Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what type of malware, Windows 7, HELP


  • This topic is locked This topic is locked
14 replies to this topic

#1 pillowcookie

pillowcookie

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 07 June 2013 - 04:15 PM

i'm not sure what kind of malware is on my computer, but i think it's a R.A.T, or KeyLogger, please help, here is the log from hijack this, please help, i will go through any measures to get my computer back to normal

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:56:59 PM, on 6/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\ryan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Users\ryan\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\ryan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\ryan\Desktop\Programs\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=1958dffa5034468a988d5ca7f6ef5074&tu=10G9000762B000v&sku=&tstsId=&ver=&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [Adobe] C:\Users\ryan\AppData\Roaming\Adobe\color.vbe
O4 - HKLM\..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r download /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\ryan\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\ryan\AppData\Roaming\Yontoo\YontooDesktop.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BGAntiphishingIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 12495 bytes
 

 



BC AdBot (Login to Remove)

 


#2 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 08 June 2013 - 08:12 AM

Hi and Welcome!! pillowcookie :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

==============================

Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.
=============================== Next =======================================


Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
On your next reply please post :
  • OTL.txt
  • Extras.txt
  • aswMBR log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#3 pillowcookie

pillowcookie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 08 June 2013 - 04:54 PM

Ok, thank you for your quick reply, i wasn't expecting it, i'm glad you're here to help, i ran OTL here is the OTL.txt:

OTL logfile created on: 6/7/2013 3:32:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ryan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 5.41 Gb Available Physical Memory | 68.55% Memory free
15.79 Gb Paging File | 13.03 Gb Available in Paging File | 82.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 37.51 Gb Free Space | 25.17% Space Free | Partition Type: NTFS
 
