:46 | 000,811,008 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._windows_.pyd
MOD - [2013/06/08 10:07:46 | 000,805,888 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._gdi_.pyd
MOD - [2013/06/08 10:07:46 | 000,735,232 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._misc_.pyd
MOD - [2013/06/08 10:07:46 | 000,711,680 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_hashlib.pyd
MOD - [2013/06/08 10:07:46 | 000,686,080 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\unicodedata.pyd
MOD - [2013/06/08 10:07:46 | 000,557,056 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\pysqlite2._sqlite.pyd
MOD - [2013/06/08 10:07:46 | 000,364,544 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\pythoncom27.dll
MOD - [2013/06/08 10:07:46 | 000,320,512 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32com.shell.shell.pyd
MOD - [2013/06/08 10:07:46 | 000,128,512 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_elementtree.pyd
MOD - [2013/06/08 10:07:46 | 000,127,488 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\pyexpat.pyd
MOD - [2013/06/08 10:07:46 | 000,122,368 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._wizard.pyd
MOD - [2013/06/08 10:07:46 | 000,119,808 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32file.pyd
MOD - [2013/06/08 10:07:46 | 000,110,080 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\PyWinTypes27.dll
MOD - [2013/06/08 10:07:46 | 000,108,544 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32security.pyd
MOD - [2013/06/08 10:07:46 | 000,098,816 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32api.pyd
MOD - [2013/06/08 10:07:46 | 000,087,040 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_ctypes.pyd
MOD - [2013/06/08 10:07:46 | 000,070,656 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._html2.pyd
MOD - [2013/06/08 10:07:46 | 000,044,032 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_socket.pyd
MOD - [2013/06/08 10:07:46 | 000,038,912 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32inet.pyd
MOD - [2013/06/08 10:07:46 | 000,035,840 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32process.pyd
MOD - [2013/06/08 10:07:46 | 000,026,624 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_multiprocessing.pyd
MOD - [2013/06/08 10:07:46 | 000,025,600 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32pdh.pyd
MOD - [2013/06/08 10:07:46 | 000,022,528 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32ts.pyd
MOD - [2013/06/08 10:07:46 | 000,018,432 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32event.pyd
MOD - [2013/06/08 10:07:46 | 000,017,408 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32profile.pyd
MOD - [2013/06/08 10:07:46 | 000,011,264 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32crypt.pyd
MOD - [2013/06/08 10:07:46 | 000,010,240 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\select.pyd
MOD - [2013/05/29 01:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013/05/29 01:27:37 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013/05/29 01:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013/05/29 01:26:40 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013/05/29 01:26:39 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013/05/29 01:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013/05/21 14:51:36 | 000,158,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
MOD - [2013/05/15 17:09:18 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/15 17:00:56 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/15 17:00:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/15 17:00:41 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/15 17:00:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/15 17:00:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/04/04 14:47:09 | 002,084,424 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\MediaFire Express\mf_status.exe
MOD - [2013/04/04 14:40:39 | 002,433,608 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\MediaFire Express\mf_daemon.exe
MOD - [2013/04/04 13:02:37 | 001,472,543 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\MediaFire Express\mediafire_api_connect.dll
MOD - [2013/04/04 13:02:37 | 001,019,406 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\MediaFire Express\libstdc++-6.dll
MOD - [2013/04/04 13:02:37 | 000,151,054 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\MediaFire Express\libexpat-1.dll
MOD - [2013/04/04 13:02:37 | 000,117,248 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\MediaFire Express\libgcc_s_dw2-1.dll
MOD - [2013/03/05 16:47:20 | 000,637,368 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWServer.dll
MOD - [2013/03/05 16:47:20 | 000,077,240 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorer-10616.dll
MOD - [2013/03/05 16:47:20 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\Overwolf\BrowserWindow.dll
MOD - [2013/03/05 16:47:20 | 000,037,304 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWInjector.dll
MOD - [2013/03/05 16:47:20 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll
MOD - [2013/03/05 16:47:18 | 000,118,712 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWService.dll
MOD - [2013/03/05 16:47:18 | 000,084,920 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
MOD - [2013/03/05 16:47:16 | 016,670,136 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
MOD - [2013/03/05 16:47:12 | 000,402,360 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWAgent.dll
MOD - [2013/03/05 16:47:12 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Overwolf\CoreAudioApi.dll
MOD - [2013/03/05 16:47:12 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Overwolf\SteamAPI.dll
MOD - [2013/03/05 16:47:04 | 000,037,304 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWLog.dll
MOD - [2013/03/05 16:47:04 | 000,027,064 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll
MOD - [2013/02/13 13:07:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/12 04:31:06 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2013/02/12 04:31:06 | 001,241,088 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2013/02/12 04:31:06 | 000,775,680 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll
MOD - [2013/02/12 04:31:06 | 000,241,152 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll
MOD - [2013/02/12 04:31:06 | 000,201,216 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll
MOD - [2013/01/09 18:24:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 18:24:21 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 18:24:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 18:24:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 18:24:02 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/03/08 20:11:36 | 000,070,424 | ---- | M] () -- D:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/01/03 22:50:53 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- D:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- D:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- D:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/11/20 23:24:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
MOD - [2010/11/20 23:24:25 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/29 11:31:16 | 000,037,216 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2012/09/24 19:00:24 | 000,033,424 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Windows\SysNative\Dataplex\NveloSvc.exe -- (nveloSvc)
SRV:64bit: - [2011/08/12 20:51:20 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2013/06/06 18:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/21 14:51:36 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013/05/15 15:48:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/26 17:23:04 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/03/05 16:47:00 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- D:\Program Files (x86)\Vmware\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/08 18:45:50 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/12/10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/12/05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/11/29 11:31:18 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/11/29 11:31:16 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/11 16:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/04/26 21:45:06 | 001,633,296 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- D:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2012/02/26 10:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- D:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/11/23 09:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/06/04 10:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011/06/04 01:56:02 | 003,249,512 | ---- | M] (Hide My IP) [On_Demand | Running] -- D:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2011/04/15 01:59:24 | 000,135,170 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AFLICS\AfterFLICS.exe -- (AfterFLICS v3)
SRV - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV - [2011/02/01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/11/20 11:52:30 | 000,045,700 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe -- (IPClampService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/08 10:07:59 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/05/21 14:51:36 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/11 03:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/26 02:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/02/26 02:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/02/26 02:28:04 | 000,031,824 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2013/02/26 02:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/02/26 02:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/02/26 02:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013/01/31 05:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/12/21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012/12/21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/10/24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/11 16:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/10/11 16:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012/10/10 23:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/09/24 19:00:38 | 000,111,248 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\nvelofsfltr.sys -- (nvelofsfltr)
DRV:64bit: - [2012/09/24 19:00:36 | 000,024,720 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nveloportfltr.sys -- (nveloportfltr)
DRV:64bit: - [2012/09/24 19:00:28 | 000,291,472 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvelodiskfltr.sys -- (nvelodiskfltr)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/09 02:06:36 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/07 19:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/04 10:20:32 | 000,013,944 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_TPIO64.sys -- (BS_TPIO)
DRV:64bit: - [2011/03/30 07:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/12/08 18:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/08 18:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/22 16:35:12 | 000,068,608 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2010/11/22 16:35:12 | 000,023,040 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 09:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/12 17:42:18 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/11/03 22:16:10 | 000,019,456 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/15 05:47:41 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/12 16:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rsdrvx64.sys -- (ElRawDisk)
DRV:64bit: - [2008/06/16 18:02:16 | 000,015,408 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV:64bit: - [2007/06/08 07:06:36 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV:64bit: - [1999/12/31 20:00:00 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [1999/12/31 20:00:00 | 000,553,576 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2012/12/21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012/12/21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012/09/18 17:02:02 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/11/23 09:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/07/15 05:47:41 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/06/16 14:43:18 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BS_I2cIo.sys -- (BS_I2cIo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 C6 05 AA D1 8D CC 01  [binary data]
IE - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:80
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/21 14:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: D:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/05/14 13:39:59 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: D'Fusion @Home Web Plug-In (2.30.11285.AR23) (Enabled) = C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Angry Birds = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: EasyBib = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: angry sonic = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofkdfdjcahngchfdpaokbmdemegmoko\2.0_0\
CHR - Extension: EasyBib Tools = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmffdimoneaieldiddcmajhbjijmnggi\0.5.0_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: AVG Safe Search = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.8_0\
CHR - Extension: TV = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiodjcfboomhnbbmoimodpahebopdagm\1.0.1.9_0\
CHR - Extension: Instagram for Chrome = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.5.4_0\
CHR - Extension: Bullet Physics NaCl Test = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal\1.0_0\
CHR - Extension: Gmail = C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/06/07 21:53:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O4:64bit: - HKLM..\Run: [nveloApp] C:\Program Files\Dataplex\CacheFilter\NveloApp.exe (Windows ® Win 7 DDK provider)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [tvncontrol] D:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4:64bit: - HKLM..\Run: [Zune Launcher] D:\Program Files\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] D:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EaseUS EPM tray] d:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [3D0182130A77C0A088C84D83629451976D2D682C._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [Akamai NetSession Interface] C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [Cracked Steam Service] D:\Program Files (x86)\Cracked Steam\Cracked Steam.exe (Anti-Valve Software                                         )
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [MediaFire Tray] C:\Users\Jonathan\AppData\Local\MediaFire Express\mf_systray.exe (MediaFire LLC)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [SandboxieControl] D:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000..\Run: [uTorrent] D:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = D:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\..Trusted Domains: millipore.com ([naremote] https in Trusted sites)
O15 - HKU\S-1-5-21-1627792851-2230852417-1751867909-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://sc1.checkpoint.com/sc/update/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://wondla.com/plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B9DE0D8-7D93-4F86-8FB0-37D13D1273D7}: NameServer = 192.168.0.254,8.8.8.8
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/12 20:29:46 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\PROGRA~1\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/07 21:53:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/06/07 21:31:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/07 21:31:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/07 21:31:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/07 21:31:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/07 21:31:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/07 14:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/07 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Dxbx
[2013/06/06 18:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DXBX
