Comminuo

Woops, forgot to delete Utorrent, ill do that and post a new log if needed

DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 Run by Little Biatch at 16:30:58 on 2012-11-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.1707 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Little Biatch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Windows\system32\taskhost.exe C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.101\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.220\deploy\LolClient.exe C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=831E46F369C25FD87FFDCC5093050AB1&tbp=homepage&v=1_2 mWinlogon: Userinit = userinit.exe BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll uRun: [Google Update] "C:\Users\Little Biatch\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [spotify Web Helper] "C:\Users\Little Biatch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 216.211.190.3 216.211.191.9 TCP: Interfaces\{3C553EB1-711C-4396-ABE3-DC3358057CAD} : DHCPNameServer = 192.168.1.1 216.211.190.3 216.211.191.9 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 69.171.228.74 https://www.facebook.com ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Little Biatch\AppData\Roaming\Mozilla\Firefox\Profiles\mpg7jcq3.default\ FF - prefs.js: browser.search.selectedEngine - blekko FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=f06b8e24&tbp=rbox&toolbarid=blekkotb_sa5&u=831E46F369C25FD87FFDCC5093050AB1&q= FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q= FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Little Biatch\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-3 238080] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-23 189608] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-29 399432] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-8-23 509104] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-29 676936] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-31 25928] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-24 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-24 1255736] . =============== Created Last 30 ================ . 2012-11-08 00:08:54 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{346347F1-D44D-4DD0-918A-8396AEFE6D1E}\mpengine.dll 2012-11-06 22:46:40 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-06 05:19:24 -------- d-----w- C:\Users\Little Biatch\All_That_Remains-A_War_You_Cannot_Win-2012-KzT 2012-11-04 00:45:34 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-11-04 00:45:34 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-11-04 00:45:29 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-11-01 23:28:09 -------- d-----w- C:\Users\Little Biatch\AppData\Roaming\logs 2012-11-01 23:26:41 -------- d-----w- C:\ProgramData\blekko toolbars 2012-11-01 03:20:10 -------- d-----w- C:\Users\Little Biatch\AppData\Roaming\LOVE 2012-10-20 18:42:36 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3347DDB-FF18-4581-83A7-E1DDF16548C8}\gapaengine.dll 2012-10-14 19:45:04 -------- d-----w- C:\Users\Little Biatch\AppData\Local\LogMeIn Hamachi 2012-10-14 19:44:45 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-10-13 23:59:28 -------- d-----w- C:\Users\Little Biatch\AppData\Roaming\Origin 2012-10-13 23:59:28 -------- d-----w- C:\Program Files (x86)\Origin Games 2012-10-13 23:59:24 -------- d-----w- C:\Users\Little Biatch\AppData\Local\Origin 2012-10-13 23:57:23 -------- d-----w- C:\ProgramData\Origin 2012-10-13 23:57:22 -------- d-----w- C:\ProgramData\Electronic Arts 2012-10-13 23:57:04 -------- d-----w- C:\Program Files (x86)\Origin 2012-10-10 23:14:58 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-10 23:14:52 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-10 23:14:52 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-10 23:14:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-10 23:14:48 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-10 23:14:45 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 23:14:45 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 23:14:39 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 23:14:39 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 23:14:39 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 23:14:39 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 23:14:39 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 23:14:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-11-04 00:31:42 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-11-04 00:31:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-08 23:56:00 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-08 23:55:59 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-21 02:38:16 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-09-21 02:38:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-31 04:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-31 04:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-24 00:55:39 0 ----a-w- C:\Windows\ativpsrm.bin 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-21 19:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-08-21 19:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 19:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 16:31:40.51 ===============

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/23/2012 5:58:39 PM System Uptime: 11/6/2012 12:49:03 AM (64 hours ago) . Motherboard: Intel Corporation | | DH55HC Processor: Intel® Core i5 CPU 760 @ 2.80GHz | XU1 | 2235/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 343.038 GiB free. D: is CDROM (UDF) E: is FIXED (NTFS) - 932 GiB total, 717.212 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP36: 10/25/2012 5:26:19 PM - Windows Update RP37: 10/28/2012 7:45:57 PM - Windows Update RP38: 11/2/2012 3:54:11 PM - Windows Update RP39: 11/3/2012 6:03:23 PM - Installed Java 7 Update 9 RP40: 11/3/2012 6:27:50 PM - Removed Java 7 Update 9 RP41: 11/3/2012 6:28:10 PM - Removed Java 7 Update 9 RP42: 11/3/2012 6:31:34 PM - Installed Java 7 Update 9 RP43: 11/3/2012 6:33:28 PM - Removed Java 7 Update 9 RP44: 11/3/2012 6:45:06 PM - Installed Java 7 Update 6 (64-bit) RP45: 11/6/2012 3:46:16 PM - Windows Update . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Apple Application Support Apple Mobile Device Support Apple Software Update ARMA 2 ARMA 2: Operation Arrowhead Bonjour Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Command and Conquer 3: Tiberium Wars Garry's Mod Google Chrome Guild Wars 2 Intel® Network Connections 17.0.200.2 iTunes Java 7 Update 6 (64-bit) League of Legends LogMeIn Hamachi Malwarebytes Anti-Malware version 1.65.1.1000 McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service Mumble 1.2.3 Origin Pando Media Booster Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype Click to Call Skype™ 5.10 Spotify Steam System Requirements Lab for Intel Team Fortress 2 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WinRAR 4.20 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 11/7/2012 9:45:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 11/5/2012 5:15:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. . ==== End Of File ===========================

Im not sure what it is but the scanners i have dont work so ill post the logs here in a sec...

Every time i run combofix, it crashes my computer, no messages from the program, my computer just crashes and restarts

All processes killed ========== OTL ========== C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ moved successfully. ========== FILES ========== C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} scheduled to be moved on reboot. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L folder moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc} folder moved successfully. C:\Users\Micah\AppData\Roaming\uTorrent\ie folder moved successfully. C:\Users\Micah\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\Micah\AppData\Roaming\uTorrent\Cache folder moved successfully. C:\Users\Micah\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\Micah\AppData\Roaming\uTorrent folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Micah\Downloads\cmd.bat deleted successfully. C:\Users\Micah\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mcx1-MICAH-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Micah ->Temp folder emptied: 68224383 bytes ->Temporary Internet Files folder emptied: 48736615 bytes ->Java cache emptied: 12584 bytes ->FireFox cache emptied: 185711886 bytes ->Google Chrome cache emptied: 373665559 bytes ->Flash cache emptied: 8954 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 66561674 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 41095312 bytes Total Files Cleaned = 748.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.54.1 log created on 08192012_180708 Files\Folders moved on Reboot... C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} folder moved successfully. C:\Users\Micah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\hsperfdata_MICAH-PC$\3596 moved successfully. PendingFileRenameOperations files... File C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} not found! File C:\Users\Micah\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Windows\temp\hsperfdata_MICAH-PC$\3596 not found! Registry entries deleted on Reboot...

