Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http://search.yahoo.com took over my ie and ff homepage


  • This topic is locked This topic is locked
24 replies to this topic

#1 pappypwnerton76

pappypwnerton76

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 13 November 2013 - 05:57 PM

Hello. search.yahoo has taken over both my ie and ff homepages. I have tried everything I have read in your forums with no luck. I have used adwcleaner, jrt, combofix, hijack this, malwarebytes, avast you name it. I have even tried deleting the registry entries manually. I have posted some logs I figured you may need by browsing forums. please let me know if there is anything else you need.

 

 

# AdwCleaner v3.012 - Report created 11/11/2013 at 16:24:10
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : PappyRig - PAPPYRIG-PC
# Running from : C:\Users\PappyRig\Desktop\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\PappyRig\AppData\Roaming\Mozilla\Firefox\Profiles\ih86u7q1.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9162 octets] - [09/11/2013 02:38:21]
AdwCleaner[R1].txt - [1277 octets] - [09/11/2013 02:45:24]
AdwCleaner[R2].txt - [1213 octets] - [09/11/2013 02:57:43]
AdwCleaner[R3].txt - [1208 octets] - [09/11/2013 03:01:23]
AdwCleaner[R4].txt - [1329 octets] - [09/11/2013 03:06:56]
AdwCleaner[R5].txt - [414 octets] - [09/11/2013 14:08:44]
AdwCleaner[R6].txt - [1620 octets] - [09/11/2013 14:10:02]
AdwCleaner[R7].txt - [1628 octets] - [09/11/2013 14:44:38]
AdwCleaner[R8].txt - [1748 octets] - [11/11/2013 16:11:35]
AdwCleaner[R9].txt - [1308 octets] - [11/11/2013 16:24:10]
AdwCleaner[S0].txt - [8670 octets] - [09/11/2013 02:40:49]
AdwCleaner[S1].txt - [1276 octets] - [09/11/2013 02:58:13]
AdwCleaner[S2].txt - [1270 octets] - [09/11/2013 03:01:56]
AdwCleaner[S3].txt - [1390 octets] - [09/11/2013 03:07:42]
AdwCleaner[S4].txt - [1683 octets] - [09/11/2013 14:10:35]
AdwCleaner[S5].txt - [1689 octets] - [09/11/2013 14:45:07]
AdwCleaner[S6].txt - [1809 octets] - [11/11/2013 16:13:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [1788 octets] ##########
# AdwCleaner v3.012 - Report created 13/11/2013 at 18:03:06
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : PappyRig - PAPPYRIG-PC
# Running from : C:\Users\PappyRig\Desktop\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\PappyRig\AppData\Roaming\Mozilla\Firefox\Profiles\2oy90swn.default-1384376318846\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9162 octets] - [09/11/2013 02:38:21]
AdwCleaner[R10].txt - [1990 octets] - [12/11/2013 14:44:02]
AdwCleaner[R1].txt - [1277 octets] - [09/11/2013 02:45:24]
AdwCleaner[R2].txt - [1213 octets] - [09/11/2013 02:57:43]
AdwCleaner[R3].txt - [1208 octets] - [09/11/2013 03:01:23]
AdwCleaner[R4].txt - [1329 octets] - [09/11/2013 03:06:56]
AdwCleaner[R5].txt - [414 octets] - [09/11/2013 14:08:44]
AdwCleaner[R6].txt - [1620 octets] - [09/11/2013 14:10:02]
AdwCleaner[R7].txt - [1628 octets] - [09/11/2013 14:44:38]
AdwCleaner[R8].txt - [3738 octets] - [11/11/2013 16:11:35]
AdwCleaner[R9].txt - [3252 octets] - [11/11/2013 16:24:10]
AdwCleaner[S0].txt - [8670 octets] - [09/11/2013 02:40:49]
AdwCleaner[S1].txt - [1276 octets] - [09/11/2013 02:58:13]
AdwCleaner[S2].txt - [1270 octets] - [09/11/2013 03:01:56]
AdwCleaner[S3].txt - [1390 octets] - [09/11/2013 03:07:42]
AdwCleaner[S4].txt - [1683 octets] - [09/11/2013 14:10:35]
AdwCleaner[S5].txt - [1689 octets] - [09/11/2013 14:45:07]
AdwCleaner[S6].txt - [3800 octets] - [11/11/2013 16:13:36]
AdwCleaner[S7].txt - [1929 octets] - [11/11/2013 16:24:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [3792 octets] ##########
 


Edited by pappypwnerton76, 13 November 2013 - 06:22 PM.


BC AdBot (Login to Remove)

 


#2 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 13 November 2013 - 06:11 PM

RogueKiller V8.7.7 [Nov 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : PappyRig [Admin rights]
Mode : Remove -- Date : 11/13/2013 15:27:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ADATA SSD S510 120GB ATA Device +++++
--- User ---
[MBR] 6e5fae142cb19925c3bbe04c9a806c25
[BSP] 1ce5b520d4c55b0ca66fb87da99db71c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) MARVELL Raid VD 0 SCSI Disk Device +++++
--- User ---
[MBR] abc8fee3c2c957e7417fa0aa09894383
[BSP] f0d02e5405ab163ab53275b760ca60fe : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1906685 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Multi Flash Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_11132013_152748.txt >>
RKreport[0]_S_11132013_152722.txt
 


Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by PappyRig on Mon 11/11/2013 at 15:31:46.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C5B25635-FC4B-4BAB-AC36-6A1218C490B7}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/11/2013 at 15:40:04.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#3 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 13 November 2013 - 06:13 PM