[2013/05/31 14:36:01 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2013/05/30 22:44:46 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/30 22:44:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/30 22:44:46 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/30 22:44:46 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/30 22:44:46 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/30 22:44:46 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/30 22:44:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/30 22:44:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/30 22:44:46 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/30 22:44:46 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/30 22:44:46 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/30 22:44:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/30 22:44:46 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/30 22:44:46 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/30 22:44:46 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/30 22:44:46 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/30 22:44:46 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/30 22:44:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/30 22:44:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/30 22:44:46 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/30 22:44:46 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/30 22:44:46 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/30 22:44:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/30 22:44:46 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/30 22:44:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/30 22:44:46 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/30 22:44:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/30 22:44:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/30 22:44:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/30 22:44:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/30 22:44:45 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/30 22:44:45 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/30 22:44:45 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/30 22:44:45 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/30 22:44:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/30 22:44:45 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/30 22:44:45 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/30 22:44:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/30 22:44:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/30 22:44:45 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/30 22:44:45 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/30 22:44:45 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/30 22:44:45 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/30 22:44:45 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/30 22:44:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/30 22:44:45 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/30 22:44:45 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/30 22:44:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/30 22:44:45 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/30 22:44:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/30 22:44:45 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/30 22:44:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/30 22:44:45 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/30 22:44:45 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/30 22:44:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/30 22:44:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/30 22:44:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/30 22:44:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/30 22:44:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/30 22:44:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/30 22:44:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/30 22:44:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/30 22:44:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/30 22:44:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/30 22:44:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/30 22:44:45 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/30 22:44:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/30 22:44:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/05/30 17:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
[2013/05/24 20:34:12 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\My ooVoo
[2013/05/15 14:29:52 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 14:29:52 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/15 14:29:51 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 14:29:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 14:29:50 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 14:29:50 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 14:29:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/14 13:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/11 19:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark DescentNondev
[2013/05/10 16:33:35 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\HPL2
[2013/05/10 16:33:07 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\amnesia
[2013/05/10 16:31:52 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\stuff
[2013/05/10 16:00:16 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\geany
[2013/05/10 16:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geany
[2013/05/10 15:53:54 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\fltk.org
[2013/05/10 15:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2013/05/10 15:53:52 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Amnesia
[2013/05/09 21:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2013/01/27 21:31:10 | 000,059,392 | ---- | C] (CANON INC.) -- C:\Users\Jonathan\cnmss Canon Inkjet MX310 series (Local).dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/08 10:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/08 10:08:01 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/06/08 10:08:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/08 10:07:59 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/06/08 10:07:48 | 000,000,894 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
[2013/06/08 10:07:03 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 10:07:03 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 10:04:11 | 000,784,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/08 10:04:11 | 000,665,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/08 10:04:11 | 000,123,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/08 10:03:16 | 122,496,639 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/06/08 09:59:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/07 23:10:53 | 000,001,996 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon Inkjet MX310 series.lnk
[2013/06/07 22:56:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/07 21:53:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/07 15:16:40 | 000,470,270 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/06/06 18:12:42 | 000,000,663 | ---- | M] () -- C:\Users\Public\Desktop\DXBX.lnk
[2013/06/06 18:12:42 | 000,000,663 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\DXBX.lnk
[2013/06/02 14:27:50 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/06/01 11:50:40 | 000,003,340 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/05/31 14:36:01 | 000,000,569 | ---- | M] () -- C:\Users\Jonathan\Desktop\Fraps.lnk
[2013/05/31 14:31:06 | 490,321,386 | ---- | M] () -- C:\Users\Jonathan\Documents\clip0015.avi
[2013/05/31 14:25:51 | 000,004,521 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\CamStudio.cfg
[2013/05/31 14:25:51 | 000,000,408 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\CamShapes.ini
[2013/05/31 14:25:51 | 000,000,408 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\CamLayout.ini
[2013/05/31 14:25:51 | 000,000,096 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\Camdata.ini
[2013/05/30 22:44:46 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/30 22:44:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/30 22:44:46 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/30 22:44:46 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/30 22:44:46 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/30 22:44:46 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/30 22:44:46 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/30 22:44:46 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/30 22:44:46 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/30 22:44:46 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/30 22:44:46 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/30 22:44:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/30 22:44:46 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/30 22:44:46 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/30 22:44:46 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/30 22:44:46 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/30 22:44:46 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/30 22:44:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/30 22:44:46 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/30 22:44:46 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/30 22:44:46 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/30 22:44:46 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/30 22:44:46 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/30 22:44:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/30 22:44:46 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/30 22:44:46 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/30 22:44:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/30 22:44:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/30 22:44:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/30 22:44:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/30 22:44:46 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/30 22:44:45 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/30 22:44:45 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/30 22:44:45 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/30 22:44:45 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/30 22:44:45 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/30 22:44:45 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/30 22:44:45 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/30 22:44:45 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/30 22:44:45 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/30 22:44:45 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/30 22:44:45 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/30 22:44:45 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/30 22:44:45 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/30 22:44:45 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/30 22:44:45 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/30 22:44:45 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/30 22:44:45 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/30 22:44:45 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/30 22:44:45 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/30 22:44:45 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/30 22:44:45 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/30 22:44:45 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/30 22:44:45 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/30 22:44:45 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/30 22:44:45 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/30 22:44:45 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/30 22:44:45 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/30 22:44:45 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/30 22:44:45 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/30 22:44:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/30 22:44:45 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/30 22:44:45 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/30 22:44:45 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/30 22:44:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/30 22:44:45 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/30 22:44:45 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/30 22:44:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/30 22:44:45 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/30 22:44:45 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/05/24 20:37:13 | 428,880,128 | ---- | M] () -- C:\Users\Jonathan\Documents\clip0014.avi
[2013/05/21 14:51:36 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/05/18 13:52:09 | 000,000,000 | -H-- | M] () -- C:\Users\Jonathan\Documents\Default.rdp
[2013/05/18 09:03:37 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013/05/17 15:51:41 | 008,640,864 | ---- | M] () -- C:\Users\Jonathan\Documents\clip0013.avi
[2013/05/17 15:51:28 | 006,075,460 | ---- | M] () -- C:\Users\Jonathan\Documents\clip0012.avi
[2013/05/15 17:23:39 | 001,104,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 15:48:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 15:48:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/15 15:48:11 | 009,195,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/14 13:39:59 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013/05/12 20:51:09 | 000,000,203 | ---- | M] () -- C:\Users\Jonathan\Desktop\Guns of Icarus Online.url
[2013/05/12 19:13:36 | 000,005,235 | ---- | M] () -- C:\Users\Jonathan\.recently-used.xbel
[2013/05/10 16:00:11 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\Geany.lnk
[2013/05/10 16:00:11 | 000,000,809 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Geany.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/07 21:31:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/07 21:31:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/07 21:31:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/07 21:31:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/07 21:31:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/06 18:12:42 | 000,000,663 | ---- | C] () -- C:\Users\Public\Desktop\DXBX.lnk
[2013/06/06 18:12:42 | 000,000,663 | ---- | C] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\DXBX.lnk
[2013/06/02 13:01:29 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/05/31 14:28:10 | 490,321,386 | ---- | C] () -- C:\Users\Jonathan\Documents\clip0015.avi
[2013/05/30 22:44:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/30 22:44:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/30 17:16:22 | 000,004,521 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\CamStudio.cfg
[2013/05/30 17:16:22 | 000,000,408 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\CamShapes.ini
[2013/05/30 17:16:22 | 000,000,408 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\CamLayout.ini
[2013/05/30 17:16:22 | 000,000,096 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\Camdata.ini
[2013/05/24 20:34:51 | 428,880,128 | ---- | C] () -- C:\Users\Jonathan\Documents\clip0014.avi
[2013/05/18 13:52:09 | 000,000,000 | -H-- | C] () -- C:\Users\Jonathan\Documents\Default.rdp
[2013/05/17 15:51:35 | 008,640,864 | ---- | C] () -- C:\Users\Jonathan\Documents\clip0013.avi
[2013/05/17 15:51:24 | 006,075,460 | ---- | C] () -- C:\Users\Jonathan\Documents\clip0012.avi
[2013/05/12 20:51:09 | 000,000,203 | ---- | C] () -- C:\Users\Jonathan\Desktop\Guns of Icarus Online.url
[2013/05/12 19:13:36 | 000,005,235 | ---- | C] () -- C:\Users\Jonathan\.recently-used.xbel
[2013/05/10 16:00:11 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\Geany.lnk
[2013/05/10 16:00:11 | 000,000,809 | ---- | C] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Geany.lnk
[2013/04/18 21:38:12 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2013/04/18 21:38:12 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013/04/18 21:38:12 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ThumbExtract.dll
[2013/01/18 22:20:46 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013/01/18 22:20:45 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013/01/18 22:20:45 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013/01/18 22:20:45 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013/01/18 22:20:45 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013/01/04 23:05:50 | 000,000,040 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\burnaware.ini
[2012/06/16 09:15:44 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/06/10 14:59:51 | 000,010,752 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 16:44:30 | 000,000,498 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\XP500UserMetrics.osl
[2012/01/03 03:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2012/01/02 18:34:48 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/06 18:48:59 | 000,003,340 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/12/06 13:22:48 | 000,000,600 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\PUTTY.RND
[2011/10/06 19:55:03 | 000,001,595 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\SAS7_000.DAT
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/23 18:45:06 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2011/08/17 17:44:35 | 000,007,605 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\Resmon.ResmonCfg
[2011/08/15 15:01:30 | 000,000,208 | ---- | C] () -- C:\ProgramData\{6BC52438-5DE4-4102-846E-64C225A0A04E}_WiseFW.ini
[2011/08/15 15:00:57 | 000,000,110 | ---- | C] () -- C:\ProgramData\{48AED231-2C86-4C8E-A390-F386056109CF}_WiseFW.ini
[2011/08/15 07:19:01 | 000,003,401 | ---- | C] () -- C:\Users\Jonathan\unigine_20110815_0718.html
[2011/08/12 20:47:58 | 000,799,504 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/08 08:31:52 | 000,000,132 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/05 10:50:03 | 000,001,456 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/07/30 16:47:34 | 000,003,401 | ---- | C] () -- C:\Users\Jonathan\unigine_20110730_1647.html
[2011/07/30 16:39:52 | 000,003,399 | ---- | C] () -- C:\Users\Jonathan\unigine_20110730_1639.html
[2011/07/24 10:47:15 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0CFF5F08
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
 