Computer Name: RYAN-LAPTOP | User Name: ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ryan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\ryan\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Users\ryan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3F13.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3E56.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3AD5.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3DD7.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3D77.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM395C.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3709.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM34F5.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM33EA.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM31B6.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM2FE0.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM2DEB.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM2C92.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM2B19.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM29B1.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM2616.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM2450.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM21ED.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM20D3.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM1EED.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM1D65.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM1B12.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM195B.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM1736.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM128F.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM15CE.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM14C2.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM1210.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM1105.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMFCB.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMAE5.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMDB6.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMBB2.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9DA.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9C6.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9B4.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM762.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9D8.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM664.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM5C6.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM557.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4A9.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM6D3.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3BD.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\YTMP7MC8AA\TAA3BB.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM5F.tmp ()
MOD - C:\Users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMFE5A.tmp ()
MOD - C:\Users\ryan\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (BsUpdate) -- C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe (BullGuard Ltd.)
SRV:64bit: - (BsBhvScan) -- C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe (BullGuard Ltd.)
SRV:64bit: - (BsScanner) -- C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe (BullGuard Ltd.)
SRV:64bit: - (BsFileScan) -- c:\Program Files\BullGuard Ltd\BullGuard Antivirus\BsFileScan.dll (BullGuard Ltd.)
SRV:64bit: - (BsMain) -- C:\Program Files\BullGuard Ltd\BullGuard Antivirus\BsMain.dll (BullGuard Ltd.)
SRV:64bit: - (BsMailProxy) -- c:\Program Files\BullGuard Ltd\BullGuard Antivirus\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (vToolbarUpdater15.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer Inc)
DRV:64bit: - (BdSpy) -- C:\Windows\SysNative\drivers\BdSpy.sys (BullGuard Ltd.)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (Trufos) -- C:\Windows\SysNative\drivers\Trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (BdNet) -- C:\Windows\SysNative\drivers\BdNet.sys (BullGuard Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NovaShieldFilterDriver) -- C:\Windows\SysNative\drivers\NSKernel.sys (NovaShield, Inc.)
DRV:64bit: - (NovaShieldTDIDriver) -- C:\Windows\SysNative\drivers\NSNetmon.sys (NovaShield, Inc.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {DAE184C9-A5D1-45FB-B7E9-EB454362914D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=1958dffa5034468a988d5ca7f6ef5074&tu=10G9000762B000v&sku=&tstsId=&ver=&?
IE - HKCU\..\SearchScopes,DefaultScope = {DAE184C9-A5D1-45FB-B7E9-EB454362914D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{1B2410AF-0D1F-4E2A-AFFA-CF73149483F0}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=1958dffa5034468a988d5ca7f6ef5074&tu=10G9000762B000v&sku=&tstsId=&ver=&&r=11
IE - HKCU\..\SearchScopes\{DAE184C9-A5D1-45FB-B7E9-EB454362914D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN35523984015653125&UM=2&SSPV=TB_C5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: flvto%40hotger.com:1.6.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ryan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\FF\antiphishing@bullguard\ [2013/03/18 19:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/02/23 12:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ryan\AppData\Roaming\Mozilla\Extensions
[2013/05/21 15:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\extensions
[2013/05/21 15:57:36 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/05/20 01:16:05 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\extensions\plugin@yontoo.com
[2013/03/31 13:08:20 | 000,005,886 | ---- | M] () (No name found) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\extensions\flvto@hotger.com.xpi
[2013/04/17 06:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\extensions\hdvc@hdvc.com.xpi
[2013/05/20 01:17:11 | 000,001,005 | ---- | M] () -- C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\searchplugins\conduit.xml
[2013/05/18 22:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/18 22:37:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe (BullGuard Ltd.)
O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Program Files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate2.exe (BullGuard Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe] C:\Users\ryan\AppData\Roaming\Adobe\color.vbe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r download /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\ryan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\ryan\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Users\ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A60287FE-F328-48B6-A0A0-86AE7DEC5DAB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA8017CA-6B45-4DB8-973D-698A225F64D1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard Antivirus\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll) - c:\Program Files\BullGuard Ltd\BullGuard Antivirus\Files32\BgAgent.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{360d1294-c110-11e2-b6a0-14feb5bc5766}\Shell - "" = AutoRun
O33 - MountPoints2\{360d1294-c110-11e2-b6a0-14feb5bc5766}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/01 04:05:55 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\Razer
[2013/06/01 04:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2013/06/01 04:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013/06/01 04:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013/05/31 16:23:39 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\join.me
[2013/05/31 06:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/05/31 06:55:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/28 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\CrashRpt
[2013/05/24 18:41:02 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\Fire Hose Games
[2013/05/24 17:26:14 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\FANiSO
[2013/05/21 17:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2013/05/21 17:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2013/05/20 20:28:36 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\Macroplant_LLC
[2013/05/20 20:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/20 20:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/05/20 20:26:49 | 000,190,480 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll
[2013/05/20 20:26:48 | 000,223,760 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll
[2013/05/20 20:26:48 | 000,158,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll
[2013/05/20 20:26:48 | 000,141,328 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll
[2013/05/20 20:26:05 | 000,352,144 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys
[2013/05/20 20:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
[2013/05/20 20:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iExplorer
[2013/05/20 20:21:03 | 000,000,000 | ---D | C] -- C:\sn0wbreeze
[2013/05/20 20:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2013/05/20 20:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2013/05/20 15:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/20 01:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/05/20 01:17:39 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\Conduit
[2013/05/20 01:16:56 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\SwvUpdater
[2013/05/20 01:16:04 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\Yontoo
[2013/05/20 01:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013/05/20 01:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013/05/20 01:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2013/05/20 01:15:40 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
[2013/05/20 01:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com
[2013/05/19 19:00:19 | 000,000,000 | ---D | C] -- C:\Users\ryan\Desktop\iBooty-for-6.1.3
[2013/05/19 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\redsn0w
[2013/05/18 22:38:10 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\Theta
[2013/05/18 22:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III
[2013/05/18 14:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/05/18 14:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sanctum 2
[2013/05/18 08:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/18 08:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/18 08:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/18 08:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/18 08:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/16 20:17:30 | 000,126,464 | ---- | C] (Razer Inc) -- C:\Windows\SysNative\drivers\rzudd.sys
[2013/05/16 20:14:34 | 000,154,112 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rztouchdll.dll
[2013/05/16 20:14:34 | 000,056,832 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzdevinfo.dll
[2013/05/16 20:14:30 | 000,766,976 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzdevicedll.dll
[2013/05/16 20:14:30 | 000,117,248 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzdisplaydll.dll
[2013/05/16 20:14:28 | 000,296,448 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzaudiodll.dll
[2013/05/16 13:33:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/16 13:33:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/16 13:33:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/16 13:33:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/16 13:33:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/16 13:33:19 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/16 13:33:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/16 13:33:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/16 13:33:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/16 13:33:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/16 13:33:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/16 13:33:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/16 13:33:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/16 13:33:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/16 13:33:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/15 16:12:20 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\Apple Computer
[2013/05/15 16:12:20 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\Apple Computer
[2013/05/15 16:12:14 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/05/15 16:12:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/05/15 16:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/05/15 16:09:44 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\Apple
[2013/05/15 16:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/05/15 16:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/05/15 15:10:58 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 15:10:58 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/15 15:10:44 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 15:10:44 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 15:10:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 15:10:44 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 15:10:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/15 15:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/05/15 15:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/05/15 15:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/05/15 15:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/05/14 19:23:23 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/12 15:24:07 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Local\LogMeIn Hamachi
[2013/05/11 23:33:57 | 000,000,000 | R--D | C] -- C:\Users\ryan\Documents\Ubisoft
[2013/05/11 23:25:35 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/05/11 23:25:05 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2013/05/11 17:55:54 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\TEdit
[2013/05/10 11:50:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/05/08 17:21:58 | 000,000,000 | ---D | C] -- C:\Users\ryan\AppData\Roaming\Little Inferno
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/07 15:30:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/07 15:30:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/07 14:25:16 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 14:25:16 | 000,021,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 14:22:11 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/07 14:22:11 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/07 14:22:11 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/07 14:17:42 | 000,000,512 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/06/07 14:17:38 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/06/07 14:15:27 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/07 12:55:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3419904748-1629439109-252542234-1000UA.job
[2013/06/07 00:55:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3419904748-1629439109-252542234-1000Core.job
[2013/06/01 04:21:19 | 000,293,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/01 04:13:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2013/05/21 15:50:39 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/05/20 23:47:59 | 000,000,600 | ---- | M] () -- C:\Users\ryan\AppData\Roaming\winscp.rnd
[2013/05/20 01:18:45 | 000,000,009 | ---- | M] () -- C:\END
[2013/05/16 20:17:30 | 000,126,464 | ---- | M] (Razer Inc) -- C:\Windows\SysNative\drivers\rzudd.sys
[2013/05/16 20:14:34 | 000,154,112 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rztouchdll.dll
[2013/05/16 20:14:34 | 000,056,832 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzdevinfo.dll
[2013/05/16 20:14:30 | 000,766,976 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzdevicedll.dll
[2013/05/16 20:14:30 | 000,117,248 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzdisplaydll.dll
[2013/05/16 20:14:28 | 000,296,448 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzaudiodll.dll
[2013/05/14 20:23:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 20:23:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 20:23:19 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/07 14:17:40 | 000,000,512 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/06/01 04:13:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2013/05/31 16:23:40 | 000,001,019 | ---- | C] () -- C:\Users\ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2013/05/20 20:24:06 | 000,000,600 | ---- | C] () -- C:\Users\ryan\AppData\Roaming\winscp.rnd
[2013/05/20 01:16:58 | 000,000,009 | ---- | C] () -- C:\END
[2013/05/20 01:16:56 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/05/20 01:15:57 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/05/15 16:09:41 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/04/19 21:09:54 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/19 21:09:54 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/04/19 21:09:54 | 000,001,992 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/13 10:36:43 | 000,000,043 | ---- | C] () -- C:\Users\ryan\jagex_cl_oldschool_LIVE.dat
[2013/03/14 16:31:01 | 000,000,043 | ---- | C] () -- C:\Users\ryan\jagex_cl_runescape_LIVE.dat
[2013/03/14 16:31:01 | 000,000,024 | ---- | C] () -- C:\Users\ryan\random.dat
[2013/02/24 21:07:27 | 000,000,907 | ---- | C] () -- C:\Users\ryan\AppData\Local\_settings.ini
[2013/02/23 16:42:53 | 000,703,117 | ---- | C] () -- C:\Users\ryan\AppData\Roaming\technic-launcher.jar
[2013/02/23 13:30:04 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/09 16:21:22 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/08/09 16:21:16 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/08/09 16:21:10 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/09 16:21:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/08/09 16:21:04 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/06/01 23:15:05 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\.minecraft
[2013/04/23 19:40:22 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\.techniclauncher
[2013/03/31 14:33:52 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Audacity
[2013/02/23 19:02:01 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\AVG2013
[2013/03/18 19:56:39 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\BullGuard
[2013/02/25 00:54:44 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\DAEMON Tools Pro
[2013/04/12 11:54:12 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\DriverCure
[2013/04/01 21:51:09 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\EasyDuplicateFinder
[2013/06/05 19:27:24 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\foobar2000
[2013/05/08 19:29:30 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\ftblauncher
[2013/05/08 18:50:48 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Little Inferno
[2013/04/23 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\logs
[2013/02/25 20:06:10 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\LolClient
[2013/03/29 23:41:29 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\ManyCam
[2013/04/22 20:06:48 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Notepad++
[2013/04/12 11:54:12 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\ParetoLogic
[2013/02/24 09:10:57 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\PowerISO
[2013/04/28 13:09:14 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Rainmeter
[2013/05/20 23:20:59 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\redsn0w
[2013/03/27 03:14:37 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Screaming Bee
[2013/03/05 19:47:22 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\SplitMediaLabs
[2013/03/22 21:34:35 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Subversion
[2013/02/23 15:37:48 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\SystemRequirementsLab
[2013/05/12 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\TEdit
[2013/05/18 22:38:10 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Theta
[2013/04/06 23:03:19 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\TS3Client
[2013/02/23 19:01:28 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\TuneUp Software
[2013/05/30 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\uTorrent
[2013/02/18 09:42:02 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\WirelessManager
[2013/06/07 14:18:47 | 000,000,000 | ---D | M] -- C:\Users\ryan\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: EXPLORER.EXE  >
[2009/10/05 23:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/05 23:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/05 23:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/05 22:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9160411AS ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK1655GSX ATA Device
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 141.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Extended Partition
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 8.00GB
Starting Offset: 151564319744
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 149.00GB
Starting Offset: 1048576
Hidden sectors: 0
 

< End of report >
 

 

 

And here is the Extras.txt

 

OTL Extras logfile created on: 6/7/2013 3:32:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ryan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 5.41 Gb Available Physical Memory | 68.55% Memory free
15.79 Gb Paging File | 13.03 Gb Available in Paging File | 82.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 37.51 Gb Free Space | 25.17% Space Free | Partition Type: NTFS
 