PRC - [2009/10/05 13:01:30 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
PRC - [2009/04/08 19:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2007/02/28 16:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/11/01 00:50:29 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/25 20:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/19 11:46:28 | 000,062,976 | ---- | M] () -- D:\Origin\tufao.dll
MOD - [2013/09/25 09:44:32 | 000,283,032 | ---- | M] () -- C:\Program Files (x86)\Battlelog Web Plugins\launcher-119.dll
MOD - [2013/09/11 18:06:56 | 000,048,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2013/07/17 19:28:14 | 000,627,016 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
MOD - [2013/05/15 11:49:16 | 000,587,776 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
MOD - [2013/05/15 11:49:02 | 000,216,064 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll
MOD - [2013/05/15 11:49:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll
MOD - [2013/05/15 11:49:00 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
MOD - [2013/05/15 11:48:52 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
MOD - [2011/12/16 16:17:00 | 000,246,272 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2011/08/17 14:45:34 | 000,074,240 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/11/12 17:15:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/04 13:23:20 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/07/04 21:03:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/02/22 14:26:12 | 000,492,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2013/11/13 15:31:05 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)
SRV - [2013/10/28 02:48:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/25 20:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/25 12:07:00 | 000,878,368 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/10/08 20:06:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/15 02:34:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/08/25 17:23:41 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/08/25 13:52:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/08/22 14:37:02 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/19 15:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/05 13:01:30 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/08 19:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/12 17:05:46 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/11/04 13:23:21 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/11/04 13:23:21 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/04 13:23:21 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/11/04 13:23:21 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/11/01 00:50:29 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/01 00:50:29 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/01 00:50:29 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/24 14:55:23 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CD7.sys -- (SaiK0CD7)
DRV:64bit: - [2013/10/24 14:55:23 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CD7.sys -- (SaiU0CD7)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/17 15:59:47 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/09/17 15:59:47 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/20 06:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 06:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/18 03:22:36 | 000,872,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/06/16 07:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/05/22 17:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/04/30 11:55:32 | 000,052,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2013/04/30 11:55:32 | 000,025,120 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 14:27:02 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
DRV:64bit: - [2012/02/22 14:27:02 | 000,031,336 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Edge7x64.sys -- (BfEdge7x64)
DRV:64bit: - [2011/11/11 02:20:46 | 000,027,440 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011/11/11 02:20:44 | 000,316,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/07/15 11:15:02 | 000,023,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UHSfiltv.sys -- (UHSfiltv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/19 01:26:06 | 000,293,928 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009/11/18 06:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/08/03 10:12:00 | 001,289,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2013/07/17 19:28:12 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)
DRV - [2010/10/22 09:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2879088868-1364959740-3223249506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-2879088868-1364959740-3223249506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2879088868-1364959740-3223249506-1000\..\SearchScopes,DefaultScope = {C5B25635-FC4B-4BAB-AC36-6A1218C490B7}
IE - HKU\S-1-5-21-2879088868-1364959740-3223249506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2879088868-1364959740-3223249506-1000\..\SearchScopes\{C5B25635-FC4B-4BAB-AC36-6A1218C490B7}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN42168869413035716&UM=2
IE - HKU\S-1-5-21-2879088868-1364959740-3223249506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PappyRig\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/12 17:05:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/11/09 14:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PappyRig\AppData\Roaming\Mozilla\Extensions
[2013/11/09 14:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/09 14:58:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: No name found = C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: No name found = C:\Users\PappyRig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/13 16:14:14 | 000,038,222 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.icksor.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
O1 - Hosts: 628 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2879088868-1364959740-3223249506-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2879088868-1364959740-3223249506-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2879088868-1364959740-3223249506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F4E9C7F-B34E-4900-B3AB-AE151A414E6C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F4E9C7F-B34E-4900-B3AB-AE151A414E6C}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/11 17:42:20 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/13 15:50:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/11/13 15:48:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/13 15:43:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/13 15:43:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/13 15:43:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/13 15:42:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/13 15:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/11/12 17:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/11/12 17:05:46 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2013/11/12 16:41:38 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\TeamSpeak 3 Client
[2013/11/12 15:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/11/11 20:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/11/11 20:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/11/11 20:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/11/11 16:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/11/11 16:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/11/11 16:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/11/11 16:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/11 15:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/11 15:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/11 15:27:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/10 12:39:21 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\Documents\dragoon
[2013/11/10 12:10:10 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\SCE
[2013/11/09 23:50:28 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\Yahoo!
[2013/11/09 14:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/11/09 14:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/09 14:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/11/09 14:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/09 13:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/11/09 13:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/09 13:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/09 13:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/09 13:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/09 13:01:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/09 11:58:02 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\Desktop\7 Days to Die
[2013/11/09 03:07:45 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\CrashDumps
[2013/11/09 02:48:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/09 02:38:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/08 17:40:15 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\SmartTechnology
[2013/11/08 17:25:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SmartTechnology Profiles
[2013/11/08 17:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
[2013/11/08 17:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartTechnology
[2013/11/08 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTechnology
[2013/11/07 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\NVIDIA
[2013/11/07 19:15:36 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\Introversion
[2013/11/07 17:20:31 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\Documents\Stronghold 3
[2013/11/04 23:50:05 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\ESN Sonar
[2013/11/04 13:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013/11/04 13:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2013/11/04 13:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
[2013/11/03 18:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/11/03 18:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013/11/01 13:14:06 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\SplitMediaLabs
[2013/11/01 13:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/11/01 13:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2013/11/01 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs
[2013/11/01 07:48:57 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\Documents\Rockstar Games
[2013/11/01 07:46:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013/11/01 07:31:24 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\AVAST Software
[2013/11/01 00:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/01 00:48:43 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/10/29 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\Documents\1C SoftClub
[2013/10/28 18:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Globalscape
[2013/10/28 18:18:59 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\Globalscape
[2013/10/28 02:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
[2013/10/25 12:25:31 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\DCS
[2013/10/25 12:25:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/10/25 09:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/10/24 22:34:01 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\Kalypso Media
[2013/10/24 14:55:23 | 000,180,544 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiK0CD7.sys
[2013/10/24 14:55:23 | 000,047,168 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiU0CD7.sys
[2013/10/24 14:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/10/24 14:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
[2013/10/20 11:53:07 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\PAYDAY 2
[2013/10/18 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\Documents\StarCraft II
[2013/10/18 13:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2013/10/18 13:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/10/18 13:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013/10/18 13:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/10/15 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/10/15 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\Verizon_AR
[2013/10/15 15:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2013/10/15 15:22:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2013/10/15 15:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SIX Networks
[2013/10/15 15:20:20 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\SIX Networks
[2013/10/15 15:20:19 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Local\SIX Networks
[2013/10/15 11:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013/10/15 11:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/10/15 11:35:10 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/10/15 11:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/10/15 11:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/10/15 11:34:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Verizon2.0_Log
[2013/10/15 11:34:10 | 000,000,000 | ---D | C] -- C:\Users\PappyRig\AppData\Roaming\VERIZON
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\PappyRig\AppData\Local\*.tmp files -> C:\Users\PappyRig\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/13 18:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 16:39:28 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/13 16:26:43 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013/11/13 16:21:49 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 16:21:49 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 16:20:36 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/13 16:20:36 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/13 16:20:36 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/13 16:14:48 | 000,034,496 | ---- | M] () -- C:\Windows\za_mv_raid.ev
[2013/11/13 16:14:48 | 000,000,096 | ---- | M] () -- C:\Windows\za_mv_seqnum.ev
[2013/11/13 16:14:45 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2013/11/13 16:14:16 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2013/11/13 16:14:14 | 000,038,222 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/13 16:14:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/13 16:14:05 | 4271,472,638 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 15:34:32 | 1053,286,007 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/13 08:04:31 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/11/13 07:25:35 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2013/11/12 17:15:27 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 17:15:25 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/12 17:05:48 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/12 17:05:46 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2013/11/12 17:00:31 | 000,348,563 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 17_00_31.612002.dmp
[2013/11/12 16:45:37 | 000,340,560 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_45_37.610868.dmp
[2013/11/12 16:45:12 | 000,340,560 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_45_12.017404.dmp
[2013/11/12 16:44:05 | 000,333,992 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_44_05.621606.dmp
[2013/11/12 16:43:49 | 000,335,832 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_43_49.364676.dmp
[2013/11/12 16:43:43 | 000,340,560 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_43_43.380334.dmp
[2013/11/12 16:41:48 | 000,000,000 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_41_48.228748.dmp
[2013/11/12 16:41:47 | 000,352,515 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_41_47.897729.dmp
[2013/11/12 16:28:49 | 000,352,095 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_28_49.700789.dmp
[2013/11/12 16:24:16 | 000,352,095 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_24_16.902097.dmp
[2013/11/12 16:18:47 | 000,336,154 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_18_47.337247.dmp
[2013/11/12 16:14:57 | 000,340,170 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_14_57.386095.dmp
[2013/11/12 16:14:11 | 000,340,170 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_14_11.548473.dmp
[2013/11/12 16:13:49 | 000,338,834 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_13_49.381205.dmp
[2013/11/12 16:13:31 | 000,340,170 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_13_31.709194.dmp
[2013/11/12 16:11:58 | 000,330,714 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_11_57.960832.dmp
[2013/11/12 16:11:47 | 000,352,095 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_11_47.334224.dmp
[2013/11/12 16:04:18 | 000,352,095 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_04_18.370534.dmp
[2013/11/12 15:27:57 | 000,340,170 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 15_27_56.891437.dmp
[2013/11/12 15:27:20 | 000,335,442 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 15_27_20.709367.dmp
[2013/11/12 15:26:52 | 000,340,170 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 15_26_52.809771.dmp
[2013/11/12 15:26:12 | 000,353,815 | ---- | M] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 15_26_12.679476.dmp
[2013/11/11 17:42:20 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/11/11 15:28:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/11 15:16:23 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/11/09 14:58:51 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/04 13:34:06 | 000,001,058 | ---- | M] () -- C:\Users\PappyRig\Desktop\DaRT - Shortcut.lnk
[2013/11/04 13:23:21 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/04 13:23:21 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/04 13:23:21 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/04 13:23:21 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/04 13:23:21 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/04 13:23:21 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/03 18:28:30 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/11/01 13:13:57 | 000,000,452 | ---- | M] () -- C:\Users\Public\Desktop\XSplit Broadcaster.lnk
[2013/11/01 13:13:57 | 000,000,452 | ---- | M] () -- C:\Users\PappyRig\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2013/11/01 00:50:29 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/01 00:50:29 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/01 00:50:29 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/01 00:49:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/30 16:19:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013/10/29 18:27:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/28 02:48:55 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2013/10/28 02:48:55 | 000,000,691 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/10/28 02:48:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/10/24 14:55:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0CD7_01009.Wdf
[2013/10/24 14:55:23 | 000,180,544 | ---- | M] (Saitek) -- C:\Windows\SysNative\drivers\SaiK0CD7.sys
[2013/10/24 14:55:23 | 000,047,168 | ---- | M] (Saitek) -- C:\Windows\SysNative\drivers\SaiU0CD7.sys
[2013/10/24 14:54:49 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/10/23 05:30:23 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/23 03:20:03 | 003,426,956 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/10/18 13:15:01 | 000,000,624 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013/10/15 16:31:10 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/15 15:22:31 | 000,002,237 | ---- | M] () -- C:\Users\PappyRig\Desktop\Play withSIX.lnk
[2013/10/15 11:39:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\PappyRig\AppData\Local\*.tmp files -> C:\Users\PappyRig\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/13 15:43:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/13 15:43:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/13 15:43:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/13 15:43:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/13 15:43:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/13 15:34:32 | 1053,286,007 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/12 17:15:27 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 17:15:25 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/12 17:00:31 | 000,348,563 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 17_00_31.612002.dmp
[2013/11/12 16:45:37 | 000,340,560 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_45_37.610868.dmp
[2013/11/12 16:45:12 | 000,340,560 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_45_12.017404.dmp
[2013/11/12 16:44:05 | 000,333,992 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_44_05.621606.dmp
[2013/11/12 16:43:49 | 000,335,832 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_43_49.364676.dmp
[2013/11/12 16:43:43 | 000,340,560 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_43_43.380334.dmp
[2013/11/12 16:41:48 | 000,000,000 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_41_48.228748.dmp
[2013/11/12 16:41:47 | 000,352,515 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_41_47.897729.dmp
[2013/11/12 16:28:49 | 000,352,095 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_28_49.700789.dmp
[2013/11/12 16:24:16 | 000,352,095 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_24_16.902097.dmp
[2013/11/12 16:18:47 | 000,336,154 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_18_47.337247.dmp
[2013/11/12 16:14:57 | 000,340,170 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_14_57.386095.dmp
[2013/11/12 16:14:11 | 000,340,170 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_14_11.548473.dmp
[2013/11/12 16:13:49 | 000,338,834 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_13_49.381205.dmp
[2013/11/12 16:13:31 | 000,340,170 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_13_31.709194.dmp
[2013/11/12 16:11:57 | 000,330,714 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_11_57.960832.dmp
[2013/11/12 16:11:47 | 000,352,095 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_11_47.334224.dmp
[2013/11/12 16:04:18 | 000,352,095 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 16_04_18.370534.dmp
[2013/11/12 15:27:56 | 000,340,170 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 15_27_56.891437.dmp
[2013/11/12 15:27:20 | 000,335,442 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 15_27_20.709367.dmp
[2013/11/12 15:26:52 | 000,340,170 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 15_26_52.809771.dmp
[2013/11/12 15:26:12 | 000,353,815 | ---- | C] () -- C:\Users\PappyRig\Documents\ts3_clientui-win64-1382530211-2013-11-12 15_26_12.679476.dmp
[2013/11/11 17:42:20 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/11/11 15:28:27 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/11 15:28:23 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/09 14:58:51 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/09 14:58:51 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/04 13:23:33 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2013/11/02 11:20:13 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2013/11/01 13:13:57 | 000,000,452 | ---- | C] () -- C:\Users\Public\Desktop\XSplit Broadcaster.lnk
[2013/11/01 13:13:57 | 000,000,452 | ---- | C] () -- C:\Users\PappyRig\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2013/10/30 16:19:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013/10/29 18:27:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/28 16:21:55 | 003,426,956 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/10/28 16:20:44 | 000,023,287 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/28 02:48:55 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2013/10/28 02:48:55 | 000,000,691 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/10/24 14:55:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0CD7_01009.Wdf
[2013/10/24 14:54:49 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/10/24 14:54:49 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/10/24 14:54:46 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Driver Booster Update.job
[2013/10/18 13:14:59 | 000,000,624 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013/10/15 15:22:31 | 000,002,237 | ---- | C] () -- C:\Users\PappyRig\Desktop\Play withSIX.lnk
[2013/10/15 11:39:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/10/09 18:14:47 | 000,000,000 | ---- | C] () -- C:\Users\PappyRig\AppData\Local\{52C28FA1-5C76-4DA6-BA13-93644F5BB921}
[2013/10/09 18:01:35 | 000,000,000 | ---- | C] () -- C:\Users\PappyRig\AppData\Local\{C9E15053-8249-4AB4-B3B5-EEC727595065}
[2013/09/16 13:58:26 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/09/16 13:58:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/09/15 12:55:42 | 000,003,584 | ---- | C] () -- C:\Users\PappyRig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/25 15:36:53 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/25 15:03:41 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2013/08/25 15:03:41 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2013/08/25 15:03:41 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2013/08/25 13:52:21 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2013/08/25 13:18:14 | 000,003,118 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2013/08/25 13:17:19 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/08/25 13:17:19 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/08/25 13:11:57 | 000,000,008 | ---- | C] () -- C:\Windows\mvraidver.dat
[2013/03/07 15:24:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/03/07 15:24:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/03/07 15:24:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/03/07 15:24:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/09/28 14:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/14 15:58:14 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\ArmA 2 RCon
[2013/11/01 07:31:24 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\AVAST Software
[2013/10/28 18:18:59 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Globalscape
[2013/11/04 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\IObit
[2013/10/24 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Kalypso Media
[2013/09/29 21:14:53 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Mumble
[2013/09/14 21:14:13 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\OBS
[2013/08/28 21:44:40 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Origin
[2013/09/01 11:49:33 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Play withSIX
[2013/09/29 17:08:14 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Publish Providers
[2013/10/15 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\SIX Networks
[2013/10/19 01:53:17 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Sony
[2013/11/01 13:13:25 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs
[2013/10/28 15:45:59 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\tropico 4
[2013/11/13 17:58:33 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\TS3Client
[2013/09/21 12:26:33 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Unity
[2013/11/12 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< c:\windows\*. /SL >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,544 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/08/25 13:40:37 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\SlimDrivers Startup.job
[2013/08/25 16:40:20 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/10/24 14:54:46 | 000,000,290 | ---- | C] () -- C:\Windows\Tasks\Driver Booster Update.job
 