< End of report >
 

OTL Extras logfile created on: 6/8/2013 10:51:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.98 Gb Total Physical Memory | 11.80 Gb Available Physical Memory | 73.83% Memory free
32.74 Gb Paging File | 27.65 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): c:\pagefile.sys 800 800d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 62.40 Gb Total Space | 3.06 Gb Free Space | 4.90% Space Free | Partition Type: NTFS
Drive D: | 869.01 Gb Total Space | 351.90 Gb Free Space | 40.49% Space Free | Partition Type: NTFS
 
Computer Name: JONATHANS-DIYPC | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1627792851-2230852417-1751867909-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06674B08-7D5A-4950-AAFC-E2E8FEF16CA6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0D95541A-FDDE-4DB6-B2F1-A5A0BD80B5BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{103C4D01-270F-4655-B66D-064337315182}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{129940A5-1B97-48C4-BFF2-AA2305A3C414}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{22A4B4BD-E083-4788-9BBA-F8CC0170D099}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 | 
"{2563206A-D6C1-4ED5-B3BD-B88419EB910A}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 | 
"{298B8DC7-8560-44D4-8CFB-59B228F022C6}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{29CD8875-ECD7-4C8C-A4DC-27CC87DD4A07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{33F519EA-7F86-4EFD-A69A-6106E2469146}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3E37605E-5B41-4D52-BA63-8B5AEE115211}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{416DE899-EB94-4A06-939E-DA6732DAA065}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4BA34A5F-B960-4CD0-929D-AAF619D2C3B3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{556D320E-4469-45F9-8C09-1A45B3FEE847}" = rport=138 | protocol=17 | dir=out | app=system | 
"{58715D56-0C5B-42B1-8772-30ECFCAF68FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6028322F-506D-4749-9B4A-91DE31666971}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60E54334-9E7E-4790-8A09-1311A36729F3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{76AE7304-1C8A-451E-9439-02C0A5153BDA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{77D321CC-DDC6-4DA4-9B5D-6C2A8B6980A2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7CC3E2E0-EB06-4A79-BC0C-3A3FC560ACB2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7E3DAFAE-2999-42E3-B911-E4CE2BDFB7D3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{81888FFE-DD54-4927-A4DD-F34837BA9704}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{85C4AEE2-7D4A-4694-AA1F-F97651FDB401}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{891A67C4-D532-440D-9B38-45DA2148C700}" = lport=53 | protocol=6 | dir=in | name=rtldns-port | 
"{90805F73-0AAC-48C3-9B28-5E52A1A7694C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9BB1E530-5501-4066-9650-63D23CD151E1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9BF634B1-4782-4FB6-BA58-281C3C37D518}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9E2CED38-CC79-4E5B-A34F-90120ABB59B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A041997C-81F4-4E6C-829D-31C5AC44021F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5FBC628-C699-4FD3-99DB-93DA24AE8A9F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B59C0EE9-02F7-46CF-AABB-B89FDD222C77}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B98D650F-F1B7-41C8-9B98-8864E56CF0BF}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface | 
"{C45303A2-AC20-493E-9D79-A2938304F2FD}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{C4B29D90-3988-4BF3-A9E8-58D90236AB8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C97A3486-6A8A-4D8B-BCAA-C5935DD12EB8}" = lport=3140 | protocol=6 | dir=in | name=ip-clamp licensing service | 
"{CDC89B6B-4780-46AF-A3EE-DC1A06C2E2C3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{CDE6B21C-686C-4756-ADC5-7C69C2F386D4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D3F25E47-59FA-465A-8275-F5C1A2516559}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D9C02C0F-8799-4F18-A785-437CD10A0EAB}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{E28E2120-DFD0-48C2-BDBD-0D9773F78092}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{E45D9462-A885-4E9D-86F2-22532DA82FC9}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{E48F39DD-9524-491C-A9A1-3978629B610E}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port | 
"{E70A4CDC-79FD-4C0E-8CCA-DC73E1313C2B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01424681-7666-477F-88F9-F3A30F81E3BC}" = protocol=6 | dir=in | app=d:\program files (x86)\avid\studio\programs\rm.exe | 
"{054F9573-C630-4BB2-A55E-31D2399E78DB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{05786979-C80A-4958-B0F3-9A2516E2DFA4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{06631F60-6A44-49EE-BD2B-1A97926D1C77}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{0AE7D01D-BCB2-4FD6-840C-E7ACE106FB11}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{0DEDCC3C-6461-47A4-9B2A-805F134FEA1E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{0E007F43-B109-4C0F-B4C5-FE4EF1A141CC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{0E6D0196-6F88-497D-BFAA-23DCCCC91574}" = protocol=6 | dir=in | app=d:\program files (x86)\simple port forwarding\spf.exe | 
"{0FC5001A-CA60-4A44-A4BE-8F8175EB6F2E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{101E675E-AF7D-40B4-834B-E4ED51450FE4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{11F2521E-0421-4A6F-933C-C5BE16839D37}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{13DB73D8-241E-4944-A396-0A672C592068}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | 
"{13DD0D52-D30B-4771-A405-3AC186DB7944}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\limbo\limbo_demo.exe | 
"{14D46B45-7EEE-4D5D-A096-E9D71DBF5D5E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{14E53186-BC8B-4D9A-8CEE-675EF39636D9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{174D7893-87F5-47D6-AC6E-02B5DBBA4AED}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{19BBC4F4-4696-43B4-9438-0F3E676043B9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1B3054BA-B341-4399-925C-4F9190D57472}" = protocol=6 | dir=in | app=d:\srcds\orangebox\srcds.exe | 
"{1E18D451-B7AE-4990-955E-DA2D482A6AC0}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{1E2A02CE-0FFE-4478-83AC-F807179B34F3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{1E9E25EF-922B-48C2-B817-BA46201F28C0}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgemca.exe | 
"{20EA557D-A762-49CA-9F85-DE29FB1F3CC8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{214638AB-31C4-4568-83E8-1015387CC435}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{22BDC0E5-4A5A-478F-A208-D116273DC453}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{23EC73C0-37A6-44AD-8E87-AEBC6581F256}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\jaw20\the ship single player\ship.exe | 
"{24CD569B-FA70-478C-AB1D-04095D9508C5}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{25A27789-7522-4CFB-8267-2C17441F12C4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{26017955-2C4E-463C-8474-4F6653F18F07}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{2A472642-C5CA-43F0-A373-7CABE4CC1EEE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\limbo\limbo_demo.exe | 
"{2C65C0A6-5D21-447A-B92D-AADBF6F20679}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\kerbal space program demo\ksp.exe | 
"{2EF8A5FE-4D51-45EF-A152-BC9E8BC8369B}" = dir=in | app=d:\program files\tightvnc\tvnserver.exe | 
"{317FA9F3-33C1-46AC-9C7C-F3C73E748E46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{335117A2-48F2-4C27-AB2A-84FA2D4BD023}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33EF3BDF-C7A0-436D-92ED-0A394FAEE85D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{370C0A7D-FD4D-486C-A5E2-F10DA77DE302}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2012\3dsmax.exe | 
"{37D57E71-07F3-40CD-9A44-32E2FFCA3A62}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{3A04F811-1FB2-4C29-ABB0-F53D2A04EBAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3AF0C580-565C-43F0-86AA-B83D65A4AC7B}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | 
"{3B27265F-E423-43F6-B238-FDC233ECA0DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3BA1A2E7-19A4-48CF-BE7B-117D8EE717BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3FD522CA-B5BD-42AA-872A-219679C2B3A4}" = protocol=6 | dir=out | app=system | 
"{431E740C-BC69-40ED-B6D8-F299458705F8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\jaw20\the ship single player\ship.exe | 
"{44BA0C3E-2810-47E4-BBA1-8D0A917519E7}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{4AA67157-3F82-4884-A5EA-BA5FBCFC0230}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{4B358A4D-566B-43E3-AD87-C773814CB62B}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe | 
"{4FACD29E-E6D1-429B-BAF4-1EDD1C55B2B8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{4FE6DA54-5414-4D89-8C28-5FDB0D27C78F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{4FE97EC1-CBFD-4870-B476-E6CEF543797D}" = protocol=17 | dir=in | app=d:\program files (x86)\simple port forwarding\spf.exe | 
"{50162231-9608-4802-9C51-68A410D7F7DA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5089303B-166D-4CC4-9858-4BA71438FCB3}" = protocol=6 | dir=in | app=d:\program files (x86)\avid\studio\programs\ngstudio.exe | 
"{541C635D-165E-4F5D-AB11-BCAD0C6EC120}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{58FEBCAD-7F32-414D-B267-E93ED7A0B527}" = protocol=6 | dir=in | app=d:\program files (x86)\cracked steam\steam.exe | 