Computer Name: RYAN-LAPTOP | User Name: ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001DE8EF-D80B-4CDF-B9E8-70DE0D4902B3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{05DF68CC-F2F6-460B-8129-BF029CFA52BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{17A2AAFE-C5E1-4AA8-BCAD-30200C4DF6F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{252300A3-004D-4F65-9CEE-E720B0F92947}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{368C544E-9958-4C08-8A32-CB9FC97AF94E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{3CB6F78F-C8D1-4C4B-BC96-25C8555753C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{3FC7D0F8-4C5B-48EA-9CCB-3BCE6774F2F9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{481FCB31-2D5C-49D0-8081-A79A0B07F19A}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{49B4AA79-2972-4C53-8DC4-E74AACE44B42}" = protocol=6 | dir=in | app=c:\users\ryan\appdata\roaming\utorrent\utorrent.exe |
"{5A5B776B-C736-4F50-A78A-9F00CA52EDCB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5AB4018D-20DF-48E9-81FE-F7BFEC309D89}" = protocol=17 | dir=in | app=c:\users\ryan\appdata\roaming\utorrent\utorrent.exe |
"{63886BB7-130E-41BB-860C-A63EDE1EA251}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{88D61E6F-920F-4DBD-9589-DC0AD07F52E1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A29108FB-57C0-4420-ABA5-116C6560B68F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A8FFF667-7709-4409-9BB2-1395B97AB5D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A9569420-833C-455C-A3B9-64A0BCDFC38B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C54DC80F-45D5-4C6F-A428-1D7A4E5BED81}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{D32ACF32-86C5-4763-9720-EFA62C9D8DE6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D7987BC7-E729-4AA4-B5E9-88AAFEDA4C9A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DFB0AE85-8390-4765-A4E3-473C12BA3176}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EECD110C-90E8-49D6-93D2-DF5FE162D373}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{FDC814FB-3C5A-42C6-8054-D6D17175B0B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{00433C25-3F6F-4C3E-8B48-86D8E6C718AB}C:\program files (x86)\steam\steamapps\pillowcookie_12\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pillowcookie_12\garrysmod\hl2.exe |
"TCP Query User{711B295F-A666-4F2B-A812-B09B32A96128}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{8C07348D-53D0-42E2-AAFD-11877D898BDA}C:\program files (x86)\steam\steamapps\pillowcookie_12\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pillowcookie_12\counter-strike source\hl2.exe |
"TCP Query User{DFF66472-3B55-487C-9A3C-52B748E563E8}C:\program files (x86)\steam\steamapps\pillowcookie_12\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pillowcookie_12\team fortress 2\hl2.exe |
"UDP Query User{6F1B14AC-447F-4D96-9943-3D44902D3EB7}C:\program files (x86)\steam\steamapps\pillowcookie_12\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pillowcookie_12\team fortress 2\hl2.exe |
"UDP Query User{71BEBD44-DC58-4EDB-A95D-AEE8B44D373C}C:\program files (x86)\steam\steamapps\pillowcookie_12\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pillowcookie_12\garrysmod\hl2.exe |
"UDP Query User{C20C4462-6777-4D85-8330-0C6AB7E85733}C:\program files (x86)\steam\steamapps\pillowcookie_12\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pillowcookie_12\counter-strike source\hl2.exe |
"UDP Query User{F327E2F1-95B3-4426-8A52-AE062EE0C59F}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{119EEB4B-F32F-4D71-B9C0-E42403F91C9A}" = AVG 2013
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B13A3F1-F66A-42FB-9E62-98952D582187}" = TortoiseSVN 1.7.11.23600 (64 bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A9614BE8-EDB6-4151-81F0-DF2B9F4D8ABE}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"BullGuard" = BullGuard Antivirus
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.511066
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.2.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = HDVidCodec
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.5.11.1
"Desura" = Desura
"Dxtory2.0_is1" = Dxtory version 2.0.119
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"foobar2000" = foobar2000 v1.2.4
"Fraps" = Fraps (remove only)
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"ManyCam" = ManyCam 3.1.43
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"Rainmeter" = Rainmeter
"Steam App 218" = Source SDK Base 2007
"Steam App 224780" = Rising Storm Beta
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Uplay" = Uplay
"uTorrent" = µTorrent
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 5.1.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"JoinMe" = join.me
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/7/2013 9:46:25 AM | Computer Name = RYAN-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/7/2013 9:46:25 AM | Computer Name = RYAN-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998
 
Error - 6/7/2013 9:46:25 AM | Computer Name = RYAN-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error - 6/7/2013 9:46:26 AM | Computer Name = RYAN-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/7/2013 9:46:26 AM | Computer Name = RYAN-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1997
 
Error - 6/7/2013 9:46:26 AM | Computer Name = RYAN-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error - 6/7/2013 9:46:27 AM | Computer Name = RYAN-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/7/2013 9:46:27 AM | Computer Name = RYAN-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2995
 
Error - 6/7/2013 9:46:27 AM | Computer Name = RYAN-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2995
 
Error - 6/7/2013 2:51:27 PM | Computer Name = ryan-laptop | Source = Google Update | ID = 20
Description =
 
Error - 6/7/2013 5:12:05 PM | Computer Name = ryan-laptop | Source = Application Hang | ID = 1002
Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1d38    Start
 Time: 01ce63c37202ba4e    Termination Time: 4    Application Path: C:\Riot Games\League
 of Legends\RADS\system\rads_user_kernel.exe    Report Id: dd98048e-cfb6-11e2-9d40-14feb5bc5766

 
 
< End of report >
 



#4 pillowcookie

pillowcookie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 08 June 2013 - 05:58 PM

here is the aswMBR.txt :
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-07 16:23:46
-----------------------------
16:23:46.244    OS Version: Windows x64 6.1.7601 Service Pack 1
16:23:46.244    Number of processors: 8 586 0x2A07
16:23:46.245    ComputerName: RYAN-LAPTOP  UserName: ryan
16:23:47.353    Initialize success
16:25:01.478    AVAST engine defs: 13060801
16:27:07.038    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:27:07.040    Disk 0 Vendor: ST9160411AS HP14 Size: 152627MB BusType: 11
16:27:07.044    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
16:27:07.047    Disk 1 Vendor: TOSHIBA_MK1655GSX FG011C Size: 152627MB BusType: 11
16:27:07.264    Disk 1 MBR read successfully
16:27:07.267    Disk 1 MBR scan
16:27:07.271    Disk 1 Windows 7 default MBR code
16:27:07.279    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152625 MB offset 2048
16:27:07.471    Disk 1 scanning C:\Windows\system32\drivers
16:27:30.594    Service scanning
16:28:16.615    Modules scanning
16:28:16.625    Disk 1 trace - called modules:
16:28:16.669    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:28:16.997    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007e1a060]
16:28:17.001    3 CLASSPNP.SYS[fffff8800195a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b2d060]
16:28:18.096    AVAST engine scan C:\Windows
16:28:24.920    AVAST engine scan C:\Windows\system32
16:32:54.965    AVAST engine scan C:\Windows\system32\drivers
16:33:14.773    AVAST engine scan C:\Users\ryan
16:41:18.839    AVAST engine scan C:\ProgramData
16:42:47.388    Scan finished successfully
16:57:35.505    Disk 1 MBR has been saved successfully to "C:\Users\ryan\Desktop\MBR.dat"
16:57:35.508    The log file has been saved successfully to "C:\Users\ryan\Desktop\aswMBR.txt"

 

while doing this scan, AVG came up and said that "svcHost.exe is a Trojan Downloader" :(



#5 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 09 June 2013 - 02:40 AM

Hi pillowcookie :)

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

Next

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • Next

    AdwCleaner
    • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Next

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next
    • Download RogueKiller and save it to your desktop.
    • Quit all other programs
    • Start RogueKiller.exe
    • Wait until the Prescan has finished ...
    • Click on Scan
      RGKRScan.png
    • Wait for the end of the scan
    • A report will be created on your desktop.
    • Click on the Delete button
      RGKRDelete.png
    • Next click on the ShortcutsFix
      RGKRShortcutsFix.png
    • another report will be created on your desktop.
    Please post: All RKreport.txt text files located on your desktop.

    On your next reply please post :
    • checkup.txt
      • AdwCleaner[S1].txt
        • JRT.txt
          • All RKreport.txt

          Let me know if you have any problems in performing with the steps above or any questions you may have.

          Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#6 pillowcookie

pillowcookie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 09 June 2013 - 11:27 AM

ok here is the Security Check log :

 

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Mozilla Firefox (21.0)
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 BullGuard Ltd BullGuard Antivirus BullGuardBhvScanner.exe  
 BullGuard Ltd BullGuard Antivirus BullGuardScanner.exe  
 BullGuard Ltd BullGuard Antivirus BullGuardUpdate.exe  
 BullGuard Ltd BullGuard Antivirus BullGuard.exe  
 bullguard ltd bullguard antivirus BgWsc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

NOW here is the ADW Cleaner :

# AdwCleaner v2.303 - Logfile created 06/08/2013 at 10:11:32
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ryan - RYAN-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\ryan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\END
File Deleted : C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\extensions\hdvc@hdvc.com.xpi
File Deleted : C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\searchplugins\Conduit.xml
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\HDvidCodec.com
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\ryan\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\ryan\AppData\Local\Conduit
Folder Deleted : C:\Users\ryan\AppData\Local\Discount Buddy
Folder Deleted : C:\Users\ryan\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\ryan\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\ryan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ryan\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\ryan\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Deleted : C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\CT3289847
Folder Deleted : C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\jetpack
Folder Deleted : C:\Users\ryan\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\ryan\AppData\Roaming\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\prefs.js

C:\Users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\user.js ... Deleted !

Deleted : user_pref("CT3289847.installerVersion", "1.4.2.3");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "378ffca9-99b7-4743-a729-5887d618b217");

*************************

AdwCleaner[S1].txt - [11216 octets] - [08/06/2013 10:11:32]

########## EOF - C:\AdwCleaner[S1].txt - [11277 octets] ##########
 

and finally here is JRT :

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by ryan on Sat 06/08/2013 at 10:20:36.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DAE184C9-A5D1-45FB-B7E9-EB454362914D}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\ryan\AppData\Roaming\mozilla\firefox\profiles\9x4e5tzb.default\prefs.js

user_pref("extensions.crossrider.bic", "13d65b41ce86a7e9800ed8f895c7957b");
Emptied folder: C:\Users\ryan\AppData\Roaming\mozilla\firefox\profiles\9x4e5tzb.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/08/2013 at 10:25:01.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#7 pillowcookie

pillowcookie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 09 June 2013 - 11:49 AM

First RKkiller log :

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ryan [Admin rights]
Mode : Scan -- Date : 06/08/2013 10:41:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Users\ryan\AppData\Local\Temp\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\Users\ryan\AppData\Roaming\Adobe\color.vbe) [-] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160411AS ATA Device +++++
--- User ---
[MBR] e57ec02d0557c997f461b94c2a3a23a9
[BSP] eafb1adc0c643369b5e72b164e84caf5 : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 144541 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 296024062 | Size: 8084 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MK1655GSX ATA Device +++++
--- User ---
[MBR] cf45f8908bc0ead845b6b103e5d6787d
[BSP] 91bdc378c511f30efa46e7e6962de23b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06082013_02d1041.txt >>
RKreport[1]_S_06082013_02d1041.txt


 

RKkiller log 2 :

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ryan [Admin rights]
Mode : Remove -- Date : 06/08/2013 10:42:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Users\ryan\AppData\Local\Temp\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\Users\ryan\AppData\Roaming\Adobe\color.vbe) [-] -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160411AS ATA Device +++++
--- User ---
[MBR] e57ec02d0557c997f461b94c2a3a23a9
[BSP] eafb1adc0c643369b5e72b164e84caf5 : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 144541 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 296024062 | Size: 8084 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MK1655GSX ATA Device +++++
--- User ---
[MBR] cf45f8908bc0ead845b6b103e5d6787d
[BSP] 91bdc378c511f30efa46e7e6962de23b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_06082013_02d1042.txt >>
RKreport[1]_S_06082013_02d1041.txt ; RKreport[2]_D_06082013_02d1042.txt


 

RKkiller log 3 :

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ryan [Admin rights]
Mode : Shortcuts HJfix -- Date : 06/08/2013 10:45:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Users\ryan\AppData\Local\Temp\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 8 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 53 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 6 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 128 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\SCDEmu\SCDEmuCd0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_06082013_02d1045.txt >>
RKreport[1]_S_06082013_02d1041.txt ; RKreport[2]_D_06082013_02d1042.txt ; RKreport[3]_SC_06082013_02d1045.txt


 



#8 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 09 June 2013 - 01:11 PM

Hi pillowcookie :)

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#9 pillowcookie

pillowcookie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 09 June 2013 - 11:06 PM

here is the log from combo fix :