< c:\windows\*. /RP >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2013/08/25 13:31:59 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Adobe
[2013/09/17 15:54:58 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Apple Computer
[2013/10/14 15:58:14 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\ArmA 2 RCon
[2013/08/25 23:11:09 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\ATI
[2013/11/01 07:31:24 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\AVAST Software
[2013/08/25 13:26:58 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Creative
[2013/10/28 18:18:59 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Globalscape
[2013/08/25 13:06:53 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Identities
[2013/11/04 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\IObit
[2013/10/24 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Kalypso Media
[2013/08/25 15:06:14 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Macromedia
[2013/11/12 17:04:17 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Malwarebytes
[2010/11/21 02:16:41 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Media Center Programs
[2013/11/13 07:40:50 | 000,000,000 | --SD | M] -- C:\Users\PappyRig\AppData\Roaming\Microsoft
[2013/11/09 14:59:04 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Mozilla
[2013/09/29 21:14:53 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Mumble
[2013/11/07 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\NVIDIA
[2013/09/14 21:14:13 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\OBS
[2013/08/28 21:44:40 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Origin
[2013/09/01 11:49:33 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Play withSIX
[2013/09/29 17:08:14 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Publish Providers
[2013/09/02 08:46:45 | 000,000,000 | RH-D | M] -- C:\Users\PappyRig\AppData\Roaming\SecuROM
[2013/10/15 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\SIX Networks
[2013/10/19 01:53:17 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Sony
[2013/11/01 13:13:25 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs
[2013/10/28 15:45:59 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\tropico 4
[2013/11/13 17:58:33 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\TS3Client
[2013/09/21 12:26:33 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Unity
[2013/11/12 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\uTorrent
[2013/10/15 17:16:59 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\VERIZON
[2013/10/15 17:01:59 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Verizon_AR
[2013/10/19 02:05:02 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\vlc
[2013/09/08 10:59:33 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\WinRAR
[2013/11/09 23:50:28 | 000,000,000 | ---D | M] -- C:\Users\PappyRig\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2013/11/04 13:23:48 | 000,637,760 | ---- | M] () -- C:\Users\PappyRig\AppData\Roaming\IObit\IObit Uninstaller\UninstallDisplaytemp.exe
[2013/10/25 18:19:54 | 001,814,304 | ---- | M] (IObit) -- C:\Users\PappyRig\AppData\Roaming\IObit\IObit Uninstaller\UninstallPromotetemp.exe
[2013/10/15 11:35:10 | 000,053,248 | R--- | M] (Flexera Software, Inc.) -- C:\Users\PappyRig\AppData\Roaming\Microsoft\Installer\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}\ARPPRODUCTICON.exe
[2013/10/15 11:35:10 | 000,057,344 | R--- | M] (Flexera Software, Inc.) -- C:\Users\PappyRig\AppData\Roaming\Microsoft\Installer\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
[2013/10/15 11:35:10 | 000,057,344 | R--- | M] (Flexera Software, Inc.) -- C:\Users\PappyRig\AppData\Roaming\Microsoft\Installer\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
[2013/10/28 14:17:25 | 000,119,808 | ---- | M] (obsproject.com) -- C:\Users\PappyRig\AppData\Roaming\OBS\updates\updater.exe
[2013/10/11 06:59:31 | 000,316,440 | ---- | M] (SplitmediaLabs Limited) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\encprobe.exe
[2013/03/18 08:57:47 | 000,148,992 | ---- | M] (SplitmediaLabs Limited) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\VHMultiWriterExt.exe
[2013/10/11 06:59:12 | 000,316,952 | ---- | M] (SplitmediaLabs Limited) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\VHMultiWriterExt2.exe
[2013/10/11 06:59:17 | 001,795,096 | ---- | M] (SplitMediaLabs Limited) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\VHScrCapDlg32.exe
[2013/10/11 06:59:14 | 000,032,280 | ---- | M] (SplitMediaLabs) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\XDS.exe
[2013/10/11 06:31:55 | 002,601,288 | ---- | M] (SplitMediaLabs) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\XSplit.Core.exe
[2013/10/11 06:59:22 | 000,114,712 | ---- | M] (SplitmediaLabs Limited) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\XSplitBroadcasterSrc.exe
[2013/10/11 06:59:26 | 000,064,536 | ---- | M] (SplitmediaLabs Limited) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\XSplitCleanUp.exe
[2013/10/11 06:31:55 | 000,036,680 | ---- | M] (SplitMediaLabs) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\XSplitRegSrc.exe
[2013/10/11 06:59:24 | 000,039,448 | ---- | M] (SplitMediaLabs) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\XSplitRegSrc40.exe
[2013/10/11 06:59:27 | 000,026,136 | ---- | M] () -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\XSplitUtils.exe
[2013/10/11 06:59:29 | 000,172,568 | ---- | M] (SplitMediaLabs) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\XSplit_Plugin_Installer.exe
[2013/10/11 06:59:20 | 000,328,216 | ---- | M] (SplitMediaLabs) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\xsplit_updater.exe
[2013/10/11 06:59:18 | 000,043,544 | ---- | M] (SplitMediaLabs) -- C:\Users\PappyRig\AppData\Roaming\SplitMediaLabs\XSplit\install\C577EE3\x64\XGS64.exe
[2013/10/15 17:00:51 | 000,902,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\PappyRig\AppData\Roaming\uTorrent\uTorrent.exe
[2013/09/15 13:11:08 | 001,130,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\PappyRig\AppData\Roaming\uTorrent\updates\3.3.1_30017.exe
[2013/10/15 17:00:51 | 000,902,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\PappyRig\AppData\Roaming\uTorrent\updates\3.3.2_30180.exe
[2013/06/05 00:07:20 | 008,566,096 | R--- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\PappyRig\AppData\Roaming\VERIZON\Bootstrap\Samsung_Mobile_USB_Driver.exe
[2013/05/05 20:17:05 | 000,782,704 | R--- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\PappyRig\AppData\Roaming\VERIZON\Bootstrap\VZW_Software_upgrade_assistant.exe
[2013/09/09 13:17:30 | 000,911,728 | ---- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\PappyRig\AppData\Roaming\VERIZON\SUA_ar\SUA.exe
[2013/08/05 16:13:48 | 025,570,608 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\PappyRig\AppData\Roaming\VERIZON\SUA_ar\SUABnRSetup.exe
[2013/09/06 12:42:12 | 000,695,664 | ---- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\PappyRig\AppData\Roaming\VERIZON\UA_ar\LiveUpdater.exe
[2013/09/06 12:42:08 | 001,766,256 | ---- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\PappyRig\AppData\Roaming\VERIZON\UA_ar\ToolLauncher.exe
[2013/09/06 12:42:10 | 000,871,280 | ---- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\PappyRig\AppData\Roaming\VERIZON\UA_ar\UA.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >

< End of report >
 

 

 

 

 

 

 

OTL Extras logfile created on: 11/11/2013 3:29:18 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PappyRig\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.97 Gb Total Physical Memory | 13.28 Gb Available Physical Memory | 83.12% Memory free
31.94 Gb Paging File | 29.09 Gb Available in Paging File | 91.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 32.97 Gb Free Space | 29.52% Space Free | Partition Type: NTFS
Drive D: | 1862.00 Gb Total Space | 1127.53 Gb Free Space | 60.56% Space Free | Partition Type: NTFS
 