OTL logfile created on: 8/18/2012 9:11:53 PM - Run 2 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Micah\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.93 Gb Total Physical Memory | 3.14 Gb Available Physical Memory | 79.68% Memory free 7.87 Gb Paging File | 6.44 Gb Available in Paging File | 81.84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 53.17 Gb Free Space | 11.42% Space Free | Partition Type: NTFS Computer Name: MICAH-PC | User Name: Micah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/10 12:02:50 | 001,193,176 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/07/24 17:11:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Micah\Downloads\OTL.exe PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011/11/20 19:25:50 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010/04/15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/04/15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2008/10/16 18:07:40 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe ========== Modules (No Company Name) ========== MOD - [2012/08/10 12:02:50 | 001,193,176 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/07/05 18:19:46 | 001,511,448 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- C:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc) SRV:64bit: - [2010/07/06 19:50:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012/07/26 21:05:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/12 13:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/06/21 20:05:18 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/11/20 19:25:50 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010/04/15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/04/15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/05 18:19:48 | 000,021,656 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\evolve.sys -- (EvolveVirtualAdapter) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011/06/15 02:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2011/05/18 21:35:26 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/07/06 19:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/04/06 00:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111111040608623&tb_oid=11-11-2011&tb_mrud=11-11-2011 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\SearchScopes\{574001d0-46db-44fa-be94-a5ab296994c6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111111040608623&tb_oid=11-11-2011&tb_mrud=11-11-2011 IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\SearchScopes\{9001ECE5-27F9-7260-292B-CF945347FC97}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111222&iesrc={referrer:source} IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "AOL Search" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: contact@drpepper.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.7.3 FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/05/23 21:10:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/28 16:08:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/26 21:05:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 12:31:44 | 000,000,000 | ---D | M] [2012/07/25 17:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micah\AppData\Roaming\Mozilla\Extensions [2012/08/10 13:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions [2010/08/10 13:04:17 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66} [2011/03/13 12:44:05 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2011/03/30 09:40:02 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\battlefieldplay4free@ea.com [2012/08/10 13:22:02 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\btpersonas@brandthunder.com [2011/03/06 11:29:33 | 000,000,000 | ---D | M] (Nothing Like It! for Facebook) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\contact@drpepper.com [2011/11/13 22:56:41 | 000,002,342 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\aol-search.xml [2012/08/04 14:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/08/04 14:01:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/07/26 21:05:36 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/02/27 10:06:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/05/17 23:00:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old [2012/05/17 23:00:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Skype Click to Call = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\ O1 HOSTS File: ([2012/07/26 20:42:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000..\Run: [spotify Web Helper] C:\Users\Micah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28120EA2-1571-41F7-9E5F-7A5A50040511}: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/07 00:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012/08/07 00:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012/08/07 00:38:52 | 000,000,000 | ---D | C] -- C:\Users\Micah\Documents\Guild Wars 2 [2012/08/03 00:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit [2012/08/03 00:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs [2012/07/31 19:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton [2012/07/31 19:10:54 | 000,000,000 | ---D | C] -- C:\Users\Micah\Documents\Ableton [2012/07/31 19:10:54 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\Ableton [2012/07/31 19:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton [2012/07/31 19:08:59 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll [2012/07/31 19:08:59 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll [2012/07/31 19:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ableton [2012/07/31 18:12:53 | 000,000,000 | ---D | C] -- C:\Users\Micah\Desktop\Ableton Live 8.2.2 (CRACKED) [theLEAK] [2012/07/31 18:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2012/07/28 19:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/07/26 20:47:35 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/07/26 20:43:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/07/26 20:30:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/07/26 20:30:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/07/26 20:30:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/07/26 20:30:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/26 20:30:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/07/26 00:11:11 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\SIX_Projects [2012/07/25 17:42:43 | 000,000,000 | ---D | C] -- C:\_OTL [2012/07/23 20:33:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Micah\Desktop\dds.com [2012/07/22 14:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/07/22 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/07/22 12:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/07/22 12:33:55 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/07/22 12:09:52 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\ElevatedDiagnostics [2012/07/20 17:29:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/07/20 17:22:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun ========== Files - Modified Within 30 Days ========== [2012/08/18 21:07:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/18 16:47:07 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/18 16:47:07 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/18 16:43:45 | 000,792,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/18 16:43:45 | 000,669,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/18 16:43:45 | 000,125,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/18 16:38:45 | 3168,821,248 | -HS- | M] () -- C:\hiberfil.sys [2012/08/14 19:42:08 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/13 10:49:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/08/07 20:18:11 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk [2012/08/07 20:18:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/08/07 20:18:11 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Beat Hazard.lnk [2012/08/07 20:18:10 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012/08/07 20:18:10 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitorPro.lnk [2012/08/07 20:18:10 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk [2012/08/07 15:02:34 | 000,104,532 | ---- | M] () -- C:\Users\Micah\Desktop\gragas.JPG [2012/08/07 00:40:19 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012/07/31 18:10:09 | 000,000,967 | ---- | M] () -- C:\Users\Micah\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/07/31 18:10:09 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/07/27 21:20:26 | 000,289,215 | ---- | M] () -- C:\Users\Micah\Desktop\Captcha.JPG [2012/07/26 20:42:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/07/25 21:23:03 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012/07/25 21:23:03 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012/07/23 22:07:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/07/23 20:33:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Micah\Desktop\dds.com [2012/07/22 12:56:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/22 12:37:52 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/22 12:37:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/22 12:31:16 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl ========== Files Created - No Company Name ========== [2012/08/13 10:50:04 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ [2012/08/13 10:50:03 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ [2012/08/13 10:50:01 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ [2012/08/12 16:58:15 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@ [2012/08/12 16:58:15 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@ [2012/08/12 16:58:14 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@ [2012/08/12 16:58:12 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@ [2012/08/07 15:02:34 | 000,104,532 | ---- | C] () -- C:\Users\Micah\Desktop\gragas.JPG [2012/08/07 00:40:19 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012/07/31 18:10:09 | 000,000,967 | ---- | C] () -- C:\Users\Micah\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/07/31 18:10:09 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/07/27 21:20:25 | 000,289,215 | ---- | C] () -- C:\Users\Micah\Desktop\Captcha.JPG [2012/07/26 20:30:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/07/26 20:30:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/07/26 20:30:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/07/26 20:30:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/07/26 20:30:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/07/22 12:56:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/22 12:31:16 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl [2012/06/14 23:46:49 | 000,483,013 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak [2012/03/20 16:37:11 | 000,033,633 | ---- | C] () -- C:\Users\Micah\AppData\Roaming\UserTile.png [2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ [2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ [2011/12/21 19:14:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/08/06 22:38:35 | 000,000,000 | ---- | C] () -- C:\Users\Micah\AppData\Local\{D3F5262B-4CB4-435D-9D14-3E2A813D677E} [2011/06/28 00:01:37 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/06/28 00:01:37 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/06/07 19:29:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/07 17:04:26 | 000,007,597 | ---- | C] () -- C:\Users\Micah\AppData\Local\Resmon.ResmonCfg [2011/03/30 10:03:07 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/03/30 10:03:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010/11/05 21:04:36 | 000,000,093 | ---- | C] () -- C:\Users\Micah\AppData\Local\fusioncache.dat [2010/11/05 21:01:25 | 000,786,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012/06/21 22:08:27 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\.minecraft [2012/07/31 19:10:54 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Ableton [2012/07/01 11:21:15 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Carbon [2011/05/23 21:28:46 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.adobe.dmp.contentviewer [2011/05/18 21:13:40 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/12/25 14:08:24 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.amazon.music.uploader [2011/02/26 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011/02/26 21:55:03 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Command and Conquer 4 [2012/07/22 11:51:42 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\DAEMON Tools Lite [2011/05/05 18:11:54 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\GetRightToGo [2011/09/01 19:38:06 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LolClient [2012/05/27 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LolClient2 [2011/08/01 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\MAXON [2011/07/03 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Notepad++ [2011/01/31 18:53:24 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\PC Cleaner [2011/11/20 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\PunkBuster [2012/07/26 00:36:59 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\six-updater [2012/07/16 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\six-zsync [2012/02/01 18:42:37 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SplitMediaLabs [2011/08/05 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SPORE [2012/08/18 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Spotify [2011/08/14 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SystemRequirementsLab [2011/08/01 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\TeamViewer [2011/08/17 12:19:05 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Tibia [2012/07/22 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\TS3Client [2012/08/18 16:39:44 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\uTorrent [2011/07/13 23:07:23 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >

Okay, thanks again Maniac, sorry to bother you with this, but yet again, im showing signs of the same problem as before, if you need a new log, im more than happy to give that to you, thanks again for your time.

ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=5bc4185c2844c843a7522ceec5bd51f8 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-29 03:35:09 # local_time=2012-07-28 09:35:09 (-0700, Mountain Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 458567 458567 0 0 # compatibility_mode=5893 16776574 100 94 62102 95070940 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=358310 # found=16 # cleaned=16 # scan_time=5418 C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Micah\Downloads\ActivePcOptimizer.exe a variant of Win32/Adware.RegistryMum application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Micah\Downloads\cnet2_PowerISO48_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Micah\Downloads\FinalTorrent2010Setup.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Micah\Downloads\pc-cleaner.exe a variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Micah\Downloads\tinyword.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Micah\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07252012_174243\C_Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07252012_174243\C_Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07252012_174243\C_Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07252012_174243\C_Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07252012_174243\C_Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07252012_174243\C_Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07252012_174243\C_Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ComboFix 12-07-27.02 - Micah 07/26/2012 20:33:22.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2331 [GMT -6:00] Running from: c:\users\Micah\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\Blinkx c:\program files (x86)\Blinkx\blinkx.ico c:\program files (x86)\Blinkx\blinkxss.exe c:\program files (x86)\Blinkx\blinkxstop.exe c:\program files (x86)\Blinkx\lang.dll c:\program files (x86)\Blinkx\templates\beat.ico c:\program files (x86)\Blinkx\templates\index.html c:\program files (x86)\Blinkx\templates\noflash.html c:\program files (x86)\Blinkx\templates\offline.html c:\program files (x86)\Blinkx\templates\offline.swf c:\program files (x86)\Blinkx\templates\uninstall.exe c:\users\Micah\AppData\Roaming\Love c:\users\Micah\AppData\Roaming\Love\mari0\options.txt c:\users\Micah\AppData\Roaming\mIRC\logs\status.log c:\users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\bing-zugo.xml c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 ))))))))))))))))))))))))))))))) . . 2012-07-27 02:41 . 2012-07-27 02:41 -------- d-----w- c:\users\Mcx1-MICAH-PC\AppData\Local\temp 2012-07-27 02:41 . 2012-07-27 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-26 06:11 . 2012-07-26 06:11 -------- d-----w- c:\users\Micah\AppData\Local\SIX_Projects 2012-07-25 23:42 . 2012-07-25 23:42 -------- d-----w- C:\_OTL 2012-07-22 20:29 . 2012-07-24 04:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-22 18:42 . 2012-07-22 18:42 -------- d-----w- c:\program files (x86)\Trend Micro 2012-07-22 18:09 . 2012-07-22 18:10 -------- d-----w- c:\users\Micah\AppData\Local\ElevatedDiagnostics 2012-07-20 23:29 . 2012-07-20 23:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-20 23:22 . 2012-07-20 23:22 -------- d-----w- c:\windows\Sun 2012-07-18 23:08 . 2012-07-18 23:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A86D56EB-92DB-4A3D-88D1-54FE114411FB}\offreg.dll 2012-07-17 19:51 . 2012-07-17 19:51 -------- d-----w- c:\programdata\Age of Empires 3 2012-07-17 16:49 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A86D56EB-92DB-4A3D-88D1-54FE114411FB}\mpengine.dll 2012-07-17 00:38 . 2012-07-17 00:38 -------- d-----w- c:\program files (x86)\Bohemia Interactive 2012-07-17 00:36 . 2012-07-25 01:20 -------- d-----w- c:\users\Micah\AppData\Local\ArmA 2 2012-07-17 00:29 . 2012-07-26 06:32 -------- d-----w- c:\users\Micah\AppData\Local\ArmA 2 OA 2012-07-17 00:21 . 2012-07-26 06:36 -------- d-----w- c:\users\Micah\AppData\Roaming\six-updater 2012-07-17 00:21 . 2012-07-17 00:21 -------- d-----w- c:\users\Micah\AppData\Roaming\six-zsync 2012-07-17 00:21 . 2012-07-17 00:21 -------- d-----w- c:\program files (x86)\SIX Projects 2012-07-17 00:20 . 2012-07-26 03:22 -------- d-----w- c:\users\Micah\AppData\Local\Downloaded Installations 2012-07-11 09:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 01:00 . 2012-07-11 01:00 -------- d-----w- c:\program files (x86)\SplitMediaLabs 2012-07-06 00:19 . 2012-07-06 00:19 21656 ----a-w- c:\windows\system32\drivers\evolve.sys 2012-07-06 00:19 . 2012-07-06 00:19 -------- d-----w- c:\program files\Echobit 2012-07-06 00:18 . 2012-07-06 00:18 -------- d-----w- c:\programdata\Echobit 2012-07-06 00:18 . 2012-07-06 00:18 -------- d-----w- c:\users\Micah\AppData\Local\Echobit 2012-07-05 22:31 . 2012-07-05 22:31 -------- d-----w- c:\users\Micah\AppData\Local\My Games 2012-07-05 22:31 . 2012-07-05 22:31 -------- d-----w- c:\programdata\REVOLT 2012-07-05 22:17 . 2012-07-05 22:17 -------- d-----w- c:\program files (x86)\Games 2012-07-01 17:21 . 2012-07-01 17:21 -------- d-----w- c:\users\Micah\AppData\Roaming\Carbon 2012-07-01 00:12 . 2012-07-01 00:12 -------- d-----w- c:\users\Micah\AppData\Local\Harvest 2012-06-30 20:26 . 2012-06-30 20:26 -------- d-----w- c:\program files\CPUID 2012-06-30 20:26 . 2011-09-21 16:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys 2012-06-28 20:25 . 2012-06-28 20:25 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 09:01 . 2010-08-09 16:19 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-04 04:35 . 2011-08-13 19:22 6656 ----a-w- c:\windows\system32\lpcio.dll 2012-07-03 19:46 . 2010-11-27 19:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-15 20:05 . 2012-06-15 20:06 627600 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-15 20:05 . 