ComboFix 13-06-08.02 - ryan 06/08/2013  21:12:15.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.5300 [GMT -7:00]
Running from: c:\users\ryan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9A6A.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9ACA.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9B0A.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9B1C.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9B5C.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9B7D.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9B8F.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9B91.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9BD1.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9C50.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9CC1.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9CD3.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9D33.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9D44.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9DB3.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9DB5.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9DC7.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9DC9.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9DFA.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9E0B.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9E6B.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9E7D.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9F3A.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM9FC9.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA21C.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA375.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA3A6.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA434.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA494.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA4C5.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA553.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA630.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA680.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA6B0.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA700.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA760.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA7CF.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMA938.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMAA72.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMAB2F.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMABFC.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMAC7B.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMAE53.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMAE64.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMAE76.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEMAE88.tmp
c:\users\ryan\AppData\Local\Temp\YTMP7MC8AA\TAA9C52.tmp
c:\users\ryan\AppData\Roaming\technic-launcher.jar
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-09 to 2013-06-09  )))))))))))))))))))))))))))))))
.
.
2013-06-08 17:20 . 2013-06-08 17:20    --------    d-----w-    c:\windows\ERUNT
2013-06-08 17:20 . 2013-06-08 17:20    --------    d-----w-    C:\JRT
2013-06-08 17:12 . 2013-06-08 17:12    121    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-06-01 11:05 . 2013-06-01 11:05    --------    d-----w-    c:\users\ryan\AppData\Local\Razer
2013-06-01 11:04 . 2013-06-01 11:12    --------    d-----w-    c:\program files (x86)\Razer
2013-06-01 11:04 . 2013-06-01 11:04    --------    d-----w-    c:\programdata\Razer
2013-05-31 23:23 . 2013-05-31 23:24    --------    d-----w-    c:\users\ryan\AppData\Local\join.me
2013-05-28 23:15 . 2013-05-28 23:15    --------    d-----w-    c:\users\ryan\AppData\Local\CrashRpt
2013-05-25 01:41 . 2013-05-25 01:41    --------    d-----w-    c:\users\ryan\AppData\Local\Fire Hose Games
2013-05-25 00:26 . 2013-05-25 00:26    --------    d-----w-    c:\users\ryan\AppData\Local\FANiSO
2013-05-22 00:39 . 2013-05-22 00:39    --------    d-----w-    c:\program files (x86)\Common Files\Desura
2013-05-22 00:38 . 2013-05-31 04:04    --------    d-----w-    c:\program files (x86)\Desura
2013-05-21 03:28 . 2013-05-21 03:28    --------    d-----w-    c:\users\ryan\AppData\Local\Macroplant_LLC
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-21 03:27 . 2013-05-21 03:28    --------    d-----w-    c:\program files (x86)\QuickTime
2013-05-21 03:26 . 2012-04-09 23:27    190480    ----a-w-    c:\windows\system32\CbFsMntNtf3.dll
2013-05-21 03:26 . 2012-04-09 23:27    223760    ----a-w-    c:\windows\SysWow64\CbFsNetRdr3.dll
2013-05-21 03:26 . 2012-04-09 23:27    158224    ----a-w-    c:\windows\SysWow64\CbFsMntNtf3.dll
2013-05-21 03:26 . 2012-04-09 23:27    141328    ----a-w-    c:\windows\system32\CbFsNetRdr3.dll
2013-05-21 03:26 . 2012-04-09 23:27    352144    ----a-w-    c:\windows\system32\drivers\cbfs3.sys
2013-05-21 03:25 . 2013-05-21 03:26    --------    d-----w-    c:\program files (x86)\iExplorer
2013-05-21 03:21 . 2013-05-21 03:21    --------    d-----w-    C:\sn0wbreeze
2013-05-21 03:13 . 2013-05-21 03:13    --------    d-----w-    c:\program files (x86)\WinSCP
2013-05-20 08:15 . 2013-05-20 08:19    --------    d-----w-    c:\program files (x86)\ffdshow
2013-05-20 08:15 . 2012-04-09 07:40    79360    ----a-w-    c:\windows\SysWow64\ff_vfw.dll
2013-05-20 01:16 . 2013-05-21 06:20    --------    d-----w-    c:\users\ryan\AppData\Roaming\redsn0w
2013-05-19 05:38 . 2013-05-19 05:38    --------    d-----w-    c:\users\ryan\AppData\Roaming\Theta
2013-05-19 05:37 . 2013-05-19 05:37    262552    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-18 21:49 . 2013-05-18 21:49    --------    d-----w-    c:\programdata\Steam
2013-05-18 21:44 . 2013-05-18 22:48    --------    d-----w-    c:\program files (x86)\Sanctum 2
2013-05-18 15:34 . 2013-05-18 15:34    --------    d-----w-    c:\program files\iPod
2013-05-18 15:34 . 2013-05-18 15:34    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 15:34 . 2013-05-18 15:34    --------    d-----w-    c:\program files\iTunes
2013-05-18 15:34 . 2013-05-18 15:34    --------    d-----w-    c:\program files (x86)\iTunes
2013-05-17 03:17 . 2013-05-17 03:17    126464    ----a-w-    c:\windows\system32\drivers\rzudd.sys
2013-05-17 03:14 . 2013-05-17 03:14    56832    ----a-w-    c:\windows\SysWow64\rzdevinfo.dll
2013-05-17 03:14 . 2013-05-17 03:14    154112    ----a-w-    c:\windows\SysWow64\rztouchdll.dll
2013-05-17 03:14 . 2013-05-17 03:14    766976    ----a-w-    c:\windows\SysWow64\rzdevicedll.dll
2013-05-17 03:14 . 2013-05-17 03:14    117248    ----a-w-    c:\windows\SysWow64\rzdisplaydll.dll
2013-05-17 03:14 . 2013-05-17 03:14    296448    ----a-w-    c:\windows\SysWow64\rzaudiodll.dll
2013-05-15 23:12 . 2013-05-15 23:28    --------    d-----w-    c:\users\ryan\AppData\Roaming\Apple Computer
2013-05-15 23:12 . 2013-05-15 23:12    --------    d-----w-    c:\users\ryan\AppData\Local\Apple Computer
2013-05-15 23:12 . 2013-05-15 23:12    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-05-15 23:12 . 2012-08-21 20:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-05-15 23:11 . 2013-05-15 23:11    --------    d-----w-    c:\programdata\Apple Computer
2013-05-15 23:09 . 2013-05-15 23:09    --------    d-----w-    c:\users\ryan\AppData\Local\Apple
2013-05-15 23:09 . 2013-05-15 23:09    --------    d-----w-    c:\program files (x86)\Apple Software Update
2013-05-15 23:08 . 2013-05-15 23:08    --------    d-----w-    c:\program files\Common Files\Apple
2013-05-15 22:03 . 2013-05-15 22:03    --------    d-----w-    c:\program files\Bonjour
2013-05-15 22:03 . 2013-05-15 22:03    --------    d-----w-    c:\program files (x86)\Bonjour
2013-05-15 22:03 . 2013-05-18 15:34    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2013-05-15 22:03 . 2013-05-15 23:09    --------    d-----w-    c:\programdata\Apple
2013-05-15 02:23 . 2013-05-15 03:23    17613192    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-12 22:24 . 2013-06-02 00:17    --------    d-----w-    c:\users\ryan\AppData\Local\LogMeIn Hamachi
2013-05-12 06:25 . 2008-10-15 13:22    519000    ----a-w-    c:\windows\system32\d3dx10_40.dll
2013-05-12 00:55 . 2013-05-13 01:18    --------    d-----w-    c:\users\ryan\AppData\Roaming\TEdit
2013-05-10 18:50 . 2013-05-10 18:52    --------    d-----w-    c:\windows\SysWow64\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 22:50 . 2013-03-26 03:00    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-05-15 03:23 . 2013-02-24 00:38    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 03:23 . 2013-02-24 00:38    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-30 10:05 . 2013-04-30 10:05    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-04-30 10:05 . 2013-04-30 10:05    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-04-30 10:05 . 2013-04-30 10:05    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 10:05 . 2013-04-30 10:05    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 10:05 . 2013-04-30 10:05    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-04-30 10:05 . 2013-04-30 10:05    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-04-30 10:05 . 2013-04-30 10:05    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-04-30 10:05 . 2013-04-30 10:05    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-04-30 10:05 . 2013-04-30 10:05    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-04-30 10:05 . 2013-04-30 10:05    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-04-30 10:05 . 2013-04-30 10:05    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-04-30 10:05 . 2013-04-30 10:05    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 10:05 . 2013-04-30 10:05    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-04-30 10:05 . 2013-04-30 10:05    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-04-30 10:05 . 2013-04-30 10:05    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-04-30 10:05 . 2013-04-30 10:05    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 10:05 . 2013-04-30 10:05    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-04-30 10:05 . 2013-04-30 10:05    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-04-30 10:05 . 2013-04-30 10:05    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-04-30 10:05 . 2013-04-30 10:05    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-04-30 10:05 . 2013-04-30 10:05    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-04-30 10:05 . 2013-04-30 10:05    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-04-30 10:05 . 2013-04-30 10:05    441856    ----a-w-    c:\windows\system32\html.iec
2013-04-30 10:05 . 2013-04-30 10:05    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-04-30 10:05 . 2013-04-30 10:05    235008    ----a-w-    c:\windows\system32\url.dll
2013-04-30 10:05 . 2013-04-30 10:05    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-04-30 10:05 . 2013-04-30 10:05    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-04-30 10:05 . 2013-04-30 10:05    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-04-30 10:05 . 2013-04-30 10:05    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-04-30 10:05 . 2013-04-30 10:05    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-30 10:05 . 2013-04-30 10:05    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-04-30 10:05 . 2013-04-30 10:05    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-04-30 10:05 . 2013-04-30 10:05    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-04-30 10:05 . 2013-04-30 10:05    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-30 10:05 . 2013-04-30 10:05    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-04-30 10:05 . 2013-04-30 10:05    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-04-30 10:05 . 2013-04-30 10:05    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-04-30 10:05 . 2013-04-30 10:05    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-30 10:05 . 2013-04-30 10:05    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 10:05 . 2013-04-30 10:05    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-04-30 10:05 . 2013-04-30 10:05    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-04-30 10:05 . 2013-04-30 10:05    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-04-30 10:05 . 2013-04-30 10:05    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-04-30 10:05 . 2013-04-30 10:05    149504    ----a-w-    c:\windows\system32\occache.dll
2013-04-30 10:05 . 2013-04-30 10:05    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-04-30 10:05 . 2013-04-30 10:05    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-04-30 10:05 . 2013-04-30 10:05    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-30 10:05 . 2013-04-30 10:05    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-04-30 10:05 . 2013-04-30 10:05    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-04-30 10:04 . 2013-04-30 10:04    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-30 10:04 . 2013-04-30 10:04    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-04-30 10:04 . 2013-04-30 10:04    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-04-30 10:04 . 2013-04-30 10:04    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-04-30 10:04 . 2013-04-30 10:04    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-04-30 10:04 . 2013-04-30 10:04    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-04-30 10:04 . 2013-04-30 10:04    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-04-30 10:04 . 2013-04-30 10:04    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-04-30 10:04 . 2013-04-30 10:04    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-04-30 10:04 . 2013-04-30 10:04    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-04-30 10:04 . 2013-04-30 10:04    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-30 10:04 . 2013-04-30 10:04    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-04-30 10:04 . 2013-04-30 10:04    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-04-30 10:04 . 2013-04-30 10:04    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-30 10:04 . 2013-04-30 10:04    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-04-30 10:04 . 2013-04-30 10:04    1504768    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-04-30 10:04 . 2013-04-30 10:04    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-04-30 10:04 . 2013-04-30 10:04    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2013-04-30 10:04 . 2013-04-30 10:04    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-04-30 10:04 . 2013-04-30 10:04    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-04-30 10:04 . 2013-04-30 10:04    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-04-30 10:04 . 2013-04-30 10:04    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-04-30 10:04 . 2013-04-30 10:04    1887232    ----a-w-    c:\windows\system32\d3d11.dll
2013-04-30 10:04 . 2013-04-30 10:04    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-04-30 10:04 . 2013-04-30 10:04    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2013-04-30 10:04 . 2013-04-30 10:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-04-30 10:04 . 2013-04-30 10:04    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-04-30 10:04 . 2013-04-30 10:04    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-04-30 10:04 . 2013-04-30 10:04    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-04-30 10:04 . 2013-04-30 10:04    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 23:27    158224    ----a-w-    c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-23 3093624]
"Facebook Update"="c:\users\ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-10 138096]
"Akamai NetSession Interface"="c:\users\ryan\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2013-02-12 5402960]
"Desura"="c:\program files (x86)\Desura\desura.exe" [2013-05-22 2529096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-01-27 337432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-05-21 609640]
.
c:\users\ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-4-21 36024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys;c:\windows\SYSNATIVE\drivers\BdSpy.sys [x]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys;c:\windows\SYSNATIVE\DRIVERS\NSKernel.sys [x]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys;c:\windows\SYSNATIVE\DRIVERS\NSNetmon.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe [x]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe [x]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BdNet;BdNet;c:\windows\system32\drivers\BdNet.sys;c:\windows\SYSNATIVE\drivers\BdNet.sys [x]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 03:23]
.
2013-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3419904748-1629439109-252542234-1000Core.job
- c:\users\ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10 08:50]
.
2013-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3419904748-1629439109-252542234-1000UA.job
- c:\users\ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10 08:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 23:27    190480    ----a-w-    c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" [2013-04-01 952160]
"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard antivirus\BullGuardUpdate2.exe" [2013-04-01 2531680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll c:\windows\System32\nvinitx.dll c:\progra~1\BULLGU~1\BULLGU~1\BgAgent.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=1958dffa5034468a988d5ca7f6ef5074&tu=10G9000762B000v&sku=&tstsId=&ver=&
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>erride;<local>;<local>;<local>;<local>;<local>;<local>;<local>?????????????????????????????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
Wow6432Node-HKLM-Run-LogMeIn Hamachi Ui - c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{14B04560-A3FA-45D5-A73E-EBD8CF536796} - c:\progra~3\INSTAL~1\{14B04~1\Setup.exe
AddRemove-{31995997-894D-4CA3-AE48-C16FEA7A7B61} - c:\progra~3\INSTAL~1\{31995~1\Setup.exe
AddRemove-{3E3A1315-38FF-4C37-AEDC-70DDE5D931E3} - c:\progra~3\INSTAL~1\{3E3A1~1\Setup.exe
AddRemove-{3F32F4DE-0149-4FF7-AD1C-496BE4D1D628} - c:\progra~3\INSTAL~1\{3F32F~1\Setup.exe
AddRemove-{61AFD406-9A33-4478-A693-D211BA4CF6F0} - c:\progra~3\INSTAL~1\{61AFD~1\Setup.exe
AddRemove-{A89E3FB3-B1EE-4D39-AFD2-F9CC737D1D45} - c:\progra~3\INSTAL~1\{A89E3~1\Setup.exe
AddRemove-{CC80FFAD-2FB0-4655-A4BE-67921763DD5B} - c:\progra~3\INSTAL~1\{CC80F~1\Setup.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-06-08  22:04:14 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-09 05:04
.
Pre-Run: 39,189,630,976 bytes free
Post-Run: 39,275,524,096 bytes free
.
- - End Of File - - 5BC77346BA08F1EDA450555C9ED4C8A1
C06575B18B90345CE86AB291B56DB94D
 