"{5B57A714-DFD5-40CD-8AAF-8C8A6F550650}" = protocol=17 | dir=in | app=c:\users\jonathan\appdata\local\akamai\netsession_win.exe | 
"{5D1C6089-815B-47BC-9A20-74D8FF4D05A4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5D24630A-1A96-4EA7-91B8-3298E9F3B430}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E5F3F2F-5C8F-45D9-B118-3F030B8F377F}" = protocol=6 | dir=out | app=system | 
"{6484599B-E77A-4B89-9946-A3628E2F1568}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{6581A355-938A-43DB-A16E-98D3FC348653}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgemca.exe | 
"{6762EA0C-58C7-4519-ABDF-4B89D2F50D5D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6CD44C46-21D0-4358-9821-092BD3E6B58C}" = protocol=6 | dir=in | app=c:\program files (x86)\rnx-n180ube 11n usb wireless lan utility\rtwlan.exe | 
"{7332AD5B-ECEB-4C6F-9C00-FF2709BBEAC3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{7DC67C4F-086D-4359-8705-85A6AA4D0F50}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{7FD69A0C-EC40-4F3C-B7AB-82F4F8A93316}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{811FC898-814D-42FD-8FF6-CF9139EA0E95}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgemca.exe | 
"{8125A551-DFAB-4DA0-A681-2161D91398ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{86787ECF-D4CB-4383-AE76-27735BE0DC38}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{8C0BD664-432A-4BD6-B807-9BCCBCB960B0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{923A208E-E56B-457F-8171-A301B4470C8C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{93A6D9AD-FF7A-4371-932F-BB1DD147B756}" = protocol=17 | dir=in | app=d:\program files (x86)\cracked steam\steam.exe | 
"{942C3287-25F8-4B25-9DCD-2B7C9F2CB071}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{94833A56-C895-4136-8674-6E133925FFD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{967CC293-5256-4FE7-A51A-B97179E8E450}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{97E1F957-FEE9-45F7-9728-5D687FEA0E70}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{97FC9A27-B45A-425C-B994-CE987D2F1EBD}" = protocol=17 | dir=in | app=d:\srcds\orangebox\srcds.exe | 
"{9AB6EA1F-F7FD-4483-A333-B5914D77BC0D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sonic adventure 2\launcher.exe | 
"{9DAA53BB-D700-430A-B2E8-A07E9AA1F077}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{9E2E8B40-F503-466E-8A70-EFE698F5FF03}" = protocol=17 | dir=in | app=d:\program files (x86)\simple port forwarding\spf.exe | 
"{9F34D5DF-A577-47CE-962F-00D7D2C591A9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{A025F576-C05A-4B62-8462-CEF4A9C416B0}" = protocol=6 | dir=in | app=c:\users\jonathan\appdata\local\akamai\netsession_win.exe | 
"{A0CF98FA-AD92-4C1E-8D61-C6E7F1AD6DC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1D4ED89-3776-4981-88DE-B1E7E8425BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{A5C8A50B-62C9-4C19-ACC3-006C9D3C292E}" = dir=in | app=d:\program files (x86)\vmware\vmware-authd.exe | 
"{AA03F274-311C-4DDF-9205-CD4BD3B041F6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\kerbal space program demo\ksp.exe | 
"{AA39B4C0-24EF-4160-8BE2-B6D98E7B18FC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AAA1841F-81A4-47F3-8609-A800BF68EB22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AC2D15DF-92AB-4840-8CE4-FA857A4622B7}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{AD6EC57D-DC7A-42C2-A039-C5D4410C72B3}" = protocol=6 | dir=in | app=d:\program files (x86)\avid\studio\programs\umi.exe | 
"{AEFD27FE-E413-4881-A44A-05582223FE52}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{B035126D-196F-4FA4-80CF-468230F6F938}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{B0B6BC58-0DA1-4255-AF46-021D6217705E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sonic adventure 2\launcher.exe | 
"{B0E43798-E720-4460-82D7-18BF82269B8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3635C97-9B95-4458-B63D-0F77B86BFD9E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{B600C14F-236D-4E6B-A4F6-838C862CB455}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{B9AEB50F-C07C-4C3D-A7C9-99FF9F00F86A}" = protocol=58 | dir=in | app=system | 
"{BAB63E3D-4433-46D1-96A5-D521CC6D7A7D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C01CEF6C-3D04-4549-841A-C2A64CA7CF0B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{C05210E7-917E-41D2-8FEE-ED7FDC7AC189}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{C38490F7-0AB5-47FE-94CC-4FAD9336DEF4}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{C9109CC3-EE12-47D4-8271-0AE18F050F3F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | 
"{CACF53F0-26FF-46B3-8D93-6AA6EA389F7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD2E1303-AC40-494F-BE60-AD7BD3AF6059}" = protocol=6 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe | 
"{D3819DAC-DA84-4EC6-B130-71590E5C71CD}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{D5077014-DAF3-45D5-BC87-34ED85129CEB}" = protocol=17 | dir=in | app=d:\program files (x86)\avid\studio\programs\umi.exe | 
"{D5178602-92C0-42E7-BF23-251C475C7833}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{D68F99F4-8BAB-47F0-852A-AFA30D8442C5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe | 
"{D89DE89F-D81A-4D37-8B29-FB34353D25B5}" = dir=in | app=d:\program files (x86)\vmware\vmware-authd.exe | 
"{DADA37C6-329A-482B-B4AB-B61901279594}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgemca.exe | 
"{DE4AF258-BCDC-474C-B90A-7AF25FFF5C58}" = protocol=17 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe | 
"{DEF2D335-8ABB-44BB-A5DC-F504803F719D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{E092BA85-507F-44B3-B570-E488B2871F66}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E0AFF9AE-0591-4C26-940D-043065A36C5D}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2012\3dsmax.exe | 
"{E1F514EA-8FC5-494A-B1EB-73A83BA28844}" = protocol=17 | dir=in | app=d:\program files (x86)\avid\studio\programs\rm.exe | 
"{E3A05053-BADF-42D6-BB14-6519CD431FD4}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe | 
"{E411B951-8686-4F71-A84E-115D3AB1ACCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4C9F078-9575-44C4-B2B3-B5FAFE68D15D}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{E64B187F-C1D1-4A22-A7BB-ADABC57FBB72}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{E6B3456E-53FA-417F-9E72-7C8ADF3598C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6F74D30-E874-4DFD-A875-675FCF64523A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{E724F485-587E-4F79-841C-5A3BB12549BF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{E9FFAE2D-01F1-497D-8B47-BF96E28B1C4D}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | 
"{EA453FB3-8D13-440B-ADED-E1159020746B}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe | 
"{EA614FFA-129A-4D0D-A754-DA78104BEA25}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{EBE7325B-832B-47BB-9394-CDA27FFC5084}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{ED16FA6D-3EB0-4061-ADF8-4AD8DEF162A1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | 
"{EE9EB670-07E9-469B-B9B7-F45781F770FE}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | 
"{F04411D4-8EFF-40DD-851D-74C2919EA6CC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{F0F79C2A-1B51-4A10-830B-86D3E7FD2706}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{F38E78A9-8DFF-42C8-BF20-D489926FFF17}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{FB1B8567-B31B-48D5-B4C9-2711CA7D7FC0}" = protocol=6 | dir=out | app=system | 
"{FC75D4BB-56F9-4220-88E6-C0D7A360A47F}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{FCBB413C-1F6A-4BF5-AF26-99CDC9A0A55D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{FCC47E53-7B2F-4C3C-8645-642846FFA1C7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FD7CFB90-9AB0-4D1A-8990-B32C2DFC24BA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe | 
"{FDF65991-7B9D-46EC-8D74-6800C3709A7D}" = protocol=17 | dir=in | app=d:\program files (x86)\avid\studio\programs\ngstudio.exe | 
"{FE7250DA-0A8F-46BE-8EC6-F8DEC7E0495C}" = protocol=6 | dir=in | app=d:\program files (x86)\simple port forwarding\spf.exe | 
"{FEEE5090-BCAC-4A00-81C0-09636030CA92}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{FF1C1F26-F8BA-4C4A-AC9C-633EB5E948D2}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{FF494506-3A82-441A-A945-80440DC14BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\rnx-n180ube 11n usb wireless lan utility\rtwlan.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java™ 7 Update 2 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3DAC536E-AC0D-4D07-B1B6-10181619E7ED}" = Dataplex
"{48AED231-2C86-4C8E-A390-F386056109CF}" = ThinkingParticles 4.0 SP3 for 2010
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{53EDAFFA-3724-444C-AC8D-099220CDFB90}" = AVG 2012
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7AD9B0EF-448E-470C-9C7F-77A34BE1C42B}" = NuGraf/PolyTrans Demo Installer (64-bits)
"{8011A67E-2702-4A4E-867E-F491EF8A04B3}" = TightVNC
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993DAF7C-A5F8-42EA-81D4-DAE3C9D2D1F7}_is1" = Remo Recover
"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A94AABAE-52F0-48C4-9F94-A4CA4B423576}" = Adobe Photoshop Lightroom 3.2 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BE118D69-E21C-4FD5-936C-91F8CD13D3D6}" = ArchVision Dashboard
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CA2F11A0-56C1-4AB3-9D8A-07974591D35E}" = RPC Plug-in for Autodesk 3ds Max 2012 64-bit