2012-06-15 20:06 252296 ----a-w- c:\windows\system32\javaws.exe 2012-06-15 20:05 . 2012-06-15 20:06 188808 ----a-w- c:\windows\system32\javaw.exe 2012-06-15 20:05 . 2012-06-15 20:06 188808 ----a-w- c:\windows\system32\java.exe 2012-06-02 22:19 . 2012-06-21 17:52 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 17:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 17:53 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 17:53 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 17:52 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 17:53 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 17:52 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 21:19 . 2012-06-21 17:52 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 21:15 . 2012-06-21 17:52 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 18:25 . 2010-08-09 16:17 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-15 04:01 . 2012-06-12 21:11 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:59 . 2012-06-12 21:11 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:03 . 2012-06-12 21:11 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 11:06 . 2012-06-12 21:09 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-12 21:09 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-12 21:09 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-12 21:09 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-12 21:07 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304] "Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2008-10-17 147456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336] R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe [2012-07-06 1511448] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-28 113120] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-09 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-19 254528] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 203264] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-04-16 2533400] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232] S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-07-06 21656] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 01:28] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 01:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-08 10810912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\system32\blank.htm FF - ProfilePath - c:\users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - user.js: extensions.autoDisableScopes - 14 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) AddRemove-blinkx beat - c:\program files (x86)\Blinkx\templates\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2932929639-738542622-1971861260-1000\Software\SecuROM\License information*] "datasecu"=hex:c2,8b,da,76,fe,99,2f,ca,53,92,1b,ee,8c,f2,b3,a0,47,f9,9e,4b,68, 58,09,b6,0d,c1,88,58,3d,81,0e,b6,ea,9e,46,57,8e,26,19,6c,76,21,0a,f9,dc,12,\ "rkeysecu"=hex:fc,02,5e,37,53,b7,52,5d,1d,e7,59,c6,a6,3e,ba,ae . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-07-26 20:47:33 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-27 02:47 . Pre-Run: 81,126,363,136 bytes free Post-Run: 80,988,528,640 bytes free . - - End Of File - - A5BC925C9D6F826A05BE275CFDB5F19E

All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{03402f96-3dc7-4285-bc50-9e81fefafe43} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Search Results" removed from browser.search.order.1 Prefs.js: "" removed from browser.search.order.2 Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully. Folder C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\askcom.xml moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\conduit.xml moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\daemon-search.xml moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\MyStart Search.xml moved successfully. C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\Search_Results.xml moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found. File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found. File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@ moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@ moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@ moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@ moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ moved successfully. C:\Users\Micah\AppData\Roaming\FinalTorrent folder moved successfully. ADS C:\ProgramData\TEMP:E41EAF13 deleted successfully. ========== FILES ========== C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} scheduled to be moved on reboot. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L folder moved successfully. C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc} folder moved successfully. File\Folder C:\Program Files (x86)\Windows iLivid Toolbar not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Micah\Downloads\cmd.bat deleted successfully. C:\Users\Micah\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mcx1-MICAH-PC ->Temp folder emptied: 516 bytes ->Temporary Internet Files folder emptied: 1344569 bytes ->Flash cache emptied: 56502 bytes User: Micah ->Temp folder emptied: 1864495 bytes ->Temporary Internet Files folder emptied: 49023139 bytes ->Java cache emptied: 16661476 bytes ->FireFox cache emptied: 66942184 bytes ->Google Chrome cache emptied: 322717638 bytes ->Flash cache emptied: 3174152 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10304207 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 450.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.54.1 log created on 07252012_174243 Files\Folders moved on Reboot... C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} folder moved successfully. C:\Users\Micah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} not found! File C:\Users\Micah\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...

Also, any Utorrent files or the like should be ignored, i uninstalled the program a while ago, but those particular files must have stayed i suppose.