Computer Name: PAPPYRIG-PC | User Name: PappyRig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0178775D-9A98-4FEA-B81C-0696E4F03E8A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\anno 2070\anno5.exe |
"{02C87FF4-F545-44C8-A2BD-A7D22248CD6B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{037171CC-0259-463D-808E-C6DA4BBB5821}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dcsworld\run.exe |
"{03CF420F-D1E0-4A42-A749-0BB050C3C8B6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\soldierfront2\dfubg.exe |
"{03E2C6AC-64E2-4789-BF7E-98E5BD936C89}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{0541B7DC-7F8B-4501-BF5D-512AB9D8C439}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{05B81C1F-7A58-428E-ADBD-412AA34B7F22}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\insurgency2\insurgency.exe |
"{061E3839-03A1-436C-9CA1-E688AF529214}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{0839FCB4-F33A-4E42-8A10-19AD39518458}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\anno 2070\anno5.exe |
"{08F2B06C-4ECD-4234-A7A2-F4332EBBD08D}" = protocol=17 | dir=in | app=d:\origin games\battlefield 4\bf4.exe |
"{0C2C4C40-797B-47B8-A262-CB5230FF84BA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{0CA6B784-268C-432D-BF31-027F17D1E9E4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\age2hd\launcher.exe |
"{0DCAF959-9C28-451A-915E-1FF7A7F74A3F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0E8688B7-79F9-4C48-B1BA-0BD699C34B54}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{0F5D682E-4B0B-4D12-BE55-0288220F0DA4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\railroad tycoon 3\rt3.exe |
"{10DA47D0-C668-4457-8578-859437091170}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\endless space\endlessspace.exe |
"{11A89911-24D1-4432-A60A-8320320B7EF1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dcsworld\run.exe |
"{13D5C440-A875-495C-92E7-3F8F8AED8CC9}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{16B6651F-F339-4DC3-A78D-E4E580A64CCA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{1B8E33D9-8861-478C-800F-07333BAAC1E7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{1C2F3A5B-247A-4E17-B586-B17A9CF86868}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{1DDA0D78-B0EE-4B3C-A58A-55997A7338CB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{1F7C91E5-A1C4-43EC-9083-EB3086255305}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{20A16ADB-26FC-40F1-B002-29E31573070F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\contagionbeta\contagion.exe |
"{21C1D192-FE8C-490B-A5EC-1960DF37647B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{23BAF137-3539-4701-BE1E-DC920A24B9A4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{247A3828-C55B-43B7-949B-DC7802659981}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{2BE0E61F-A077-432D-8BA9-2278682381FE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{2C712063-A847-49BC-9F65-B029997E77B9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2E3D1050-C280-4BF6-8087-6E2F921E2B4F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe |
"{2F622D11-3DC2-4F0A-9EC0-C986C5B2C085}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{30134CDB-12EF-4A8A-9BC9-78E3119E0AF0}" = protocol=6 | dir=in | app=c:\users\pappyrig\appdata\roaming\utorrent\utorrent.exe |
"{3106F969-274C-4D21-85F7-7D8DAE3FCF13}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\endless space\endlessspace.exe |
"{322DDB45-BB6D-4A98-A2A3-07FC313E8908}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\aliens colonial marines\binaries\win32\acm.exe |
"{32718766-93E7-4ED5-8065-38011FD5918B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\redorchestra2beta\binaries\win32\rogame.exe |
"{32DCA21D-B2CF-49CC-996B-A39A92207C9E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{3944FE8A-B02F-40DE-BFB4-6EC0A55BFDA7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{3A3AC56C-26E1-4C3B-92A4-9F7D2CB0BDDA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\contagionbeta\contagion.exe |
"{3E3EC5A5-732B-47C5-A2E6-8E2A20125476}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{3EF85A0F-20AE-481F-8C03-C04AA8A9472C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2.exe |
"{41F12D63-B3A6-4077-A55B-3D6545809A05}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{42CAF0D4-0EAB-4862-81B2-5A4EDE282148}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{48B4CFCD-8E4D-4A6D-A668-B644EE5B8511}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{49C33B65-8C7D-4916-89F6-7F49F99B1B41}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4A494C3B-1223-44CE-9DDD-187D0EBE9BB1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{4AAB6BF6-D276-4E93-BB02-6F74B8B90442}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\nza\bin\nza.exe |
"{4B86F0DD-43DA-41CA-9AC4-318A7F1347F5}" = protocol=17 | dir=in | app=d:\origin games\battlefield 4\bf4_x86.exe |
"{4C12867A-7E53-40DB-BCF3-B1F5AC62D62F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\il-2 sturmovik cliffs of dover\launcher.exe |
"{4DB7EE0E-615E-44CF-A82B-892E25967A8D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{4F06A521-6808-4F67-BF6A-5FCBD5FAD43A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cities xl platinum\citiesxl_platinum.exe |
"{4F984054-73DA-4945-8C5E-0B708BBA9C4D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{523756A9-210C-416D-848A-E80EDF5B566F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\kerbal space program\ksp.exe |
"{5496ED34-60C8-408C-979A-6DC51BA7B697}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{55117114-3593-4EAE-BF11-7A38D16CF0FF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dragon's prophet\launchpad.exe |
"{55A50DA1-BDA7-43E0-A00A-029AE9BCEE12}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\farming simulator 2013\farmingsimulator2013game.exe |
"{587F9029-0D6C-4B0E-8F47-3099711C1698}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{58A61E5D-4F37-4649-AB43-76981F369956}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{5952EB66-C18B-4EEE-BAD9-7F2E05A60108}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2server.exe |
"{5971359C-E85B-46D1-ADDF-8F59D4EEBF2D}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{5A09F88B-4865-4609-B8F8-37EADA1CFB8E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5B4A4766-A417-4D53-8C77-B56E85EFE8BF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arsenal of democracy\aodgame.exe |
"{5D1E3F84-713D-47D5-ADD4-ACC52835C9F2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{5F4F6DE7-492F-4C4F-BDE6-4EEF7F7AC9F6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\redorchestra2beta\binaries\win32\rogame.exe |
"{607D003F-26FD-4862-8B10-E7110CCC9C45}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{675B170D-C0B5-4E1F-A17C-13EF884582CD}" = protocol=6 | dir=in | app=d:\origin games\battlefield 4\bf4.exe |
"{67FC8D4E-8101-4887-8FD1-469597C4B121}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{688DBF7C-0576-41B6-ABDA-1D457D102BDD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\railroad tycoon 3\rt3.exe |
"{6A01FA0C-73CF-4684-80D9-97D2A9010F4A}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{6BCBCE37-6124-468D-9B08-45E5ACB0923D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{6BD85E5D-35A6-41FC-889E-8E16BFFC53BD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{6DF75551-4DEF-4418-BF3D-DE94F8CCBA5B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\men of war condemned heroes\condemnedheroeseditor.exe |
"{70953AEE-2045-4045-83D4-D9EB44F0F79A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dragon's prophet\launchpad.exe |
"{7456C0DE-7E5A-4977-8303-AF05F498CEE6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{76FE58B0-15E3-47D9-87B9-D8695AEDEE21}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{77102859-3EE4-40E8-BF2E-0E15EF1F6D73}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{780A2617-21A4-49D7-AA62-74EC03A1CB0A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{7A5AFD3C-756D-4C08-8606-10DA29BDEC71}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{7AD197B6-D92B-4C14-8B6A-538BFDC0C65B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\nza\bin\nza.exe |
"{8045A860-6FA3-4AEF-9427-C71C2911C941}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\men of war condemned heroes\condemnedheroes.exe |
"{80D815BA-FF4A-4BDE-9E8A-0EC7B5662311}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{81790277-BCC3-4127-8695-3E51A4FD9002}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{82608A10-5431-4E67-A6D7-BBA5809B872E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe |
"{82CF0B7A-25E8-4886-89EF-402F867C9C62}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{835EE3BF-A396-4F09-A633-28462605C567}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\men of war condemned heroes\condemnedheroes.exe |
"{85EBCF80-BBA2-425C-8D03-9D03D34862C6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{888DF08F-9B89-4411-954B-5AC3161409F2}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{8B1711F5-5891-450F-BDCD-13B829787224}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\portal 2\portal2.exe |
"{8EF19549-12E2-4C8A-93CD-D56AACF4E3D7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\marchofwar\game.exe |
"{90EBCC2F-1BB3-45A7-A222-4DD87ACC8385}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2server.exe |
"{923A6BD8-CB4F-4C49-A80B-6075623EF0DA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\microsoft flight\flight.exe |
"{944D8ABE-7752-46D0-997D-ACE466A24476}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{96D20C93-9B65-4989-B557-69B6652E680A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{9A5D6EC6-7C04-40B7-9BBF-204127EAFEA5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\wargame european escalation\wargame.exe |
"{9B00D798-82FE-4E60-99B7-AD95D07D6C42}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{9EBE4578-AFF0-40FB-A62F-67D1C94C66C5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\age2hd\launcher.exe |
"{9FC22AEE-EFB1-423B-9DFF-E7C0E9266C22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{A3280331-5332-4040-B291-23DEB030FDE6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\marchofwar\game.exe |
"{A37206F2-1921-498E-B1B7-7F64CA46B7D1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{A47F95A2-8288-4CC5-93DD-E911E5BC598D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\garrysmod\hl2.exe |
"{A70A03B1-7F75-4255-9D10-888525E7437A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\men of war condemned heroes\condemnedheroeseditor.exe |
"{AA35EA07-0681-4F5D-AC70-E24B4E54A56D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{AB2658E4-D911-48AF-98B7-24DB52AEFF3E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe |
"{AF58A5C8-E7BB-4455-98E0-6EA27A318D91}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe |
"{B2025787-E1F2-422A-AE41-4F7B192A2D6C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2.exe |
"{B3150E6D-690F-4735-909E-F9C2D89A6E68}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{B35FEA94-B278-448C-ACA9-2DC1F0AB1AF2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{B4648662-3251-4FBF-BF3C-B45D30C49481}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\war thunder\launcher.exe |
"{B4EBE10E-D163-491F-9EDB-44541F2DFC98}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B67E7093-BA03-40EF-8544-98FC14CC9342}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\microsoft flight\flight.exe |