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}" = TortoiseSVN 1.7.6.22632 (64 bit)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2A55438-F593-43A9-B91E-80D12C5C86D6}" = Okino Plug-ins Installer (x64 Demo Version)
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"CPUID HWMonitorPro_is1" = CPUID HWMonitor Pro 1.12
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"Sandboxie" = Sandboxie 3.62 (64-bit)
"Stellarium_is1" = Stellarium 0.11.4
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-bc36df3f-8721-449e-b9f7-20ea3a56c3e8" = My Game Long Name
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01011662-76A8-41E8-B1A8-4F8821570AC5}" = Advanced Archive Password Recovery
"{03945D18-B968-4861-A0D6-09D4A51CEF4E}" = WeatherLink 5.9.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B83666-3A62-452B-85D3-70F8117F2329}_is1" = CamStudio version 2.7
"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09F5ED5A-59A7-4342-AD44-D96F723D6F7C}_is1" = The Elder Scroll V - Skyrim version Patch 1.4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{11432CAF-EA32-4102-9AEE-5D31F2E9F762}" = Microsoft XNA Game Studio 3.1 Zune Extensions
"{14CABCFB-4BA1-45AB-A8D3-BF41D060FDF4}" = EASYnat for 3ds Max 2012 64-bit
"{15663E2F-4C49-4949-9490-8806050654E0}" = Avid Studio Bonus Content
"{199A019C-739D-4BA1-9B4B-90AB3EE31900}" = FumeFX 2.1 R2012 64-bit
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1EA56D91-C2CE-4E52-AFDF-D65C63FB8C09}" = Ellipse
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.3
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3E66D17B-6A22-4C1D-9931-57FCA0A04416}" = Autodesk 3ds Max 2012 SDK
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}" = Orbiter 2010-P1
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5169D2E2-0B94-3320-8C7A-718F92BE20CE}" = Microsoft Visual Basic PowerPacks 1.2
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BF6D4DE-C915-44C4-9176-AF6D3B27052F}" = XP500 Advanced Sound Editor
"{5C13C5F3-6E30-449F-8872-DF8AC35AE285}_is1" = CraftBukkit
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A519E1D-44B8-4DC9-BC30-552C68D41C01}" = Avid Studio Plugins
"{6BC52438-5DE4-4102-846E-64C225A0A04E}" = IP-Clamp Service
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FB58056-0BD1-4E42-BC61-26A840895497}" = Overwolf
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E5BA31-CB34-4388-BC7F-91DC8830AABC}" = ScoreFitter Volume 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}" = Nero Multimedia Suite 10 Essentials
"{7E052F74-10A7-42E7-84EB-01C172F5AB5D}" = SlimDrivers
"{7EC3EF6B-C4FB-4C1D-A95C-086F78A560F4}_is1" = MegaSVGPlanner Beat V2.0 version 2.0
"{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}" = Pinnacle Creative Pack Volume 1
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8543A572-5993-4101-BACC-C83884E183A4}" = One Touch Video Capture
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9DCBDF08-F1C0-4935-A958-9501384FC528}" = ScoreFitter Volume 1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{B099C29E-EC83-4BF2-A4FF-5809D09C1C1B}" = BIOScreen
"{B35DC076-CEF2-4631-9EF7-45380E27C841}" = Avid Studio
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9CC7CE9-B185-40BE-A9A8-504303EA06F7}" = TOVERCLOCKER
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54CF38B-9B9D-4DB7-A57F-EF0852ED1392}" = SlimCleaner
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E8626A59-FD0E-449C-A23A-C52FC0733629}" = Tseries BIOS Update
"{E8DCFFCD-D736-407D-B861-143A8809BA7C}" = WeatherLink 6.0.2
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App
"{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}" = Autodesk Network License Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F31DB1D9-B7E8-4375-B085-141BDFAEAD5A}" = Krakatoa 1.6.1.44739 for 3ds Max
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FC7CCCFB-2081-4E9D-8F6D-CAAE87267E6C}" = Guitar Hero Three Control Panel
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"abgx360" = abgx360 v1.0.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Afterburner" = MSI Afterburner 2.1.0
"Akamai" = Akamai NetSession Interface Service
"Android SDK Tools" = Android SDK Tools
"Audacity_is1" = Audacity 2.0.3
"AVG Secure Search" = AVG Security Toolbar
"BPM Beats per Minute Detector_is1" = BPM Beats per Minute Detector
"BurnAware Free_is1" = BurnAware Free 5.5
"Cain & Abel v4.9.43" = Cain & Abel v4.9.43
"camcodec" = CamStudio Lossless Codec v1.5
"Celestia_is1" = Celestia 1.6.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CraftDirectorStudio" = Craft Director Studio
"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.5.11.1
"Daossoft RAR Password Recovery" = Daossoft RAR Password Recovery 7.0.0.1
"DealBulldog Toolbar" = DealBulldog Toolbar
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DXBX_is1" = DXBX 0.5 Release
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition
"EGREEN" = ASUS E-Green Uninstall
"FBackup 4_is1" = FBackup 4
"FileZilla Server" = FileZilla Server
"Fraps" = Fraps (remove only)
"GameStop App" = GameStop App
"GCFScape_is1" = GCFScape 1.3.1
"Geany" = Geany 1.23
"Google Chrome" = Google Chrome
"GravitySimulator_is1" = GravitySimulator 2.0.000
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Halo 3 Toy Box" = Halo 3 Toy Box
"Halo Tool Box" = Halo Tool Box
"HMIP50_is1" = Hide My IP 5.3
"HyperCam 2" = HyperCam 2
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{7AD9B0EF-448E-470C-9C7F-77A34BE1C42B}" = NuGraf/PolyTrans Demo Installer (64-bits)
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E2A55438-F593-43A9-B91E-80D12C5C86D6}" = Okino Plug-ins Installer (x64 Demo Version)
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LAME_is1" = LAME v3.99.3 (for Windows)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Magic Traffic Bot" = Magic Traffic Bot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"ManyCam" = ManyCam 3.1.43
"MapleStory" = MapleStory
"MediaFire Express 0.12.3.3540" = MediaFire Express
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"Neverwinter Nights 2" = Neverwinter Nights 2
"Neverwinter Nights 2: Mask of the Betrayer" = Neverwinter Nights 2: Mask of the Betrayer
"Neverwinter Nights 2: Storm of Zehir" = Neverwinter Nights 2: Storm of Zehir
"Neverwinter Nights Diamond" = Neverwinter Nights Diamond
"Neverwinter Nights Hordes of the Underdark" = Neverwinter Nights Hordes of the Underdark
"Neverwinter Nights™ Kingmaker" = BioWare Premium Module: Neverwinter Nights™ Kingmaker
"Neverwinter Nights: Shadows of Undrentide" = Neverwinter Nights: Shadows of Undrentide
"NoIPDUC" = No-IP DUC
"NortonLive" = NortonLive
"NortonLive SmartStart" = NortonLive SmartStart
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PFPortChecker" = PFPortChecker 1.0.39
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Portforward Static IP Address" = Portforward Static IP Address 1.0.45
"PowerISO" = PowerISO
"PremElem90" = Adobe Premiere Elements 9
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Simple Port Forwarding" = Simple Port Forwarding
"SIUSBXP&10C4&EA61" = Silicon Laboratories USBXpress Device (Driver Removal)
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Steam App 12910" = Audiosurf Demo
"Steam App 1840" = Source Filmmaker
"Steam App 209080" = Guns of Icarus Online
"Steam App 211" = Source SDK
"Steam App 213610" = Sonic Adventure™ 2 
"Steam App 218" = Source SDK Base 2007
"Steam App 219890" = Antichamber
"Steam App 231410" = Kerbal Space Program Demo
"Steam App 2420" = The Ship Single Player
"Steam App 2430" = The Ship Tutorial
"Steam App 310" = Source Multiplayer Dedicated Server
"Steam App 38700" = Toki Tori
"Steam App 38720" = RUSH
"Steam App 38740" = EDGE
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13
"Steam App 48010" = LIMBO Demo
"Steam App 520" = Team Fortress 2 Beta
"Steam App 620" = Portal 2
"Steam App 629" = Portal 2 Authoring Tools - Beta
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 70300" = VVVVVV
"Steam App 99900" = Spiral Knights
"substance_designer_1_x" = Allegorithmic Substance Designer 1.x
"substance_player_1_x" = Allegorithmic Substance Player 1.x
"Supersonic Sled" = NVIDIA Supersonic Sled demo
"TeamViewer 7" = TeamViewer 7
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Unigine Heaven DX11 Benchmark 2.5_is1" = Unigine Heaven DX11 Benchmark 2.5 version 2.5
"Universe Sandbox" = Universe Sandbox
"uTorrent" = µTorrent
"VMware_Player" = VMware Player
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1
"ZOTAC FireStorm" = ZOTAC FireStorm
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1627792851-2230852417-1751867909-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"a99828f8790215a1" = CFG Generator
"Akamai" = Akamai NetSession Interface
"c438b35a3da49585" = Universe Sandbox
"Hawken" = Hawken
"substance_extra_content_3dsmax2012_1_x" = Allegorithmic Substance Extra Content for 3DSMax 2012 1.x
"WinDirStat" = WinDirStat 1.1.2
"XBMC" = XBMC
"Xbox 360 Tools" = Xbox 360 Tools
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/31/2013 8:41:22 PM | Computer Name = Jonathans-DIYPC | Source = Application Error | ID = 1000
Description = Faulting application name: Amnesia.exe, version: 0.0.0.0, time stamp:
 0x4db7bb8e  Faulting module name: wrap_oal.dll, version: 2.2.0.5, time stamp: 0x4a25c811
Exception
 code: 0x40000015  Fault offset: 0x000483a1  Faulting process id: 0x6338  Faulting application
 start time: 0x01ce5e5c145008a0  Faulting application path: D:\Program Files (x86)\Amnesia
 - The Dark Descent-NonDev\redist\Amnesia.exe  Faulting module path: D:\Program Files
 (x86)\Amnesia - The Dark Descent-NonDev\redist\wrap_oal.dll  Report Id: fb0a9fac-ca53-11e2-8951-8f289eef6f18
 