OTL: OTL logfile created on: 7/24/2012 5:11:23 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Micah\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.93 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 72.48% Memory free 7.87 Gb Paging File | 6.60 Gb Available in Paging File | 83.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 78.49 Gb Free Space | 16.86% Space Free | Partition Type: NTFS Computer Name: MICAH-PC | User Name: Micah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/24 17:11:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Micah\Downloads\OTL.exe PRC - [2012/07/09 22:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2011/11/20 19:25:50 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010/04/15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/04/15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2008/10/16 18:07:40 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe ========== Modules (No Company Name) ========== MOD - [2012/07/09 22:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll MOD - [2012/07/09 22:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll MOD - [2012/07/09 22:07:39 | 000,554,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libglesv2.dll MOD - [2012/07/09 22:07:37 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libegl.dll MOD - [2012/07/09 22:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avutil-51.dll MOD - [2012/07/09 22:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avformat-54.dll MOD - [2012/07/09 22:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/07/05 18:19:46 | 001,511,448 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- C:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc) SRV:64bit: - [2010/07/06 19:50:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012/06/28 17:59:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/06/24 12:42:01 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012/06/21 20:05:18 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/11/20 19:25:50 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010/04/15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/04/15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/05 18:19:48 | 000,021,656 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\evolve.sys -- (EvolveVirtualAdapter) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011/06/15 02:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2011/05/18 21:35:26 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/07/06 19:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/04/06 00:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111111040608623&tb_oid=11-11-2011&tb_mrud=11-11-2011 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=UT2V5&o=15150&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=UF&apn_dtid=YYYYYYYYUS&apn_uid=2E4CA80E-38C4-4FD7-83B7-CCA03A42326F&apn_sauid=293B1D0E-F345-48D2-8AEB-7940076A3213 IE - HKCU\..\SearchScopes\{574001d0-46db-44fa-be94-a5ab296994c6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111111040608623&tb_oid=11-11-2011&tb_mrud=11-11-2011 IE - HKCU\..\SearchScopes\{9001ECE5-27F9-7260-292B-CF945347FC97}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111222&iesrc={referrer:source} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb59/?search={searchTerms}&loc=search_box&u=92823324915422168 IE - HKCU\..\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}: "URL" = http://dm.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z055&partner_id=195&product_id=611&affiliate_id=&channel=dm6&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110628&user_guid=2D10838BC3964C0F9867120F8EC5750C&machine_id=da9196787082f2de2f19d63dbb776686&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AOL Search" FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: contact@drpepper.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.7.3 FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/05/23 21:10:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/28 16:08:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/28 17:59:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 12:31:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/28 17:59:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 12:31:44 | 000,000,000 | ---D | M] [2011/11/13 19:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micah\AppData\Roaming\Mozilla\Extensions [2012/07/22 12:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions [2010/08/10 13:04:17 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66} [2012/07/17 16:02:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2011/11/13 19:03:21 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011/03/13 12:44:05 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2011/03/30 09:40:02 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\battlefieldplay4free@ea.com [2012/07/13 00:00:16 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\btpersonas@brandthunder.com [2011/03/06 11:29:33 | 000,000,000 | ---D | M] (Nothing Like It! for Facebook) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\contact@drpepper.com [2011/11/13 22:56:41 | 000,002,342 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\aol-search.xml [2011/06/10 14:50:04 | 000,002,397 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\askcom.xml [2011/12/21 20:35:00 | 000,001,945 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\bing-zugo.xml [2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\conduit.xml [2011/05/18 21:35:08 | 000,002,055 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\daemon-search.xml [2011/11/13 19:05:50 | 000,002,207 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\MyStart Search.xml [2011/11/13 19:03:19 | 000,002,519 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\Search_Results.xml [2012/03/11 19:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/28 17:59:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/02/27 10:06:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/05/17 23:00:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old [2011/11/13 19:03:19 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/05/17 23:00:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28120EA2-1571-41F7-9E5F-7A5A50040511}: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{98a1b17e-bc5e-11e0-a4d1-00270e08434d}\Shell - "" = AutoRun O33 - MountPoints2\{98a1b17e-bc5e-11e0-a4d1-00270e08434d}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{e7451973-be19-11e0-b39b-00270e08434d}\Shell - "" = AutoRun O33 - MountPoints2\{e7451973-be19-11e0-b39b-00270e08434d}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{fc892deb-b7b9-11e0-9aaf-00270e08434d}\Shell - "" = AutoRun O33 - MountPoints2\{fc892deb-b7b9-11e0-9aaf-00270e08434d}\Shell\AutoRun\command - "" = F:\steambackup2.EXE O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\steambackup2.EXE O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/23 22:07:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/07/23 20:33:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Micah\Desktop\dds.com [2012/07/22 14:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/07/22 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/07/22 12:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/07/22 12:33:55 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/07/22 12:09:52 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\ElevatedDiagnostics [2012/07/20 17:29:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/07/20 17:22:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/07/17 13:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3 [2012/07/16 18:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2012/07/16 18:36:40 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\ArmA 2 [2012/07/16 18:36:37 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012/07/16 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012/07/16 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\ArmA 2 OA [2012/07/16 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Micah\Documents\ArmA 2 [2012/07/16 18:21:45 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\six-updater [2012/07/16 18:21:44 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\six-zsync [2012/07/16 18:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects [2012/07/16 18:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects [2012/07/16 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\Downloaded Installations [2012/07/10 19:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit [2012/07/10 19:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs [2012/07/09 17:54:43 | 000,000,000 | ---D | C] -- C:\Users\Micah\Desktop\AGE OF EMPIRES III + SERIAL [2012/07/05 18:19:49 | 000,021,656 | ---- | C] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys [2012/07/05 18:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Echobit [2012/07/05 18:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Echobit [2012/07/05 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\Echobit [2012/07/05 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\My Games [2012/07/05 16:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT [2012/07/05 16:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Civilization.V.GOTY.incl.Gods.and.Kings [2012/07/05 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games [2012/07/03 15:36:54 | 000,000,000 | ---D | C] -- C:\Users\Micah\Desktop\c.v.gods.and.kings [2012/07/02 00:38:06 | 000,000,000 | ---D | C] -- C:\Users\Micah\Desktop\Folders [2012/07/01 11:21:15 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\Carbon [2012/06/30 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\Harvest [2012/06/30 14:26:11 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys [2012/06/30 14:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2012/06/30 14:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2012/06/28 14:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/06/28 14:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/24 17:16:16 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/24 17:16:16 