"{B7EDB291-9B1E-4150-8D85-E9A79F1F7E92}" = protocol=6 | dir=in | app=d:\origin games\battlefield 3\bf3.exe |
"{BA080A3C-2312-4324-85C1-77BC93F81B84}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CA479FE5-7B58-454B-B724-75FB8042B959}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{CAD8C137-874D-4E40-9ADD-BD7C50CEDF09}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cities xl platinum\citiesxl_platinum.exe |
"{CCFC3FA2-CC79-4D55-9365-B348F2687F01}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\war thunder\launcher.exe |
"{D073D8CC-040A-422A-88D9-9E08D57B521E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\kerbal space program\ksp.exe |
"{D24667AB-F55C-429E-B162-BCF1B53A2D40}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{D26498F9-701B-43AC-81D8-2A45BEB9E4F9}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\portal 2\portal2.exe |
"{D300AF61-BE07-4F81-A0B7-214222A32739}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\garrysmod\hl2.exe |
"{D3235728-2595-4576-ADDB-7B801E762BEF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{D9F6C6FC-0733-4C63-81B6-AE04A43BD4B7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{DB05FA60-17F3-4B5F-98C5-0C78EAB9FB2F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DBB53062-E365-4C02-8951-A3E2CA169BB1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{DF575BB3-A380-4A0F-9501-0D7CA952CF0A}" = protocol=17 | dir=in | app=d:\origin games\battlefield 3\bf3.exe |
"{DFF9B7E7-8F0F-4BC2-8054-4FEDED6552BD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{E175A1A5-5C1C-43AC-AFAA-0B3E00BD94A5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\wargame european escalation\wargame.exe |
"{E2F4B13D-9730-4A49-82F0-1A4C2F6B0E46}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\soldierfront2\dfubg.exe |
"{E336F976-D714-4424-82B6-76CF86E68D7D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arsenal of democracy\aodgame.exe |
"{E3A9C95F-4D97-450C-9A81-5918AEA37450}" = protocol=6 | dir=in | app=d:\origin games\battlefield 4\bf4_x86.exe |
"{E4004F4D-3EFE-4E77-AC06-236C682E0874}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{E4162C57-051C-4C47-9586-E2178BABF21B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{E520CD86-B5D2-4ADE-B3C5-3EA100106937}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe |
"{E52178FE-9619-4404-ADB1-7953CDD18D8A}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{E58860D7-AC96-4F81-8231-641D1BF29F6B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{E5E0B7D7-5701-4FAB-9D47-7B40452BAD66}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\aliens colonial marines\binaries\win32\acm.exe |
"{E5E4B848-39AD-4C8F-A0B6-9DA32DF4CCCD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\il-2 sturmovik cliffs of dover\launcher.exe |
"{E7DBC9E1-BBD8-457B-BF6B-DE26516173ED}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{E8F56970-8673-4F21-941E-584AF1D57836}" = protocol=17 | dir=in | app=c:\users\pappyrig\appdata\roaming\utorrent\utorrent.exe |
"{E94A9DA7-D491-4F10-9AA2-CE6A295432E0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\insurgency2\insurgency.exe |
"{EA617CF3-973E-4922-B9CD-A8EBA2470492}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tropico 4\tropico4.exe |
"{EAAD85D3-C6CF-4AA8-A280-571FB29402DA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{EC5DE30C-65C8-4173-A476-58E6CBFC7085}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{F27DE25F-9C25-4522-8A4A-285582F942F1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{F42E6FE6-E698-4921-9DF7-91EDB973AE2B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{F754C4EF-7ADE-4708-8F8A-7D33D4B740AC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{FAA99054-FBFA-4CC9-8952-E8473A91889F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{FAD0A98A-0AA5-4768-BA58-526117456538}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\farming simulator 2013\farmingsimulator2013game.exe |
"{FD280604-EE82-419A-BD12-AEBAFD813FE1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{FD653238-F982-4720-8EBE-EF17FCF9C1DD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"TCP Query User{42A3FEA9-2B72-4964-B0C1-A6CCCA0D8BB6}C:\users\pappyrig\desktop\7 days to die\7daystodie.exe" = protocol=6 | dir=in | app=c:\users\pappyrig\desktop\7 days to die\7daystodie.exe |
"TCP Query User{5C12D6AE-70A3-4AEE-8A2A-EDE300D44F10}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"TCP Query User{61ABEE7F-D21A-4287-A173-4B79CDB828F1}D:\steam\steamapps\common\dragon's prophet\dp_x64.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dragon's prophet\dp_x64.exe |
"TCP Query User{A0A20E87-284D-4FB5-BDD8-CB12A53A1A7C}C:\users\pappyrig\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\pappyrig\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{D76469B8-987F-45F1-81A4-A2DB6173A76A}D:\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base26490\sc2.exe |
"TCP Query User{EEACDC21-038D-4E2B-A062-BC48EF4198CB}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{1D263D40-10C5-4BC9-AC64-4290BAEF2A49}C:\users\pappyrig\desktop\7 days to die\7daystodie.exe" = protocol=17 | dir=in | app=c:\users\pappyrig\desktop\7 days to die\7daystodie.exe |
"UDP Query User{1EDF113E-A88C-48CF-977C-6C73FF5B33E5}D:\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base26490\sc2.exe |
"UDP Query User{29D98B4A-6080-47E7-9E7B-A546E29B8188}D:\steam\steamapps\common\dragon's prophet\dp_x64.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dragon's prophet\dp_x64.exe |
"UDP Query User{300928CE-BF84-4F52-8577-A8C4344AE136}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"UDP Query User{3980BE55-0298-4CA4-8D46-A2A05008FB99}C:\users\pappyrig\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\pappyrig\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{FD53434E-3C05-45B8-9C81-D60D7EE8C2F8}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BFD590F-1D73-3533-E734-FDDAC3746E4A}" = AMD Catalyst Install Manager
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8A7F3358-7674-7E89-3943-919184538E74}" = ccc-utility64
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}" = Smart Technology Programming Software 7.0.27.13
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D83BBC38-9E48-2F40-8A4F-89169A4A228E}" = AMD Fuel
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 5.00 (64-bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FE1293-2D39-2D58-B63A-16EAFDFB9577}" = CCC Help Thai
"{08B61676-BF12-0E38-1A29-2396AA947D62}" = CCC Help Portuguese
"{0D35BE01-3653-6004-3F98-38C8447CA23D}" = Catalyst Control Center
"{12408350-13EB-20AB-E172-DCA006557179}" = CCC Help Danish
"{16DEF5B9-AD4F-FE37-C651-9E1ED5A9E5BA}" = CCC Help Swedish
"{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"{2669F21C-1763-88A1-8F3D-FE78BAA61B79}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{29E5F74D-27A5-0F9E-B63B-754ED5EF4F9D}" = CCC Help Greek
"{2B15112E-0FEF-42C2-8B36-B76CD995FD47}" = Verizon Wireless Software Utility Application for Android - Samsung
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{36F6E986-D2D1-403C-8BD3-D95EF7BC705D}}_is1" = Live Update 5
"{3FA9A3B6-D416-C2FF-1439-7174765F4836}" = CCC Help Polish
"{48615A7B-F026-4F62-A3F1-49001B8E21CB}" = Overwolf
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC33FAB-4249-44D7-88A3-22682C577EE3}" = XSplit Broadcaster
"{4D5C8AB4-BEF3-321A-A3AE-97240131B5E1}" = CCC Help Turkish
"{50A8402F-E677-558E-688A-8CF360AEEB04}" = CCC Help Spanish
"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio
"{5E2AC86F-FB16-7DF0-673D-00D421743833}" = CCC Help English
"{5F7308C0-56FF-415A-B34C-44A90A892A95}" = Catalyst Control Center - Branding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74019A23-67A9-D934-F3B7-013CCC0E43AA}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7CF4C521-5053-1FB1-7795-70A48BE23AAD}" = CCC Help Chinese Traditional
"{7D75F678-4499-436C-B219-9E6DC24EE82D}" = Verizon Wireless Software Upgrade Assistant - Samsung(ar)
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8367DB86-5A1B-9161-4333-60F514CA5E90}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{92000C16-939B-44CA-802F-0D552019D7C8}" = Sound Blaster Tactic(3D)
"{9529EF9F-808F-C0D9-F9D2-B088F71A8A63}" = CCC Help Norwegian
"{99C28455-E285-4639-B4C6-9F747C0C3D4C}" = DayZ Commander
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C87F5C4-8F76-DCD1-BCC2-B11C6C348506}" = CCC Help Finnish
"{9EF2BAA4-EA06-F010-048B-AD6FF97D67C8}" = CCC Help Chinese Standard
"{9F50A59C-49FE-ADFB-4687-5DC8D0771A18}" = CCC Help Japanese
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A599EC25-D180-845F-DD60-BB5B8421B6B9}" = Catalyst Control Center Localization All
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{B4645975-7C2A-0F70-CD99-ABA64C39972B}" = CCC Help Italian
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C85C9447-61C0-547C-3AC2-1BEEB8B51229}" = CCC Help Russian
"{CAC8BB61-8FE6-79C4-E80F-D37630375B51}" = CCC Help Korean
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D7F3EEAD-183C-47DE-BDC5-593539573F97}" = Play withSIX
"{D955B2AC-1066-54FF-FC8D-40EEF62A4287}" = CCC Help French
"{E0955568-4353-4C85-8988-285A8C0F5E87}" = Mumble 1.2.4
"{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1" = CLICKBIOSII
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FD209318-3C61-1893-E8EC-D75F1508704C}" = CCC Help Czech
"A2ACR Data cache removal" = ARMA 2 Army of The Czech Republic - Data cache removal
"A2BAF Data cache removal" = ARMA 2: British Armed Forces - Data cache removal
"A2PMC Data cache removal" = ARMA 2: Private Military Company - Data cache removal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Driver Booster_is1" = Driver Booster
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxMRU" = Marvell MRU V4
"Open Broadcaster Software" = Open Broadcaster Software
"Origin" = Origin
"PrecisionX" = EVGA Precision X 4.2.1
"PunkBusterSvc" = PunkBuster Services
"RTSS" = RivaTuner Statistics Server 5.2.0
"Smart Defrag 2_is1" = Smart Defrag 2
"StarCraft II" = StarCraft II
"Steam App 218620" = PAYDAY 2
"Steam App 229100" = Dragon's Prophet
"Steam App 238430" = Contagion
"SysInfo" = Creative System Information
"WaveStudio 7" = Creative WaveStudio 7
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-Dragons Prophet" = Dragons Prophet
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/10/2013 4:06:07 AM | Computer Name = PappyRig-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\PappyRig\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/10/2013 7:12:37 AM | Computer Name = PappyRig-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/10/2013 7:13:20 AM | Computer Name = PappyRig-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\PappyRig\downloads\esetsmartinstaller_enu(1).exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/10/2013 7:13:20 AM | Computer Name = PappyRig-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\PappyRig\downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/10/2013 11:09:58 AM | Computer Name = PappyRig-PC | Source = Application Hang | ID = 1002
Description = The program 7DaysToDie.exe version 4.2.0.11237 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 2414    Start
 Time: 01cede1fe5469287    Termination Time: 25    Application Path: C:\Users\PappyRig\Desktop\7
 Days to Die\7DaysToDie.exe    Report Id:   
 