Error - 6/1/2013 2:50:44 PM | Computer Name = Jonathans-DIYPC | Source = Application Error | ID = 1000
Description = Faulting application name: Amnesia.exe, version: 0.0.0.0, time stamp:
 0x4db7bb8e  Faulting module name: wrap_oal.dll, version: 2.2.0.5, time stamp: 0x4a25c811
Exception
 code: 0x40000015  Fault offset: 0x000483a1  Faulting process id: 0xbe60  Faulting application
 start time: 0x01ce5ee88b3a0d7e  Faulting application path: D:\Program Files (x86)\Amnesia
 - The Dark Descent\redist\Amnesia.exe  Faulting module path: D:\Program Files (x86)\Amnesia
 - The Dark Descent\redist\wrap_oal.dll  Report Id: 29c909f0-caec-11e2-8951-8f289eef6f18
 
Error - 6/3/2013 4:46:28 PM | Computer Name = Jonathans-DIYPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/4/2013 2:56:30 PM | Computer Name = Jonathans-DIYPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/5/2013 2:15:32 PM | Computer Name = Jonathans-DIYPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/6/2013 5:19:46 PM | Computer Name = Jonathans-DIYPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/7/2013 2:12:20 PM | Computer Name = Jonathans-DIYPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/7/2013 8:25:35 PM | Computer Name = Jonathans-DIYPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/7/2013 9:54:57 PM | Computer Name = Jonathans-DIYPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/7/2013 10:10:18 PM | Computer Name = Jonathans-DIYPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/8/2013 10:01:35 AM | Computer Name = Jonathans-DIYPC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 6/7/2013 9:55:21 PM | Computer Name = Jonathans-DIYPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 6/7/2013 9:55:21 PM | Computer Name = Jonathans-DIYPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 6/7/2013 10:05:13 PM | Computer Name = Jonathans-DIYPC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 6/7/2013 10:08:39 PM | Computer Name = Jonathans-DIYPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   nvelofsfltr
 