#10 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 10 June 2013 - 10:42 PM

Hi pillowcookie :)


Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
ClearJavaCache

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Next

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=============================== Next =======================================



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png
    Please let me know how your machine is running and if there are any outstanding issues


    On your next reply please post :
  • MBAM log
  • Eset report

  • Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#11 pillowcookie

pillowcookie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 13 June 2013 - 11:31 PM

ok sorry for my delays on this one, but never the less here is the MBAM :

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
ryan :: RYAN-LAPTOP [administrator]

6/12/2013 3:57:05 PM
mbam-log-2013-06-12 (15-57-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243090
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\ryan\Local Settings\Temporary Internet Files\Content.IE5\XFUXNNJ5\svchost[1].exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.

(end)
 

and here is the ESET report.

 

C:\Program Files (x86)\Sanctum 2\Binaries\Win32\steam_api.dll    a variant of Win32/Packed.VMProtect.AAH trojan
C:\Temp\37E8D9.vbe    VBS/Agent.NGJ trojan
C:\Users\ryan\AppData\Roaming\Adobe\color.vbe    VBS/Agent.NGJ trojan
C:\Users\ryan\Desktop\Mods\APB\APB Hack\APB Hack.exe    a variant of MSIL/Hoax.FakeHack.K application
C:\Users\ryan\Desktop\Mods\APB\Newer Hack\APB Hack\APB Hack.exe    a variant of MSIL/Hoax.FakeHack.K application
 



#12 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 14 June 2013 - 04:05 AM

Hi Pillowcookie :)

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
File::
C:\Program Files (x86)\Sanctum 2\Binaries\Win32\steam_api.dll   
C:\Temp\37E8D9.vbe    
C:\Users\ryan\AppData\Roaming\Adobe\color.vbe    
C:\Users\ryan\Desktop\Mods\APB\APB Hack\APB Hack.exe    
C:\Users\ryan\Desktop\Mods\APB\Newer Hack\APB Hack\APB Hack.exe

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Please let me know how your machine is running and if there are any outstanding issues

On your next reply please post combofix log after fix.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#13 pillowcookie

pillowcookie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 15 June 2013 - 12:46 PM

here is the log

 