Error - 11/10/2013 6:00:11 PM | Computer Name = PappyRig-PC | Source = Application Error | ID = 1000
Description = Faulting application name: bf4.exe, version: 1.0.0.0, time stamp:
0x526b9042  Faulting module name: bf4.exe, version: 1.0.0.0, time stamp: 0x526b9042
Exception
 code: 0xc0000005  Fault offset: 0x00000000005d6a60  Faulting process id: 0x2f08  Faulting
 application start time: 0x01cede585246d247  Faulting application path: D:\Origin
Games\Battlefield 4\bf4.exe  Faulting module path: D:\Origin Games\Battlefield 4\bf4.exe
Report
 Id: 77b34a1a-4a53-11e3-b2d1-a1702a05c50e
 
Error - 11/10/2013 10:40:06 PM | Computer Name = PappyRig-PC | Source = Application Error | ID = 1000
Description = Faulting application name: bf4.exe, version: 1.0.0.0, time stamp:
0x526b9042  Faulting module name: bf4.exe, version: 1.0.0.0, time stamp: 0x526b9042
Exception
 code: 0xc0000005  Fault offset: 0x0000000000af3158  Faulting process id: 0xf30  Faulting
 application start time: 0x01cede8739e9c92d  Faulting application path: D:\Origin
Games\Battlefield 4\bf4.exe  Faulting module path: D:\Origin Games\Battlefield 4\bf4.exe
Report
 Id: 924b5412-4a7a-11e3-b2d1-a1702a05c50e
 
Error - 11/11/2013 6:58:42 AM | Computer Name = PappyRig-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/11/2013 4:08:48 PM | Computer Name = PappyRig-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
 stamp: 0x4ff4f602  Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
 0x4f55e10b  Exception code: 0xc0000005  Fault offset: 0x00000000000033c1  Faulting process
 id: 0x794  Faulting application start time: 0x01cedd8455c06cbc  Faulting application
 path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe  Faulting module
 path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll  Report Id: 12b8cf45-4b0d-11e3-b2d1-a1702a05c50e
 
Error - 11/11/2013 4:16:24 PM | Computer Name = PappyRig-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 11/9/2013 5:09:42 PM | Computer Name = PappyRig-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the LanmanServer service.
 