Error - 6/7/2013 10:10:40 PM | Computer Name = Jonathans-DIYPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 6/7/2013 10:10:40 PM | Computer Name = Jonathans-DIYPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 6/7/2013 11:10:52 PM | Computer Name = Jonathans-DIYPC | Source = DCOM | ID = 10010
Description = 
 
Error - 6/8/2013 9:59:57 AM | Computer Name = Jonathans-DIYPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   nvelofsfltr
 
Error - 6/8/2013 10:01:59 AM | Computer Name = Jonathans-DIYPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 6/8/2013 10:01:59 AM | Computer Name = Jonathans-DIYPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >
 

 



#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:06 AM

Posted 08 June 2013 - 11:34 AM

Here is OTL's 2 log files. I will post ESET's log later when it is finished.

 

Sounds good :thumbup2:



#7 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 08 June 2013 - 04:59 PM

Here is the log.

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e6b75b7ff0952c488b1a2f4670feaae9
# engine=14027
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-08 07:21:48
# local_time=2013-06-08 03:21:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1034 16777213 100 78 0 59440118 0 0
# compatibility_mode=5893 16776574 100 94 79474497 122262758 0 0
# scanned=1137468
# found=10
# cleaned=10
# scan_time=15321
sh=261625334F176E9FB2A036E7404DEB78DE022C3C ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Users\Jonathan\Downloads\Tools (1).zip"
sh=212B4C19CDE66A53EE0E9BFC1DF9A059E4241CE0 ft=0 fh=0000000000000000 vn="a variant of MSIL/PSW.Agent.NFX trojan (deleted - quarantined)" ac=C fn="D:\MineCraft Admin Giver.rar"
sh=BC00DB2ACD10DDDFA4F0F2A01F397F9BF136B44A ft=0 fh=0000000000000000 vn="a variant of MSIL/Injector.ARM trojan (deleted - quarantined)" ac=C fn="D:\ShareCash Downloader.rar"
sh=A3062B05695FE2C3601547F4BE745A470AE69C4D ft=1 fh=ccd5c38379ec2c63 vn="a variant of Win32/Adware.iBryte.D application (cleaned by deleting - quarantined)" ac=C fn="D:\Downloads\Setup (1).exe"
sh=D0FADBD32A9DBBEA4CB5295DDA7F1A39D72F3672 ft=1 fh=42d8309fc5dabf7b vn="a variant of Win32/Adware.iBryte.D application (cleaned by deleting - quarantined)" ac=C fn="D:\Downloads\Setup (2).exe"
sh=261625334F176E9FB2A036E7404DEB78DE022C3C ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="D:\Downloads\Tools.zip"
sh=9E1C4FEAA02AD7897668D29A120F20E8AA04E395 ft=0 fh=0000000000000000 vn="a variant of MSIL/Injector.ARM trojan (deleted - quarantined)" ac=C fn="D:\Downloads\Update 2.0.1.rar"
sh=0466916B549312604E906B3E6567DD2CD3F7099F ft=1 fh=11bb9cb432fd7c55 vn="a variant of MSIL/PSW.Agent.NFX trojan (cleaned by deleting - quarantined)" ac=C fn="D:\MineCraft Admin Giver\MineCraft Server Admin Giver\bin\Debug\MineCraft Server Admin Giver.exe"
sh=0466916B549312604E906B3E6567DD2CD3F7099F ft=1 fh=11bb9cb432fd7c55 vn="a variant of MSIL/PSW.Agent.NFX trojan (cleaned by deleting - quarantined)" ac=C fn="D:\MineCraft Admin Giver\MineCraft Server Admin Giver\bin\Debug\app.publish\Application Files\MineCraft Server Admin Giver_1_0_0_0\MineCraft Server Admin Giver.exe.deploy"
sh=0466916B549312604E906B3E6567DD2CD3F7099F ft=1 fh=11bb9cb432fd7c55 vn="a variant of MSIL/PSW.Agent.NFX trojan (cleaned by deleting - quarantined)" ac=C fn="D:\MineCraft Admin Giver\MineCraft Server Admin Giver\obj\x86\Debug\MineCraft Server Admin Giver.exe"
 
C:\Users\Jonathan\Downloads\Tools (1).zip multiple threats deleted - quarantined
D:\MineCraft Admin Giver.rar a variant of MSIL/PSW.Agent.NFX trojan deleted - quarantined
D:\ShareCash Downloader.rar a variant of MSIL/Injector.ARM trojan deleted - quarantined
D:\Downloads\Setup (1).exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
D:\Downloads\Setup (2).exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
D:\Downloads\Tools.zip multiple threats deleted - quarantined
D:\Downloads\Update 2.0.1.rar a variant of MSIL/Injector.ARM trojan deleted - quarantined
D:\MineCraft Admin Giver\MineCraft Server Admin Giver\bin\Debug\MineCraft Server Admin Giver.exe a variant of MSIL/PSW.Agent.NFX trojan cleaned by deleting - quarantined
D:\MineCraft Admin Giver\MineCraft Server Admin Giver\bin\Debug\app.publish\Application Files\MineCraft Server Admin Giver_1_0_0_0\MineCraft Server Admin Giver.exe.deploy a variant of MSIL/PSW.Agent.NFX trojan cleaned by deleting - quarantined
D:\MineCraft Admin Giver\MineCraft Server Admin Giver\obj\x86\Debug\MineCraft Server Admin Giver.exe a variant of MSIL/PSW.Agent.NFX trojan cleaned by deleting - quarantined