ComboFix 13-06-08.02 - ryan 06/14/2013   4:02.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.5272 [GMT -7:00]
Running from: c:\users\ryan\Desktop\ComboFix.exe
Command switches used :: c:\users\ryan\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\program files (x86)\Sanctum 2\Binaries\Win32\steam_api.dll"
"c:\temp\37E8D9.vbe"
"c:\users\ryan\AppData\Roaming\Adobe\color.vbe"
"c:\users\ryan\Desktop\Mods\APB\APB Hack\APB Hack.exe"
"c:\users\ryan\Desktop\Mods\APB\Newer Hack\APB Hack\APB Hack.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Sanctum 2\Binaries\Win32\steam_api.dll
c:\temp\37E8D9.vbe
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3E76.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3F04.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM3F44.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM40EC.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM40FD.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM40FF.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4111.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4122.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4124.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4136.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4138.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM414A.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM414C.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM415D.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM415F.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4161.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4173.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4175.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM41F6.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4207.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4228.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM422A.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM42C8.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4329.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM43D7.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4520.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM458F.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM45D0.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM462F.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM47E6.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4827.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4867.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM48E6.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4984.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM49A5.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4A33.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4B10.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4B41.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4B62.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4C9C.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4D49.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4E07.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4F52.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4F64.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4F75.tmp
c:\users\ryan\AppData\Local\Temp\XTMP1MC3VE\DEM4F77.tmp
c:\users\ryan\AppData\Local\Temp\YTMP7MC8AA\TAA41C5.tmp
c:\users\ryan\AppData\Roaming\Adobe\color.vbe
c:\users\ryan\Desktop\Mods\APB\APB Hack\APB Hack.exe
c:\users\ryan\Desktop\Mods\APB\Newer Hack\APB Hack\APB Hack.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-14 to 2013-06-14  )))))))))))))))))))))))))))))))
.
.
2013-06-14 11:22 . 2013-06-14 11:22    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-06-14 11:22 . 2013-06-14 11:22    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2013-06-14 11:22 . 2013-06-14 11:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-12 23:10 . 2013-06-12 23:10    --------    d-----w-    c:\program files (x86)\ESET
2013-06-12 22:56 . 2013-06-12 22:56    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-12 22:56 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-08 17:20 . 2013-06-08 17:20    --------    d-----w-    c:\windows\ERUNT
2013-06-08 17:20 . 2013-06-08 17:20    --------    d-----w-    C:\JRT
2013-06-08 17:12 . 2013-06-08 17:12    121    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-06-01 11:05 . 2013-06-01 11:05    --------    d-----w-    c:\users\ryan\AppData\Local\Razer
2013-06-01 11:04 . 2013-06-01 11:12    --------    d-----w-    c:\program files (x86)\Razer
2013-06-01 11:04 . 2013-06-01 11:04    --------    d-----w-    c:\programdata\Razer
2013-05-31 23:23 . 2013-05-31 23:24    --------    d-----w-    c:\users\ryan\AppData\Local\join.me
2013-05-28 23:15 . 2013-05-28 23:15    --------    d-----w-    c:\users\ryan\AppData\Local\CrashRpt
2013-05-25 01:41 . 2013-05-25 01:41    --------    d-----w-    c:\users\ryan\AppData\Local\Fire Hose Games
2013-05-25 00:26 . 2013-05-25 00:26    --------    d-----w-    c:\users\ryan\AppData\Local\FANiSO
2013-05-22 00:39 . 2013-05-22 00:39    --------    d-----w-    c:\program files (x86)\Common Files\Desura
2013-05-22 00:38 . 2013-05-31 04:04    --------    d-----w-    c:\program files (x86)\Desura
2013-05-21 03:28 . 2013-05-21 03:28    --------    d-----w-    c:\users\ryan\AppData\Local\Macroplant_LLC
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-21 03:28 . 2013-05-21 03:28    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-21 03:27 . 2013-05-21 03:28    --------    d-----w-    c:\program files (x86)\QuickTime
2013-05-21 03:26 . 2012-04-09 23:27    190480    ----a-w-    c:\windows\system32\CbFsMntNtf3.dll
2013-05-21 03:26 . 2012-04-09 23:27    223760    ----a-w-    c:\windows\SysWow64\CbFsNetRdr3.dll
2013-05-21 03:26 . 2012-04-09 23:27    158224    ----a-w-    c:\windows\SysWow64\CbFsMntNtf3.dll
2013-05-21 03:26 . 2012-04-09 23:27    141328    ----a-w-    c:\windows\system32\CbFsNetRdr3.dll
2013-05-21 03:26 . 2012-04-09 23:27    352144    ----a-w-    c:\windows\system32\drivers\cbfs3.sys
2013-05-21 03:25 . 2013-05-21 03:26    --------    d-----w-    c:\program files (x86)\iExplorer
2013-05-21 03:21 . 2013-05-21 03:21    --------    d-----w-    C:\sn0wbreeze
2013-05-21 03:13 . 2013-05-21 03:13    --------    d-----w-    c:\program files (x86)\WinSCP
2013-05-20 08:15 . 2013-05-20 08:19    --------    d-----w-    c:\program files (x86)\ffdshow
2013-05-20 08:15 . 2012-04-09 07:40    79360    ----a-w-    c:\windows\SysWow64\ff_vfw.dll
2013-05-20 01:16 . 2013-05-21 06:20    --------    d-----w-    c:\users\ryan\AppData\Roaming\redsn0w
2013-05-19 05:38 . 2013-05-19 05:38    --------    d-----w-    c:\users\ryan\AppData\Roaming\Theta
2013-05-19 05:37 . 2013-05-19 05:37    262552    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-18 21:49 . 2013-05-18 21:49    --------    d-----w-    c:\programdata\Steam
2013-05-18 21:44 . 2013-05-18 22:48    --------    d-----w-    c:\program files (x86)\Sanctum 2
2013-05-18 15:34 . 2013-05-18 15:34    --------    d-----w-    c:\program files\iPod
2013-05-18 15:34 . 2013-05-18 15:34    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 15:34 . 2013-05-18 15:34    --------    d-----w-    c:\program files\iTunes
2013-05-18 15:34 . 2013-05-18 15:34    --------    d-----w-    c:\program files (x86)\iTunes
2013-05-17 03:17 . 2013-05-17 03:17    126464    ----a-w-    c:\windows\system32\drivers\rzudd.sys
2013-05-17 03:14 . 2013-05-17 03:14    56832    ----a-w-    c:\windows\SysWow64\rzdevinfo.dll
2013-05-17 03:14 . 2013-05-17 03:14    154112    ----a-w-    c:\windows\SysWow64\rztouchdll.dll
2013-05-17 03:14 . 2013-05-17 03:14    766976    ----a-w-    c:\windows\SysWow64\rzdevicedll.dll
2013-05-17 03:14 . 2013-05-17 03:14    117248    ----a-w-    c:\windows\SysWow64\rzdisplaydll.dll
2013-05-17 03:14 . 2013-05-17 03:14    296448    ----a-w-    c:\windows\SysWow64\rzaudiodll.dll
2013-05-15 23:12 . 2013-05-15 23:28    --------    d-----w-    c:\users\ryan\AppData\Roaming\Apple Computer
2013-05-15 23:12 . 2013-05-15 23:12    --------    d-----w-    c:\users\ryan\AppData\Local\Apple Computer
2013-05-15 23:12 . 2013-05-15 23:12    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-05-15 23:12 . 2012-08-21 20:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-05-15 23:11 . 2013-05-15 23:11    --------    d-----w-    c:\programdata\Apple Computer
2013-05-15 23:09 . 2013-05-15 23:09    --------    d-----w-    c:\users\ryan\AppData\Local\Apple
2013-05-15 23:09 . 2013-05-15 23:09    --------    d-----w-    c:\program files (x86)\Apple Software Update
2013-05-15 23:08 . 2013-05-15 23:08    --------    d-----w-    c:\program files\Common Files\Apple
2013-05-15 22:03 . 2013-05-15 22:03    --------    d-----w-    c:\program files\Bonjour
2013-05-15 22:03 . 2013-05-15 22:03    --------    d-----w-    c:\program files (x86)\Bonjour
2013-05-15 22:03 . 2013-05-18 15:34    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2013-05-15 22:03 . 2013-05-15 23:09    --------    d-----w-    c:\programdata\Apple