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/24 17:16:01 | 000,792,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/24 17:16:01 | 000,669,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/24 17:16:01 | 000,125,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/24 17:08:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/24 17:08:36 | 3168,821,248 | -HS- | M] () -- C:\hiberfil.sys [2012/07/23 22:07:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/07/23 22:07:45 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/07/23 20:33:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Micah\Desktop\dds.com [2012/07/22 12:56:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/22 12:37:52 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/22 12:37:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/22 12:31:16 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl [2012/07/22 11:49:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/18 19:50:45 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012/07/18 19:50:45 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012/07/17 15:56:27 | 002,666,499 | ---- | M] () -- C:\Users\Micah\Desktop\GLHF.JPG [2012/07/17 14:29:51 | 000,000,222 | ---- | M] () -- C:\Users\Micah\Desktop\Age of Empires III Complete Collection.url [2012/07/14 20:34:34 | 000,227,563 | ---- | M] () -- C:\Users\Micah\Desktop\1342311091803.gif [2012/07/14 20:06:59 | 000,094,755 | ---- | M] () -- C:\Users\Micah\Desktop\Capture.JPG [2012/07/14 18:23:30 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\ARMA 2.url [2012/07/14 18:23:30 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\ARMA 2 Operation Arrowhead.url [2012/07/12 14:14:15 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/07/11 16:18:31 | 001,019,155 | ---- | M] () -- C:\Users\Micah\Desktop\Capture.PNG [2012/07/11 03:20:26 | 004,831,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/05 18:19:55 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Evolve.lnk [2012/07/05 18:19:48 | 000,021,656 | ---- | M] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys [2012/07/05 16:23:05 | 000,001,334 | ---- | M] () -- C:\Users\Micah\Desktop\Civilization.V.GOTY.incl.Gods.and.Kings.lnk [2012/07/04 19:28:50 | 000,044,547 | ---- | M] () -- C:\Users\Micah\Desktop\Bitchtitsleaving.PNG [2012/07/03 22:42:50 | 000,305,443 | ---- | M] () -- C:\Users\Micah\Desktop\background.PNG [2012/07/03 22:35:18 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\lpcio.dll [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/30 17:52:45 | 000,000,189 | ---- | M] () -- C:\Users\Micah\Desktop\AirMech.url [2012/06/30 17:52:22 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\Hitogata Happa.url [2012/06/30 17:52:22 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\Gundemonium Recollection.url [2012/06/30 17:52:22 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\GundeadliGne.url [2012/06/30 17:51:04 | 000,000,222 | ---- | M] () -- C:\Users\Micah\Desktop\Serious Sam 2.url [2012/06/30 17:51:04 | 000,000,202 | ---- | M] () -- C:\Users\Micah\Desktop\Serious Sam 2 Editor.url [2012/06/30 17:50:21 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\Harvest Massive Encounter.url [2012/06/30 14:26:11 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitorPro.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/24 00:02:27 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ [2012/07/22 15:13:11 | 000,232,960 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ [2012/07/22 15:13:10 | 000,092,160 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ [2012/07/22 15:13:10 | 000,080,896 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@ [2012/07/22 15:13:10 | 000,000,804 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@ [2012/07/22 15:13:09 | 000,016,896 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@ [2012/07/22 15:13:09 | 000,002,048 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@ [2012/07/22 15:13:09 | 000,001,632 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ [2012/07/22 12:56:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/22 12:31:16 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl [2012/07/20 17:23:36 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@ [2012/07/20 17:23:36 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@ [2012/07/20 17:23:22 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ [2012/07/20 17:23:21 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@ [2012/07/20 17:23:08 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@ [2012/07/20 17:23:07 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ [2012/07/17 15:58:02 | 002,666,499 | ---- | C] () -- C:\Users\Micah\Desktop\GLHF.JPG [2012/07/16 20:33:09 | 000,000,222 | ---- | C] () -- C:\Users\Micah\Desktop\Age of Empires III Complete Collection.url [2012/07/16 18:21:14 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012/07/16 18:21:14 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012/07/14 20:34:40 | 000,227,563 | ---- | C] () -- C:\Users\Micah\Desktop\1342311091803.gif [2012/07/14 20:06:59 | 000,094,755 | ---- | C] () -- C:\Users\Micah\Desktop\Capture.JPG [2012/07/14 18:23:30 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\ARMA 2.url [2012/07/14 18:23:30 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\ARMA 2 Operation Arrowhead.url [2012/07/11 16:18:21 | 001,019,155 | ---- | C] () -- C:\Users\Micah\Desktop\Capture.PNG [2012/07/05 18:19:55 | 000,002,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk [2012/07/05 18:19:55 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Evolve.lnk [2012/07/05 16:23:05 | 000,001,334 | ---- | C] () -- C:\Users\Micah\Desktop\Civilization.V.GOTY.incl.Gods.and.Kings.lnk [2012/07/04 19:28:50 | 000,044,547 | ---- | C] () -- C:\Users\Micah\Desktop\Bitchtitsleaving.PNG [2012/07/03 22:42:50 | 000,305,443 | ---- | C] () -- C:\Users\Micah\Desktop\background.PNG [2012/06/30 17:52:45 | 000,000,189 | ---- | C] () -- C:\Users\Micah\Desktop\AirMech.url [2012/06/30 17:52:22 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\Hitogata Happa.url [2012/06/30 17:52:22 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\Gundemonium Recollection.url [2012/06/30 17:52:22 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\GundeadliGne.url [2012/06/30 17:51:04 | 000,000,222 | ---- | C] () -- C:\Users\Micah\Desktop\Serious Sam 2.url [2012/06/30 17:51:04 | 000,000,202 | ---- | C] () -- C:\Users\Micah\Desktop\Serious Sam 2 Editor.url [2012/06/30 17:50:21 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\Harvest Massive Encounter.url [2012/06/30 14:26:11 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitorPro.lnk [2012/06/14 23:46:49 | 000,483,013 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak [2012/03/20 16:37:11 | 000,033,633 | ---- | C] () -- C:\Users\Micah\AppData\Roaming\UserTile.png [2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ [2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ [2011/12/21 19:14:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/08/06 22:38:35 | 000,000,000 | ---- | C] () -- C:\Users\Micah\AppData\Local\{D3F5262B-4CB4-435D-9D14-3E2A813D677E} [2011/06/28 00:01:37 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/06/28 00:01:37 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/06/07 19:29:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/07 17:04:26 | 000,007,597 | ---- | C] () -- C:\Users\Micah\AppData\Local\Resmon.ResmonCfg [2011/03/30 10:03:07 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/03/30 10:03:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010/11/05 21:04:36 | 000,000,093 | ---- | C] () -- C:\Users\Micah\AppData\Local\fusioncache.dat [2010/11/05 21:01:25 | 000,786,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/08/16 18:07:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012/06/21 22:08:27 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\.minecraft [2012/07/01 11:21:15 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Carbon [2011/05/23 21:28:46 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.adobe.dmp.contentviewer [2011/05/18 21:13:40 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/12/25 14:08:24 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.amazon.music.uploader [2011/02/26 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011/02/26 21:55:03 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Command and Conquer 4 [2012/07/22 11:51:42 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\DAEMON Tools Lite [2010/09/03 23:14:32 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\FinalTorrent [2011/05/05 18:11:54 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\GetRightToGo [2011/09/01 19:38:06 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LolClient [2012/05/27 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LolClient2 [2012/03/10 14:15:25 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LOVE [2011/08/01 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\MAXON [2011/07/03 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Notepad++ [2011/01/31 18:53:24 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\PC Cleaner [2011/11/20 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\PunkBuster [2012/07/16 18:22:27 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\six-updater [2012/07/16 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\six-zsync [2012/02/01 18:42:37 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SplitMediaLabs [2011/08/05 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SPORE [2012/07/22 22:50:11 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Spotify [2011/08/14 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SystemRequirementsLab [2011/08/01 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\TeamViewer [2011/08/17 12:19:05 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Tibia [2012/07/22 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\TS3Client [2012/07/23 22:10:48 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\uTorrent [2011/07/13 23:07:23 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E41EAF13 < End of report >