Error - 11/9/2013 5:12:06 PM | Computer Name = PappyRig-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the avast! Antivirus service.
 
Error - 11/9/2013 5:12:36 PM | Computer Name = PappyRig-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the LanmanServer service.
 
Error - 11/9/2013 5:20:11 PM | Computer Name = PappyRig-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the avast! Antivirus service.
 
Error - 11/9/2013 5:20:41 PM | Computer Name = PappyRig-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the LanmanServer service.
 
Error - 11/9/2013 5:23:40 PM | Computer Name = PappyRig-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the avast! Antivirus service.
 
Error - 11/9/2013 5:24:36 PM | Computer Name = PappyRig-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR8.
 
Error - 11/9/2013 5:24:43 PM | Computer Name = PappyRig-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the avast! Antivirus service.
 
Error - 11/11/2013 4:05:49 AM | Computer Name = PappyRig-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 11/11/2013 4:08:48 PM | Computer Name = PappyRig-PC | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
 
< End of report >
 


Edited by pappypwnerton76, 13 November 2013 - 06:20 PM.


#4 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 November 2013 - 07:08 PM

What is the usual response time here?



#5 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 17 November 2013 - 10:35 PM

Have I done this correctly its been days without a reponse?



#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 18 November 2013 - 06:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513975 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 19 November 2013 - 12:57 PM

Attached Files



#8 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 19 November 2013 - 12:59 PM

http://search.yahoo.com/?type=198484&fr=spigot-yhp-ff has hijacked both my IE and FF homepages. I have run malwarebytes, adwcleaner, hijack, avast free and rogue killer with no luck. Thank you for your reply and I am requesting assitance in returning my homepage back to defualt for both Internet Explorer and Firefox.

 

I do have my Windows 7 64Bit install disc. Thank you.


Edited by pappypwnerton76, 19 November 2013 - 04:03 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:48 AM

Posted 20 November 2013 - 11:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#10 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 November 2013 - 03:56 PM

ComboFix 13-11-19.01 - PappyRig 11/20/2013  15:47:19.6.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16354.13941 [GMT -5:00]
Running from: c:\users\PappyRig\Desktop\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-20 to 2013-11-20  )))))))))))))))))))))))))))))))
.
.
2013-11-20 20:51 . 2013-11-20 20:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-19 21:05 . 2013-11-14 11:55    955168    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-11-19 21:05 . 2013-11-14 11:55    1064224    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-11-19 21:05 . 2013-11-19 21:05    --------    d-----w-    c:\users\UpdatusUser
2013-11-19 17:48 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{886A2C24-4835-4C22-9F61-D3C1D540E532}\mpengine.dll
2013-11-16 20:36 . 2013-11-16 20:36    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\The Creative Assembly
2013-11-14 23:26 . 2013-11-14 23:30    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\.technic
2013-11-13 20:31 . 2013-11-13 20:31    --------    d-----w-    c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-11-12 22:17 . 2013-10-14 23:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-11-12 22:14 . 2013-11-12 22:14    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-12 22:12 . 2013-10-02 01:10    44544    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2013-11-12 22:09 . 2013-09-25 02:23    1030144    ----a-w-    c:\windows\system32\TSWorkspace.dll
2013-11-12 22:05 . 2013-11-12 22:05    409832    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2013-11-12 21:41 . 2013-11-12 22:05    --------    d-----w-    c:\users\PappyRig\AppData\Local\TeamSpeak 3 Client
2013-11-12 01:59 . 2013-11-13 20:49    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-11-12 01:59 . 2013-11-13 20:49    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-11-12 01:58 . 2013-11-19 17:49    --------    d-----w-    c:\program files (x86)\Microsoft
2013-11-11 21:46 . 2013-11-12 22:04    --------    d-----w-    c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-11 21:19 . 2013-11-11 22:06    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-11-11 21:19 . 2013-11-12 22:04    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-11-11 21:12 . 2013-11-11 21:37    --------    d-----w-    c:\programdata\HitmanPro
2013-11-11 20:27 . 2013-11-11 20:27    --------    d-----w-    C:\_OTL
2013-11-11 13:59 . 2013-11-11 13:59    590112    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-11-10 17:10 . 2013-11-10 17:10    --------    d-----w-    c:\users\PappyRig\AppData\Local\SCE
2013-11-10 04:50 . 2013-11-10 04:50    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\Yahoo!
2013-11-09 19:58 . 2013-11-17 07:33    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-11-09 19:07 . 2013-11-09 19:07    --------    d-----w-    c:\programdata\Oracle
2013-11-09 18:56 . 2013-11-09 18:56    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-11-09 18:56 . 2013-11-09 18:56    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-09 18:56 . 2013-11-09 18:56    --------    d-----w-    c:\program files (x86)\Java
2013-11-09 18:56 . 2013-11-09 18:56    --------    d-----w-    c:\programdata\McAfee
2013-11-09 08:07 . 2013-11-19 22:29    --------    d-----w-    c:\users\PappyRig\AppData\Local\CrashDumps
2013-11-09 07:48 . 2013-11-09 07:48    --------    d-----w-    c:\windows\ERUNT
2013-11-09 07:38 . 2013-11-18 04:56    --------    d-----w-    C:\AdwCleaner
2013-11-08 22:40 . 2013-11-08 22:40    --------    d-----w-    c:\users\PappyRig\AppData\Local\SmartTechnology
2013-11-08 22:25 . 2013-11-08 22:25    --------    d-----w-    c:\programdata\SmartTechnology
2013-11-08 22:25 . 2013-11-08 22:25    --------    d-----w-    c:\program files\SmartTechnology
2013-11-08 00:15 . 2013-11-08 00:15    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\NVIDIA
2013-11-08 00:15 . 2013-11-08 00:15    --------    d-----w-    c:\users\PappyRig\AppData\Local\Introversion
2013-11-07 22:19 . 2010-02-04 15:01    78680    ----a-w-    c:\windows\system32\XAPOFX1_4.dll
2013-11-05 04:50 . 2013-11-05 05:52    --------    d-----w-    c:\users\PappyRig\AppData\Local\ESN Sonar
2013-11-04 18:23 . 2013-11-20 00:36    --------    d-----w-    c:\programdata\ProductData
2013-11-04 18:23 . 2013-11-04 18:23    --------    d-----w-    c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-03 23:28 . 2013-11-03 23:28    --------    d-----w-    c:\program files (x86)\SlimDrivers
2013-11-01 18:14 . 2013-11-01 18:14    --------    d-----w-    c:\users\PappyRig\AppData\Local\SplitMediaLabs
2013-11-01 18:13 . 2013-11-01 18:13    --------    d-----w-    c:\programdata\SplitMediaLabs
2013-11-01 18:13 . 2013-11-01 18:13    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\SplitMediaLabs
2013-11-01 12:46 . 2013-11-01 12:46    --------    d-sh--w-    c:\programdata\SecuROM
2013-11-01 12:31 . 2013-11-01 12:31    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\AVAST Software
2013-11-01 05:48 . 2013-05-22 22:49    32600    ----a-w-    c:\windows\system32\SmartDefragBootTime.exe
2013-10-28 23:19 . 2013-10-28 23:19    --------    d-----w-    c:\programdata\Globalscape
2013-10-28 23:18 . 2013-10-28 23:18    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\Globalscape
2013-10-28 21:21 . 2013-11-11 15:02    6674208    ----a-w-    c:\windows\system32\nvcpl.dll
2013-10-28 21:21 . 2013-11-11 15:02    3490080    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-10-28 21:21 . 2013-11-11 15:01    922912    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-10-28 21:21 . 2013-11-11 15:01    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-10-28 21:21 . 2013-11-11 15:01    219424    ----a-w-    c:\windows\system32\nvmctray.dll
2013-10-28 21:21 . 2013-11-11 15:01    3467927    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-10-28 21:20 . 2013-10-23 10:30    1884448    ----a-w-    c:\windows\system32\nvdispco6433165.dll
2013-10-28 21:20 . 2013-10-23 10:30    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433165.dll
2013-10-28 21:20 . 2013-11-14 11:55    18293608    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-10-28 21:20 . 2013-11-14 11:55    15862272    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-10-28 21:20 . 2013-11-14 11:55    1436528    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-10-28 21:20 . 2013-11-14 11:55    3069608    ----a-w-    c:\windows\system32\nvapi64.dll
2013-10-28 21:20 . 2013-11-14 11:55    2697248    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-10-25 17:25 . 2013-10-25 17:25    --------    d-----w-    c:\users\PappyRig\AppData\Local\DCS
2013-10-25 14:59 . 2013-10-25 14:59    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-10-25 14:58 . 2013-06-16 12:38    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-10-25 14:58 . 2013-06-16 12:38    196384    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-10-25 14:58 . 2013-01-29 08:35    1510176    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2013-10-25 03:34 . 2013-10-25 03:34    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\Kalypso Media
2013-10-24 19:55 . 2013-10-24 19:55    47168    ----a-w-    c:\windows\system32\drivers\SaiU0CD7.sys
2013-10-24 19:55 . 2013-10-24 19:55    180544    ----a-w-    c:\windows\system32\drivers\SaiK0CD7.sys
2013-10-24 19:54 . 2013-05-22 22:49    17720    ----a-w-    c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-20 04:52 . 2013-08-25 18:57    84328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-20 04:52 . 2013-08-25 18:57    65264    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-11-20 04:52 . 2013-08-25 18:57    38984    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-11-20 04:52 . 2013-08-25 18:57    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-11-20 04:52 . 2013-08-25 18:57    1032416    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-20 04:52 . 2013-08-25 18:55    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-20 03:03 . 2013-09-16 18:58    214392    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-11-20 03:00 . 2013-09-16 18:58    214392    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-11-19 17:47 . 2013-08-25 20:05    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-12 22:10 . 2013-08-25 19:05    82896128    ----a-w-    c:\windows\system32\MRT.exe
2013-11-02 16:23 . 2009-08-18 16:49    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-11-02 16:23 . 2009-08-18 15:24    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-11-01 05:50 . 2013-08-25 18:57    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-11-01 05:50 . 2013-08-25 18:57    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-01 05:50 . 2013-08-25 18:57    205320    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-28 07:48 . 2013-09-16 18:58    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-10-15 16:35 . 2013-10-15 16:35    57344    ----a-r-    c:\users\PappyRig\AppData\Roaming\Microsoft\Installer\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-10-15 16:35 . 2013-10-15 16:35    57344    ----a-r-    c:\users\PappyRig\AppData\Roaming\Microsoft\Installer\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-10-15 16:35 . 2013-10-15 16:35    53248    ----a-r-    c:\users\PappyRig\AppData\Roaming\Microsoft\Installer\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}\ARPPRODUCTICON.exe
2013-10-09 23:14 . 2013-10-09 23:14    0    ---ha-w-    c:\users\PappyRig\AppData\Local\BIT6C0B.tmp
2013-10-09 23:01 . 2013-10-09 23:01    0    ---ha-w-    c:\users\PappyRig\AppData\Local\BIT4BCE.tmp
2013-10-09 01:06 . 2013-09-11 18:06    17813896    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-17 20:59 . 2013-09-17 20:59    3174912    ----a-w-    c:\windows\system32\rdpcorets.dll
2013-09-17 20:59 . 2013-09-17 20:59    30208    ----a-w-    c:\windows\system32\drivers\TsUsbGD.sys
2013-09-17 20:59 . 2013-09-17 20:59    243200    ----a-w-    c:\windows\system32\rdpudd.dll
2013-09-17 20:59 . 2013-09-17 20:59    228864    ----a-w-    c:\windows\system32\rdpendp_winip.dll
2013-09-17 20:59 . 2013-09-17 20:59    19456    ----a-w-    c:\windows\system32\drivers\rdpvideominiport.sys
2013-09-17 20:59 . 2013-09-17 20:59    192000    ----a-w-    c:\windows\SysWow64\rdpendp_winip.dll
2013-09-17 20:59 . 2013-09-17 20:59    15360    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2013-09-17 20:57 . 2013-09-17 20:57    514560    ----a-w-    c:\windows\SysWow64\qdvd.dll
2013-09-17 20:57 . 2013-09-17 20:57    366592    ----a-w-    c:\windows\system32\qdvd.dll
2013-09-12 08:58 . 2013-09-08 22:55    2986672    ----a-w-    c:\windows\system32\SET35DA.tmp
2013-09-12 08:58 . 2013-09-08 22:55    15901448    ----a-w-    c:\windows\system32\SET4488.tmp
2013-09-12 08:58 . 2013-09-08 22:55    1412832    ----a-w-    c:\windows\system32\SET42A2.tmp
2013-09-08 02:30 . 2013-10-09 01:40    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 01:40    327168    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 01:40    231424    ----a-w-    c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 01:39    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 01:39    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 01:39    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 01:39    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 01:39    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 01:39    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 01:39    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-09-03 18:35 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-09-02 13:46 . 2013-09-02 13:46    178800    ----a-w-    c:\windows\SysWow64\CmdLineExt_x64.dll
2013-08-29 02:17 . 2013-10-09 01:40    5549504    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 01:40    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 01:40    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 01:40    859648    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 01:40    878080    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 01:40    3969472    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 01:40    3914176    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 01:40    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 01:40    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 01:40    619520    ----a-w-    c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 01:40    640512    ----a-w-    c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 01:40    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 01:40    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 01:40    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 01:40    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 01:40    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 01:40    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 01:40    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2013-08-25 20:22 . 2013-08-25 18:17    466520    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-08-25 20:22 . 2013-08-25 18:17    445016    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-08-25 20:22 . 2013-08-25 18:17    123480    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-08-25 20:22 . 2013-08-25 18:17    109144    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-05 642728]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-20 3568312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe -minimized [2012-2-22 564224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 getbus;getbus;c:\users\PappyRig\AppData\Local\Temp\getbus.sys;c:\users\PappyRig\AppData\Local\Temp\getbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ALSysIO;ALSysIO;c:\users\PappyRig\AppData\Local\Temp\ALSysIO64.sys;c:\users\PappyRig\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys;c:\windows\SYSNATIVE\DRIVERS\Edge7x64.sys [x]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys;c:\windows\SYSNATIVE\DRIVERS\Xeno7x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
S3 SaiK0CD7;SaiK0CD7;c:\windows\system32\DRIVERS\SaiK0CD7.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CD7.sys [x]
S3 SaiU0CD7;SaiU0CD7;c:\windows\system32\DRIVERS\SaiU0CD7.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CD7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 17:47]
.
2013-11-20 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-10-24 15:12]
.
2013-11-19 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 17:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-20 04:52    326944    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-14 1064224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ie
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3F4E9C7F-B34E-4900-B3AB-AE151A414E6C}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\PappyRig\AppData\Roaming\Mozilla\Firefox\Profiles\2oy90swn.default-1384376318846\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF - ExtSQL: 2013-11-12 17:05; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2879088868-1364959740-3223249506-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,5b,f8,ae,c6,cd,93,bc,4d,9f,e4,a4,da,a2,5d,a5,66,0a,7f,36,bf,
   a5,7a,74,2e,ec,b1,9e,d1,92,c4,59,42,8b,ae,15,e5,73,85,bf,3b,ab,ca,79,01,7a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\EVGA Precision X\EVGAPrecision.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
c:\fraps\fraps.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2013-11-20  15:54:22 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-20 20:54
ComboFix2.txt  2013-11-18 05:07
ComboFix3.txt  2013-11-13 20:52
.
Pre-Run: 30,923,665,408 bytes free
Post-Run: 30,842,707,968 bytes free
.
- - End Of File - - 60487584F4FC4076A5DE22437D9E8B31
A36C5E4F47E84449FF07ED3517B43A31
 