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 00:05 . 2013-02-24 00:38    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 00:05 . 2013-02-24 00:38    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 00:04 . 2013-05-15 02:23    9089416    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-21 22:50 . 2013-03-26 03:00    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-04-30 10:05 . 2013-04-30 10:05    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-04-30 10:05 . 2013-04-30 10:05    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-04-30 10:05 . 2013-04-30 10:05    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 10:05 . 2013-04-30 10:05    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 10:05 . 2013-04-30 10:05    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-04-30 10:05 . 2013-04-30 10:05    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-04-30 10:05 . 2013-04-30 10:05    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-04-30 10:05 . 2013-04-30 10:05    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-04-30 10:05 . 2013-04-30 10:05    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-04-30 10:05 . 2013-04-30 10:05    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-04-30 10:05 . 2013-04-30 10:05    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-04-30 10:05 . 2013-04-30 10:05    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 10:05 . 2013-04-30 10:05    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-04-30 10:05 . 2013-04-30 10:05    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-04-30 10:05 . 2013-04-30 10:05    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-04-30 10:05 . 2013-04-30 10:05    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 10:05 . 2013-04-30 10:05    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-04-30 10:05 . 2013-04-30 10:05    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-04-30 10:05 . 2013-04-30 10:05    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-04-30 10:05 . 2013-04-30 10:05    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-04-30 10:05 . 2013-04-30 10:05    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-04-30 10:05 . 2013-04-30 10:05    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-04-30 10:05 . 2013-04-30 10:05    441856    ----a-w-    c:\windows\system32\html.iec
2013-04-30 10:05 . 2013-04-30 10:05    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-04-30 10:05 . 2013-04-30 10:05    235008    ----a-w-    c:\windows\system32\url.dll
2013-04-30 10:05 . 2013-04-30 10:05    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-04-30 10:05 . 2013-04-30 10:05    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-04-30 10:05 . 2013-04-30 10:05    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-04-30 10:05 . 2013-04-30 10:05    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-04-30 10:05 . 2013-04-30 10:05    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-30 10:05 . 2013-04-30 10:05    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-04-30 10:05 . 2013-04-30 10:05    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-04-30 10:05 . 2013-04-30 10:05    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-04-30 10:05 . 2013-04-30 10:05    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-30 10:05 . 2013-04-30 10:05    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-04-30 10:05 . 2013-04-30 10:05    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-04-30 10:05 . 2013-04-30 10:05    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-04-30 10:05 . 2013-04-30 10:05    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-30 10:05 . 2013-04-30 10:05    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 10:05 . 2013-04-30 10:05    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-04-30 10:05 . 2013-04-30 10:05    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-04-30 10:05 . 2013-04-30 10:05    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-04-30 10:05 . 2013-04-30 10:05    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-04-30 10:05 . 2013-04-30 10:05    149504    ----a-w-    c:\windows\system32\occache.dll
2013-04-30 10:05 . 2013-04-30 10:05    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-04-30 10:05 . 2013-04-30 10:05    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-04-30 10:05 . 2013-04-30 10:05    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-30 10:05 . 2013-04-30 10:05    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-04-30 10:05 . 2013-04-30 10:05    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-04-30 10:04 . 2013-04-30 10:04    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-30 10:04 . 2013-04-30 10:04    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-04-30 10:04 . 2013-04-30 10:04    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-04-30 10:04 . 2013-04-30 10:04    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 10:04 . 2013-04-30 10:04    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-04-30 10:04 . 2013-04-30 10:04    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-04-30 10:04 . 2013-04-30 10:04    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-04-30 10:04 . 2013-04-30 10:04    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-04-30 10:04 . 2013-04-30 10:04    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-04-30 10:04 . 2013-04-30 10:04    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-04-30 10:04 . 2013-04-30 10:04    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-04-30 10:04 . 2013-04-30 10:04    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-30 10:04 . 2013-04-30 10:04    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-04-30 10:04 . 2013-04-30 10:04    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-04-30 10:04 . 2013-04-30 10:04    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-30 10:04 . 2013-04-30 10:04    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-04-30 10:04 . 2013-04-30 10:04    1504768    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-04-30 10:04 . 2013-04-30 10:04    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-04-30 10:04 . 2013-04-30 10:04    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2013-04-30 10:04 . 2013-04-30 10:04    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-04-30 10:04 . 2013-04-30 10:04    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-04-30 10:04 . 2013-04-30 10:04    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-04-30 10:04 . 2013-04-30 10:04    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-04-30 10:04 . 2013-04-30 10:04    1887232    ----a-w-    c:\windows\system32\d3d11.dll
2013-04-30 10:04 . 2013-04-30 10:04    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-04-30 10:04 . 2013-04-30 10:04    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2013-04-30 10:04 . 2013-04-30 10:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-04-30 10:04 . 2013-04-30 10:04    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-04-30 10:04 . 2013-04-30 10:04    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-04-30 10:04 . 2013-04-30 10:04    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 23:27    158224    ----a-w-    c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-23 3093624]
"Facebook Update"="c:\users\ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-10 138096]
"Akamai NetSession Interface"="c:\users\ryan\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2013-02-12 5402960]
"Desura"="c:\program files (x86)\Desura\desura.exe" [2013-05-22 2529096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-01-27 337432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-05-21 609640]
.
c:\users\ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-4-21 36024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys;c:\windows\SYSNATIVE\drivers\BdSpy.sys [x]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys;c:\windows\SYSNATIVE\DRIVERS\NSKernel.sys [x]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys;c:\windows\SYSNATIVE\DRIVERS\NSNetmon.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe [x]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe [x]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BdNet;BdNet;c:\windows\system32\drivers\BdNet.sys;c:\windows\SYSNATIVE\drivers\BdNet.sys [x]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 00:05]
.
2013-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3419904748-1629439109-252542234-1000Core.job
- c:\users\ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10 08:50]
.
2013-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3419904748-1629439109-252542234-1000UA.job
- c:\users\ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10 08:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 23:27    190480    ----a-w-    c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard Antivirus\bullguard.exe" [2013-04-01 952160]
"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard antivirus\BullGuardUpdate2.exe" [2013-04-01 2531680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll c:\windows\System32\nvinitx.dll c:\progra~1\BULLGU~1\BULLGU~1\BgAgent.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=1958dffa5034468a988d5ca7f6ef5074&tu=10G9000762B000v&sku=&tstsId=&ver=&
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>erride;<local>;<local>;<local>;<local>;<local>;<local>;<local>?????????????????????????????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
Trusted Zone: aeriagames.com
FF - ProfilePath - c:\users\ryan\AppData\Roaming\Mozilla\Firefox\Profiles\9x4e5tzb.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{14B04560-A3FA-45D5-A73E-EBD8CF536796} - c:\progra~3\INSTAL~1\{14B04~1\Setup.exe
AddRemove-{31995997-894D-4CA3-AE48-C16FEA7A7B61} - c:\progra~3\INSTAL~1\{31995~1\Setup.exe
AddRemove-{3E3A1315-38FF-4C37-AEDC-70DDE5D931E3} - c:\progra~3\INSTAL~1\{3E3A1~1\Setup.exe
AddRemove-{3F32F4DE-0149-4FF7-AD1C-496BE4D1D628} - c:\progra~3\INSTAL~1\{3F32F~1\Setup.exe
AddRemove-{61AFD406-9A33-4478-A693-D211BA4CF6F0} - c:\progra~3\INSTAL~1\{61AFD~1\Setup.exe
AddRemove-{A89E3FB3-B1EE-4D39-AFD2-F9CC737D1D45} - c:\progra~3\INSTAL~1\{A89E3~1\Setup.exe
AddRemove-{CC80FFAD-2FB0-4655-A4BE-67921763DD5B} - c:\progra~3\INSTAL~1\{CC80F~1\Setup.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-06-14  11:39:53 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-14 18:39
ComboFix2.txt  2013-06-12 22:45
ComboFix3.txt  2013-06-09 05:04
.
Pre-Run: 37,383,061,504 bytes free
Post-Run: 37,204,860,928 bytes free
.
- - End Of File - - 2C969603524CB4CC3A05B8A48F97C795
C06575B18B90345CE86AB291B56DB94D
 

 

 

my PC seems to be running a bit faster, but i didn't notice it going too slowly before. My desktop loads at least twice as fast.



#14 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 15 June 2013 - 03:27 PM

Hi Pillowcookie :)


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Next

Run OTL
  • Open OTL again and click the Quick Scan button (don't check the boxes beside LOP Check or Purity this time)
  • Post the OTL.txt log it produces in your next reply.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#15 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 20 June 2013 - 02:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users