Extras: OTL Extras logfile created on: 7/24/2012 5:11:23 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Micah\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.93 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 72.48% Memory free 7.87 Gb Paging File | 6.60 Gb Available in Paging File | 83.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 78.49 Gb Free Space | 16.86% Space Free | Partition Type: NTFS Computer Name: MICAH-PC | User Name: Micah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java 7 (64-bit) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{670B1B49-9FD3-4827-9B41-471EFF580AA8}" = Evolve "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "CPUID HWMonitorPro_is1" = CPUID HWMonitor Pro 1.13 "MAXON8C02D5E0" = CINEMA 4D 12.016 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "PROSetDX" = Intel® Network Connections 15.3.68.0 "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service "{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant "{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6B76A0FE-4D7F-4BCE-8BD1-D61CAB936D40}_is1" = Beat Hazard 1.3s "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76A232AF-B7D6-41A4-B795-6B355E6D32B1}" = Tom Clancy's H.A.W.X. 2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection "{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static "{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa "{E3F2803C-B6FA-4D36-8CFE-A8AE92683E92}" = XSplit "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.04.8007 "Adobe AIR" = Adobe AIR "BattlEye for OA" = BattlEye for OA Uninstall "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 6.1_is1" = Cheat Engine 6.1 "Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "com.adobe.dmp.contentviewer" = Adobe Content Viewer "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "com.amazon.music.uploader" = Amazon MP3 Uploader "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "Fallout New Vegas_is1" = Fallout New Vegas "GOM Encoder" = GOM Encoder "GOM Player" = GOM Player "Google Chrome" = Google Chrome "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "Intel AppUp(SM) center 13747" = Intel AppUp(SM) center "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "mIRC" = mIRC "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "PowerISO" = PowerISO "PunkBusterSvc" = PunkBuster Services "StarCraft II" = StarCraft II "Steam App 105450" = Age of Empires® III: Complete Collection "Steam App 12900" = Audiosurf "Steam App 15400" = Harvest: Massive Encounter "Steam App 17510" = Age of Chivalry "Steam App 204340" = Serious Sam 2 "Steam App 204350" = Serious Sam 2 Editor "Steam App 206500" = AirMech "Steam App 240" = Counter-Strike: Source "Steam App 24790" = Command and Conquer 3: Tiberium Wars "Steam App 29720" = Guild Wars "Steam App 33900" = ARMA 2 "Steam App 33930" = ARMA 2: Operation Arrowhead "Steam App 4000" = Garry's Mod "Steam App 40100" = Supreme Commander 2 "Steam App 440" = Team Fortress 2 "Steam App 47700" = Command and Conquer 4: Tiberian Twilight "Steam App 92200" = Gundemonium Recollection "Steam App 92210" = Hitogata Happa "Steam App 92220" = GundeadliGne "TeamViewer 6" = TeamViewer 6 "Tibia_is1" = Tibia "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar "VLC media player" = VideoLAN VLC media player 0.8.6f "Windows Searchqu Toolbar" = Windows iLivid Toolbar "World of Warcraft" = World of Warcraft "World of Warcraft Public Test" = World of Warcraft Public Test "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "blinkx beat" = blinkx beat "Guild Wars" = Guild Wars "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/22/2012 2:38:52 PM | Computer Name = Micah-PC | Source = Windows Search Service | ID = 3058 Description = Error - 7/22/2012 2:38:52 PM | Computer Name = Micah-PC | Source = Windows Search Service | ID = 7010 Description = Error - 7/22/2012 4:29:38 PM | Computer Name = Micah-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SUPERAntiSpyware.exe, version: 5.5.0.1012, time stamp: 0x4fd23bae Faulting module name: SUPERAntiSpyware.exe, version: 5.5.0.1012, time stamp: 0x4fd23bae Exception code: 0xc0000005 Fault offset: 0x00078cd8 Faulting process id: 0x1224 Faulting application start time: 0x01cd6848b06fe6c8 Faulting application path: C:\Users\Micah\Downloads\SUPERAntiSpyware.exe Faulting module path: C:\Users\Micah\Downloads\SUPERAntiSpyware.exe Report Id: f4a74fe3-d43b-11e1-a515-00270e08434d Error - 7/22/2012 5:14:03 PM | Computer Name = Micah-PC | Source = Application Hang | ID = 1002 Description = The program spotify.exe version 0.8.4.93 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 830 Start Time: 01cd684ea96b3ff3 Termination Time: 0 Application Path: C:\Users\Micah\AppData\Roaming\Spotify\spotify.exe Report Id: Error - 7/22/2012 5:31:27 PM | Computer Name = Micah-PC | Source = Application Hang | ID = 1002 Description = The program EvolveClient.exe version 0.9.49.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ab4 Start Time: 01cd685105d00b4e Termination Time: 16 Application Path: C:\Program Files\Echobit\Evolve\EvolveClient.exe Report Id: Error - 7/22/2012 5:31:29 PM | Computer Name = Micah-PC | Source = Application Hang | ID = 1002 Description = The program spotify.exe version 0.8.4.93 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 960 Start Time: 01cd685102f0821a Termination Time: 0 Application Path: C:\Users\Micah\AppData\Roaming\Spotify\spotify.exe Report Id: Error - 7/23/2012 3:31:28 AM | Computer Name = Micah-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\Cultures\XSplitBroadcasterSrc.exe". Dependent Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 7/23/2012 3:31:51 AM | Computer Name = Micah-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 7/24/2012 1:58:17 AM | Computer Name = Micah-PC | Source = Application Error | ID = 1000 Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9ab Exception code: 0xc0000005 Fault offset: 0x0000000000011c66 Faulting process id: 0x63c Faulting application start time: 0x01cd6850fcff72cb Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHLWAPI.dll Report Id: 8feed8ef-d554-11e1-a2dd-00270e08434d Error - 7/24/2012 1:59:29 AM | Computer Name = Micah-PC | Source = Application Error | ID = 1000 Description = Faulting application name: services.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc10e Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting process id: 0x294 Faulting application start time: 0x01cd6850fa5b6bfd Faulting application path: C:\Windows\system32\services.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: bac21994-d554-11e1-a2dd-00270e08434d [ Media Center Events ] Error - 1/10/2012 5:14:49 PM | Computer Name = Micah-PC | Source = MCUpdate | ID = 0 Description = 2:14:47 PM - Error connecting to the internet. 2:14:47 PM - Unable to contact server.. Error - 1/18/2012 10:17:27 PM | Computer Name = Micah-PC | Source = MCUpdate | ID = 0 Description = 7:17:27 PM - Error connecting to the internet. 7:17:27 PM - Unable to contact server.. Error - 1/18/2012 10:17:43 PM | Computer Name = Micah-PC | Source = MCUpdate | ID = 0 Description = 7:17:33 PM - Error connecting to the internet. 7:17:33 PM - Unable to contact server.. [ System Events ] Error - 7/22/2012 5:28:59 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003 Description = The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error - 7/22/2012 5:28:59 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error - 7/22/2012 5:28:59 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 7/24/2012 2:01:27 AM | Computer Name = Micah-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 11:58:56 PM on ?7/?23/?2012 was unexpected. Error - 7/24/2012 2:01:34 AM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003 Description = The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error - 7/24/2012 2:01:34 AM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error - 7/24/2012 2:01:34 AM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 7/24/2012 7:08:54 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 7/24/2012 7:08:57 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003 Description = The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error - 7/24/2012 7:08:57 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. < End of report >