#11 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 November 2013 - 03:58 PM

Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:48 AM

Posted 21 November 2013 - 08:36 AM

Open notepad and copy/paste the text in the quote box below into it:
 
DDS::
uStart Page = hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ie

Driver::
HOSTS Anti-PUPs

ClearJavaCache::

Firefox::
FF - ProfilePath - C:\Users\PappyRig\AppData\Roaming\Mozilla\Firefox\Profiles\2oy90swn.default-1384376318846\
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ff
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

Restart the computer normally.

Then post the resultant log.
===

How is it now?

#13 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 21 November 2013 - 01:09 PM

IE seems to have been fixed but FF still shows search.yahoo as my homepage even after I reset it to defualt in options close and reopen. Here are the logs.

 

ComboFix 13-11-19.01 - PappyRig 11/21/2013  12:59:20.7.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16354.13692 [GMT -5:00]
Running from: c:\users\PappyRig\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\users\PappyRig\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HOSTS Anti-PUPs
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-21 to 2013-11-21  )))))))))))))))))))))))))))))))
.
.
2013-11-21 18:03 . 2013-11-21 18:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-19 21:05 . 2013-11-14 11:55    955168    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-11-19 21:05 . 2013-11-14 11:55    1064224    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-11-19 21:05 . 2013-11-19 21:05    --------    d-----w-    c:\users\UpdatusUser
2013-11-19 17:48 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{886A2C24-4835-4C22-9F61-D3C1D540E532}\mpengine.dll
2013-11-16 20:36 . 2013-11-16 20:36    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\The Creative Assembly
2013-11-14 23:26 . 2013-11-14 23:30    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\.technic
2013-11-13 20:31 . 2013-11-13 20:31    --------    d-----w-    c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-11-12 22:17 . 2013-10-14 23:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-11-12 22:14 . 2013-11-12 22:14    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-12 22:12 . 2013-10-02 01:10    44544    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2013-11-12 22:09 . 2013-09-25 02:23    1030144    ----a-w-    c:\windows\system32\TSWorkspace.dll
2013-11-12 22:05 . 2013-11-12 22:05    409832    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2013-11-12 21:41 . 2013-11-12 22:05    --------    d-----w-    c:\users\PappyRig\AppData\Local\TeamSpeak 3 Client
2013-11-12 01:59 . 2013-11-13 20:49    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-11-12 01:59 . 2013-11-13 20:49    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-11-12 01:58 . 2013-11-19 17:49    --------    d-----w-    c:\program files (x86)\Microsoft
2013-11-11 21:46 . 2013-11-12 22:04    --------    d-----w-    c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-11 21:19 . 2013-11-11 22:06    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-11-11 21:19 . 2013-11-12 22:04    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-11-11 21:12 . 2013-11-11 21:37    --------    d-----w-    c:\programdata\HitmanPro
2013-11-11 20:27 . 2013-11-11 20:27    --------    d-----w-    C:\_OTL
2013-11-11 13:59 . 2013-11-11 13:59    590112    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-11-10 17:10 . 2013-11-10 17:10    --------    d-----w-    c:\users\PappyRig\AppData\Local\SCE
2013-11-10 04:50 . 2013-11-10 04:50    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\Yahoo!
2013-11-09 19:58 . 2013-11-17 07:33    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-11-09 19:07 . 2013-11-09 19:07    --------    d-----w-    c:\programdata\Oracle
2013-11-09 18:56 . 2013-11-09 18:56    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-11-09 18:56 . 2013-11-09 18:56    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-09 18:56 . 2013-11-09 18:56    --------    d-----w-    c:\program files (x86)\Java
2013-11-09 18:56 . 2013-11-09 18:56    --------    d-----w-    c:\programdata\McAfee
2013-11-09 08:07 . 2013-11-21 00:44    --------    d-----w-    c:\users\PappyRig\AppData\Local\CrashDumps
2013-11-09 07:48 . 2013-11-09 07:48    --------    d-----w-    c:\windows\ERUNT
2013-11-09 07:38 . 2013-11-18 04:56    --------    d-----w-    C:\AdwCleaner
2013-11-08 22:40 . 2013-11-08 22:40    --------    d-----w-    c:\users\PappyRig\AppData\Local\SmartTechnology
2013-11-08 22:25 . 2013-11-08 22:25    --------    d-----w-    c:\programdata\SmartTechnology
2013-11-08 22:25 . 2013-11-08 22:25    --------    d-----w-    c:\program files\SmartTechnology
2013-11-08 00:15 . 2013-11-08 00:15    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\NVIDIA
2013-11-08 00:15 . 2013-11-08 00:15    --------    d-----w-    c:\users\PappyRig\AppData\Local\Introversion
2013-11-07 22:19 . 2010-02-04 15:01    78680    ----a-w-    c:\windows\system32\XAPOFX1_4.dll
2013-11-05 04:50 . 2013-11-05 05:52    --------    d-----w-    c:\users\PappyRig\AppData\Local\ESN Sonar
2013-11-04 18:23 . 2013-11-20 00:36    --------    d-----w-    c:\programdata\ProductData
2013-11-04 18:23 . 2013-11-04 18:23    --------    d-----w-    c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-03 23:28 . 2013-11-03 23:28    --------    d-----w-    c:\program files (x86)\SlimDrivers
2013-11-01 18:14 . 2013-11-01 18:14    --------    d-----w-    c:\users\PappyRig\AppData\Local\SplitMediaLabs
2013-11-01 18:13 . 2013-11-01 18:13    --------    d-----w-    c:\programdata\SplitMediaLabs
2013-11-01 18:13 . 2013-11-01 18:13    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\SplitMediaLabs
2013-11-01 12:46 . 2013-11-01 12:46    --------    d-sh--w-    c:\programdata\SecuROM
2013-11-01 12:31 . 2013-11-01 12:31    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\AVAST Software
2013-11-01 05:48 . 2013-05-22 22:49    32600    ----a-w-    c:\windows\system32\SmartDefragBootTime.exe
2013-10-28 23:19 . 2013-10-28 23:19    --------    d-----w-    c:\programdata\Globalscape
2013-10-28 23:18 . 2013-10-28 23:18    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\Globalscape
2013-10-28 21:21 . 2013-11-11 15:02    6674208    ----a-w-    c:\windows\system32\nvcpl.dll
2013-10-28 21:21 . 2013-11-11 15:02    3490080    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-10-28 21:21 . 2013-11-11 15:01    922912    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-10-28 21:21 . 2013-11-11 15:01    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-10-28 21:21 . 2013-11-11 15:01    219424    ----a-w-    c:\windows\system32\nvmctray.dll
2013-10-28 21:21 . 2013-11-11 15:01    3467927    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-10-28 21:20 . 2013-10-23 10:30    1884448    ----a-w-    c:\windows\system32\nvdispco6433165.dll
2013-10-28 21:20 . 2013-10-23 10:30    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433165.dll
2013-10-28 21:20 . 2013-11-14 11:55    18293608    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-10-28 21:20 . 2013-11-14 11:55    15862272    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-10-28 21:20 . 2013-11-14 11:55    1436528    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-10-28 21:20 . 2013-11-14 11:55    3069608    ----a-w-    c:\windows\system32\nvapi64.dll
2013-10-28 21:20 . 2013-11-14 11:55    2697248    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-10-25 17:25 . 2013-10-25 17:25    --------    d-----w-    c:\users\PappyRig\AppData\Local\DCS
2013-10-25 14:59 . 2013-10-25 14:59    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-10-25 14:58 . 2013-06-16 12:38    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-10-25 14:58 . 2013-06-16 12:38    196384    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-10-25 14:58 . 2013-01-29 08:35    1510176    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2013-10-25 03:34 . 2013-10-25 03:34    --------    d-----w-    c:\users\PappyRig\AppData\Roaming\Kalypso Media
2013-10-24 19:55 . 2013-10-24 19:55    47168    ----a-w-    c:\windows\system32\drivers\SaiU0CD7.sys
2013-10-24 19:55 . 2013-10-24 19:55    180544    ----a-w-    c:\windows\system32\drivers\SaiK0CD7.sys
2013-10-24 19:54 . 2013-05-22 22:49    17720    ----a-w-    c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-21 02:32 . 2013-09-16 18:58    214392    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-11-21 00:46 . 2013-09-16 18:58    214392    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-11-20 04:52 . 2013-08-25 18:57    84328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-20 04:52 . 2013-08-25 18:57    65264    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-11-20 04:52 . 2013-08-25 18:57    38984    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-11-20 04:52 . 2013-08-25 18:57    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-11-20 04:52 . 2013-08-25 18:57    1032416    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-20 04:52 . 2013-08-25 18:55    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-19 17:47 . 2013-08-25 20:05    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-12 22:10 . 2013-08-25 19:05    82896128    ----a-w-    c:\windows\system32\MRT.exe
2013-11-02 16:23 . 2009-08-18 16:49    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-11-02 16:23 . 2009-08-18 15:24    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-11-01 05:50 . 2013-08-25 18:57    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-11-01 05:50 . 2013-08-25 18:57    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-01 05:50 . 2013-08-25 18:57    205320    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-28 07:48 . 2013-09-16 18:58    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-10-15 16:35 . 2013-10-15 16:35    57344    ----a-r-    c:\users\PappyRig\AppData\Roaming\Microsoft\Installer\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-10-15 16:35 . 2013-10-15 16:35    57344    ----a-r-    c:\users\PappyRig\AppData\Roaming\Microsoft\Installer\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-10-15 16:35 . 2013-10-15 16:35    53248    ----a-r-    c:\users\PappyRig\AppData\Roaming\Microsoft\Installer\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}\ARPPRODUCTICON.exe
2013-10-09 23:14 . 2013-10-09 23:14    0    ---ha-w-    c:\users\PappyRig\AppData\Local\BIT6C0B.tmp
2013-10-09 23:01 . 2013-10-09 23:01    0    ---ha-w-    c:\users\PappyRig\AppData\Local\BIT4BCE.tmp
2013-10-09 01:06 . 2013-09-11 18:06    17813896    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-17 20:59 . 2013-09-17 20:59    3174912    ----a-w-    c:\windows\system32\rdpcorets.dll
2013-09-17 20:59 . 2013-09-17 20:59    30208    ----a-w-    c:\windows\system32\drivers\TsUsbGD.sys
2013-09-17 20:59 . 2013-09-17 20:59    243200    ----a-w-    c:\windows\system32\rdpudd.dll
2013-09-17 20:59 . 2013-09-17 20:59    228864    ----a-w-    c:\windows\system32\rdpendp_winip.dll
2013-09-17 20:59 . 2013-09-17 20:59    19456    ----a-w-    c:\windows\system32\drivers\rdpvideominiport.sys
2013-09-17 20:59 . 2013-09-17 20:59    192000    ----a-w-    c:\windows\SysWow64\rdpendp_winip.dll
2013-09-17 20:59 . 2013-09-17 20:59    15360    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2013-09-17 20:57 . 2013-09-17 20:57    514560    ----a-w-    c:\windows\SysWow64\qdvd.dll
2013-09-17 20:57 . 2013-09-17 20:57    366592    ----a-w-    c:\windows\system32\qdvd.dll
2013-09-12 08:58 . 2013-09-08 22:55    2986672    ----a-w-    c:\windows\system32\SET35DA.tmp
2013-09-12 08:58 . 2013-09-08 22:55    15901448    ----a-w-    c:\windows\system32\SET4488.tmp
2013-09-12 08:58 . 2013-09-08 22:55    1412832    ----a-w-    c:\windows\system32\SET42A2.tmp
2013-09-08 02:30 . 2013-10-09 01:40    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 01:40    327168    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 01:40    231424    ----a-w-    c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 01:39    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 01:39    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 01:39    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 01:39    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 01:39    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 01:39    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 01:39    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-09-03 18:35 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-09-02 13:46 . 2013-09-02 13:46    178800    ----a-w-    c:\windows\SysWow64\CmdLineExt_x64.dll
2013-08-29 02:17 . 2013-10-09 01:40    5549504    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 01:40    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 01:40    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 01:40    859648    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 01:40    878080    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 01:40    3969472    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 01:40    3914176    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 01:40    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 01:40    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 01:40    619520    ----a-w-    c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 01:40    640512    ----a-w-    c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 01:40    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 01:40    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 01:40    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 01:40    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 01:40    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 01:40    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 01:40    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2013-08-25 20:22 . 2013-08-25 18:17    466520    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-08-25 20:22 . 2013-08-25 18:17    445016    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-08-25 20:22 . 2013-08-25 18:17    123480    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-08-25 20:22 . 2013-08-25 18:17    109144    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-05 642728]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-20 3568312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe -minimized [2012-2-22 564224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 getbus;getbus;c:\users\PappyRig\AppData\Local\Temp\getbus.sys;c:\users\PappyRig\AppData\Local\Temp\getbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ALSysIO;ALSysIO;c:\users\PappyRig\AppData\Local\Temp\ALSysIO64.sys;c:\users\PappyRig\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys;c:\windows\SYSNATIVE\DRIVERS\Edge7x64.sys [x]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys;c:\windows\SYSNATIVE\DRIVERS\Xeno7x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
S3 SaiK0CD7;SaiK0CD7;c:\windows\system32\DRIVERS\SaiK0CD7.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CD7.sys [x]
S3 SaiU0CD7;SaiU0CD7;c:\windows\system32\DRIVERS\SaiU0CD7.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CD7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 17:47]
.
2013-11-21 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-10-24 15:12]
.
2013-11-19 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 17:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-20 04:52    326944    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-14 1064224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3F4E9C7F-B34E-4900-B3AB-AE151A414E6C}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\PappyRig\AppData\Roaming\Mozilla\Firefox\Profiles\2oy90swn.default-1384376318846\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF - ExtSQL: 2013-11-12 17:05; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-11-20 22:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\PappyRig\AppData\Roaming\Mozilla\Firefox\Profiles\2oy90swn.default-1384376318846\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2879088868-1364959740-3223249506-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,5b,f8,ae,c6,cd,93,bc,4d,9f,e4,a4,da,a2,5d,a5,66,0a,7f,36,bf,
   a5,7a,74,2e,ec,b1,9e,d1,92,c4,59,42,8b,ae,15,e5,73,85,bf,3b,ab,ca,79,01,7a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\fraps\fraps.exe
c:\program files (x86)\EVGA Precision X\EVGAPrecision.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
.
**************************************************************************
.
Completion time: 2013-11-21  13:05:57 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-21 18:05
ComboFix2.txt  2013-11-20 20:54
ComboFix3.txt  2013-11-18 05:07
ComboFix4.txt  2013-11-13 20:52
.
Pre-Run: 30,479,319,040 bytes free
Post-Run: 30,126,235,648 bytes free
.
- - End Of File - - ACE0A77FF51E5A06A3C7A7A10E5F8EF8
A36C5E4F47E84449FF07ED3517B43A31
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:48 AM

Posted 21 November 2013 - 01:36 PM

Start Firefox.
Open the page you with to go to when you open the application.

When you see the page open Firefox > TOOLS > OPTIONS > general tab.
Select Use current pages Click the OK button.

Restart the computer normally.

If that fails try this.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How is it now?

#15 pappypwnerton76

pappypwnerton76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 21 November 2013 - 01:40 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by PappyRig (administrator) on 21-11-2013 at 13:39:37
Running from "C:\Users\PappyRig\Desktop\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.


**** End of log ****

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users