#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:06 AM

Posted 08 June 2013 - 07:53 PM

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :OTL
    @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0CFF5F08
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9AFE.tmp
    MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9A9E.tmp
    MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9A5E.tmp
    MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9A1D.tmp
    MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM99BE.tmp
    MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM997D.tmp
    MOD - [2013/06/08 10:07:53 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM991E.tmp
    MOD - [2013/06/08 10:07:53 | 000,086,016 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9BE2.tmp
    MOD - [2013/06/08 10:07:53 | 000,086,016 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9BC1.tmp
    MOD - [2013/06/08 10:07:53 | 000,086,016 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9BA0.tmp
    MOD - [2013/06/08 10:07:53 | 000,086,016 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9B6F.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM98FC.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM984F.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM97A1.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9751.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9720.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM96E0.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM96A0.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM966F.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM963E.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM95FE.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM95AE.tmp
    MOD - [2013/06/08 10:07:52 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM953E.tmp
    MOD - [2013/06/08 10:07:51 | 000,120,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM94BF.tmp
    MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM92E6.tmp
    MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM92C5.tmp
    MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9292.tmp
    MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9252.tmp
    MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9231.tmp
    MOD - [2013/06/08 10:07:51 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9133.tmp
    MOD - [2013/06/08 10:07:51 | 000,072,704 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM940B.tmp
    MOD - [2013/06/08 10:07:51 | 000,072,192 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM945D.tmp
    MOD - [2013/06/08 10:07:51 | 000,072,192 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM943C.tmp
    MOD - [2013/06/08 10:07:51 | 000,072,192 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM93F9.tmp
    MOD - [2013/06/08 10:07:51 | 000,064,000 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9396.tmp
    MOD - [2013/06/08 10:07:51 | 000,057,344 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM93D8.tmp
    MOD - [2013/06/08 10:07:51 | 000,056,832 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9200.tmp
    MOD - [2013/06/08 10:07:51 | 000,056,320 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM92A4.tmp
    MOD - [2013/06/08 10:07:51 | 000,053,760 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM93B7.tmp
    MOD - [2013/06/08 10:07:51 | 000,053,760 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9346.tmp
    MOD - [2013/06/08 10:07:51 | 000,033,792 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\YTMP7MC8AA\TAA949D.tmp
    MOD - [2013/06/08 10:07:50 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9102.tmp
    MOD - [2013/06/08 10:07:50 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM90C2.tmp
    MOD - [2013/06/08 10:07:50 | 000,075,776 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM8FA1.tmp
    MOD - [2013/06/08 10:07:50 | 000,068,608 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9081.tmp
    MOD - [2013/06/08 10:07:50 | 000,056,320 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9010.tmp
    MOD - [2013/06/08 10:07:50 | 000,055,296 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\XTMP1MC3VE\DEM9031.tmp
    MOD - [2013/06/08 10:07:47 | 001,071,104 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\is-QM877.tmp\Cracked Steam.tmp
    MOD - [2013/06/08 10:07:46 | 001,175,040 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._core_.pyd
    MOD - [2013/06/08 10:07:46 | 001,153,024 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_ssl.pyd
    MOD - [2013/06/08 10:07:46 | 001,062,400 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._controls_.pyd
    MOD - [2013/06/08 10:07:46 | 001,022,416 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\windows._cacheinvalidation.pyd
    MOD - [2013/06/08 10:07:46 | 000,811,008 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._windows_.pyd
    MOD - [2013/06/08 10:07:46 | 000,805,888 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._gdi_.pyd
    MOD - [2013/06/08 10:07:46 | 000,735,232 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._misc_.pyd
    MOD - [2013/06/08 10:07:46 | 000,711,680 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_hashlib.pyd
    MOD - [2013/06/08 10:07:46 | 000,686,080 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\unicodedata.pyd
    MOD - [2013/06/08 10:07:46 | 000,557,056 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\pysqlite2._sqlite.pyd
    MOD - [2013/06/08 10:07:46 | 000,364,544 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\pythoncom27.dll
    MOD - [2013/06/08 10:07:46 | 000,320,512 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32com.shell.shell.pyd
    MOD - [2013/06/08 10:07:46 | 000,128,512 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_elementtree.pyd
    MOD - [2013/06/08 10:07:46 | 000,127,488 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\pyexpat.pyd
    MOD - [2013/06/08 10:07:46 | 000,122,368 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._wizard.pyd
    MOD - [2013/06/08 10:07:46 | 000,119,808 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32file.pyd
    MOD - [2013/06/08 10:07:46 | 000,110,080 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\PyWinTypes27.dll
    MOD - [2013/06/08 10:07:46 | 000,108,544 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32security.pyd
    MOD - [2013/06/08 10:07:46 | 000,098,816 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32api.pyd
    MOD - [2013/06/08 10:07:46 | 000,087,040 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_ctypes.pyd
    MOD - [2013/06/08 10:07:46 | 000,070,656 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\wx._html2.pyd
    MOD - [2013/06/08 10:07:46 | 000,044,032 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_socket.pyd
    MOD - [2013/06/08 10:07:46 | 000,038,912 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32inet.pyd
    MOD - [2013/06/08 10:07:46 | 000,035,840 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32process.pyd
    MOD - [2013/06/08 10:07:46 | 000,026,624 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\_multiprocessing.pyd
    MOD - [2013/06/08 10:07:46 | 000,025,600 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32pdh.pyd
    MOD - [2013/06/08 10:07:46 | 000,022,528 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32ts.pyd
    MOD - [2013/06/08 10:07:46 | 000,018,432 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32event.pyd
    MOD - [2013/06/08 10:07:46 | 000,017,408 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32profile.pyd
    MOD - [2013/06/08 10:07:46 | 000,011,264 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\win32crypt.pyd
    MOD - [2013/06/08 10:07:46 | 000,010,240 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\Temp\_MEI32282\select.pyd
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

 



#9 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 09 June 2013 - 03:15 PM

Here's OTL's log
 
All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
ADS C:\ProgramData\TEMP:0CFF5F08 deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully.
C:\Windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP folder deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 295015 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7330396 bytes
->Flash cache emptied: 43028 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 63949927 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 43766 bytes
 
User: Jonathan
->Temp folder emptied: 52451247 bytes
->Temporary Internet Files folder emptied: 257403187 bytes
->Java cache emptied: 21466824 bytes
->Google Chrome cache emptied: 221367908 bytes
->Flash cache emptied: 81109 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 858737 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321377 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 637.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: Guest
->Java cache emptied: 0 bytes
 
User: Jonathan
->Java cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Guest
->Flash cache emptied: 0 bytes
 
User: Jonathan
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06092013_154917
 
Files\Folders moved on Reboot...
C:\Users\Jonathan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jonathan\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully.
File move failed. C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-4632.log moved successfully.
File move failed. C:\Windows\temp\HideMyIpSRV.log scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:06 AM

Posted 09 June 2013 - 05:53 PM

Looks good. Before we move on, are there any further issues? Please let me know.

 

-------------------

 

Please take the time to install the following updates. Program updates are a critical way to keep your computer safe, as outdated applications leave you vulnerable to malware.

 

-------

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

 

-------

 

Upgrade Java : (64 bits)

  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

 

-------

 

Please let me know how the program updates went, as unsuccesful updates may be due to malware.



#11 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 09 June 2013 - 07:36 PM

I have 2 different versions of java on the C and D drive. One is a version of Java 6 and another is a version of java 7. If I use java's auto-update it won't update.



#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:06 AM

Posted 09 June 2013 - 09:17 PM

Go ahead and uninstall both versions, then download the latest one from the link I provided.



#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:06 AM

Posted 03 July 2013 - 10:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users