Picked one up a couple days ago, got a usb, and this is the log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by Micah at 22:12:14 on 2012-07-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.1707 [GMT -6:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Users\Micah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Razer\Lycosa\razerhid.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.88\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\LolClient.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\msiexec.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = Preserve mURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File uRun: [AdobeBridge] uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED mRun: [<NO NAME>] mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9 TCP: Interfaces\{28120EA2-1571-41F7-9E5F-7A5A50040511} : DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File mRun-x64: [(Default)] mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll FF - plugin: C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- . FF - user.js: extensions.autoDisableScopes - 14 . . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-13 8704] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-28 2337144] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-9 2533400] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?] R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\system32\DRIVERS\evolve.sys --> C:\Windows\system32\DRIVERS\evolve.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] RUnknown SASKUTIL;SASKUTIL; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-7 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336] S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2012-7-5 1511448] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-7 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-28 113120] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-22 20:29:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-07-22 18:42:03 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-07-22 18:33:55 -------- d-----w- C:\Windows\pss 2012-07-22 18:09:52 -------- d-----w- C:\Users\Micah\AppData\Local\ElevatedDiagnostics 2012-07-20 23:29:23 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-18 23:08:43 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A86D56EB-92DB-4A3D-88D1-54FE114411FB}\offreg.dll 2012-07-17 19:51:26 -------- d-----w- C:\ProgramData\Age of Empires 3 2012-07-17 16:49:48 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A86D56EB-92DB-4A3D-88D1-54FE114411FB}\mpengine.dll 2012-07-17 00:38:46 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive 2012-07-17 00:36:40 -------- d-----w- C:\Users\Micah\AppData\Local\ArmA 2 2012-07-17 00:29:50 -------- d-----w- C:\Users\Micah\AppData\Local\ArmA 2 OA 2012-07-17 00:21:45 -------- d-----w- C:\Users\Micah\AppData\Roaming\six-updater 2012-07-17 00:21:44 -------- d-----w- C:\Users\Micah\AppData\Roaming\six-zsync 2012-07-17 00:21:09 -------- d-----w- C:\Program Files (x86)\SIX Projects 2012-07-17 00:20:18 -------- d-----w- C:\Users\Micah\AppData\Local\Downloaded Installations 2012-07-11 09:02:59 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 01:00:32 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs 2012-07-06 00:19:49 21656 ----a-w- C:\Windows\System32\drivers\evolve.sys 2012-07-06 00:19:12 -------- d-----w- C:\Program Files\Echobit 2012-07-06 00:18:25 -------- d-----w- C:\ProgramData\Echobit 2012-07-06 00:18:10 -------- d-----w- C:\Users\Micah\AppData\Local\Echobit 2012-07-05 22:31:18 -------- d-----w- C:\Users\Micah\AppData\Local\My Games 2012-07-05 22:31:00 -------- d-----w- C:\ProgramData\REVOLT 2012-07-05 22:17:07 -------- d-----w- C:\Program Files (x86)\Games 2012-07-01 17:21:15 -------- d-----w- C:\Users\Micah\AppData\Roaming\Carbon 2012-07-01 00:12:00 -------- d-----w- C:\Users\Micah\AppData\Local\Harvest 2012-06-30 20:26:11 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys 2012-06-30 20:26:11 -------- d-----w- C:\Program Files\CPUID 2012-06-28 20:25:11 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi . ==================== Find3M ==================== . 2012-07-04 04:35:18 6656 ----a-w- C:\Windows\System32\lpcio.dll 2012-07-03 19:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-15 20:05:48 627600 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 18:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe . ============= FINISH: 22:12:25.78 =============== Thanks for any help, im actually really worried about this one.

So this is the first trojan ive had on my own computer, and i picked up malwarebytes a while ago, but after this i picked up superantispyware and HiJackThis, but i couldnt fix it.