Jump to content

Gand

Honorary Members
 View Profile  See their activity

  • Posts

    26

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Gand
    Awesome. And one of the best things that I have noticed is that my computer can now go to sleep and not freeze up everytime. I do not know what that was all about, but it is fixed. Thank you!
  2. Gand
    Okay. This was the result: Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.05.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 EX-RIG :: EX-RIG-PC [administrator] Protection: Enabled 12/5/2012 8:53:28 AM mbam-log-2012-12-05 (19-40-35).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 380925 Time elapsed: 38 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent) -> No action taken. (end) And I chose the option to have it removed. Everything is fine now.
  3. Gand
    sigh And now I am running a full scan with Malwarebytes and it has found 1 threat already. I will see what it is when I get back from work. sigh...
  4. Gand
    I have done everything you have stated to do in your last post. I thank you sincerely for all of your help!
  5. Gand
    I apologize for waiting to get back to you this late. I woke up for work late and was in a rush. For now things seem to be running well.
  6. Gand
    Will do. Thank you!
  7. Gand
    I haven't seen any difference good or bad with my system. Just today when I got home from work I restarted my computer and it just hung at a black screen with a blinking cursor for awhile. I had to hit the kill switch on the back of the computer then turn it back on and then the computer booted up properly.
  8. Gand
    Eset Log: C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan C:\Users\EX-RIG\Downloads\DTLite4454-0315.exe Win32/OpenCandy application C:\_OTL\MovedFiles\12022012_180022\C_Users\EX-RIG\AppData\Roaming\mozilla\firefox\profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi JS/Redirector.NCI trojan
  9. Gand
    Malwarebytes log: Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 EX-RIG :: EX-RIG-PC [administrator] Protection: Enabled 12/3/2012 6:52:22 PM mbam-log-2012-12-03 (18-52-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212367 Time elapsed: 2 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. Gand
    I haven't had any BSOD/memory dumps the past few days.
  11. Gand
    I am sorry. I missed that. It seems to be running the same as usual. Apart from when it goes into sleep mode it completely freezes and the graphics card crashing once in awhile.
  12. Gand
    Here it is: OTL logfile created on: 12/2/2012 6:15:47 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EX-RIG\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 5.97 Gb Available Physical Memory | 74.76% Memory free 15.96 Gb Paging File | 13.69 Gb Available in Paging File | 85.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 670.49 Gb Free Space | 71.99% Space Free | Partition Type: NTFS Drive D: | 7.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: EX-RIG-PC | User Name: EX-RIG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\EX-RIG\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe () PRC - C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.) PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Origin\tufao.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (cFosSpeedS) -- C:\Program Files\ASRock\XFast LAN\spd.exe (cFos Software GmbH) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd) SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (DesktopCentralServer) -- C:\Program Files (x86)\DesktopCentral_Server\bin\wrapper.exe (Tanuki Software, Ltd.) SRV - (MEDC Server Component - Notification Server) -- C:\Program Files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe () SRV - (MEDCServerComponent-Apache) -- C:\Program Files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe (Apache Software Foundation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc. ) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{26685492-363D-4498-B351-4C93655AD19C}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120833,17118,0,18,0 IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=A46A48171591F705ADFD42502FBE0506&q={searchTerms} IE - HKCU\..\SearchScopes\{7380A3CB-88C7-4e36-9626-4E2A4BE6E6BB}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8341BCA4-0CE5-44FB-AF38-2D95A59CF173}&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=AVG&pr=fr&d=2012-10-06 13:39:04&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 FF - prefs.js..extensions.enabledAddons: FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32 FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q=" FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/06 12:39:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/03 17:51:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/16 12:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Extensions [2012/12/02 18:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions [2012/06/16 12:10:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/06/16 12:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/08 19:05:44 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/12/01 19:56:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe () O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F7AF5A-1CB6-4058-B335-6EB262D7D740}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/10/24 10:16:00 | 000,000,066 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2009/06/11 02:44:56 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/02 18:00:22 | 000,000,000 | ---D | C] -- C:\_OTL [2012/12/02 14:47:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe [2012/12/02 14:28:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/12/01 19:49:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/01 19:49:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/01 19:49:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/01 19:49:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/01 19:49:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/01 19:48:09 | 005,009,347 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe [2012/12/01 19:39:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/12/01 19:38:10 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Telltale Games [2012/12/01 19:38:03 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2012/12/01 19:38:02 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2012/12/01 19:38:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2012/12/01 19:38:02 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2012/12/01 19:38:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2012/12/01 19:38:01 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2012/12/01 19:38:00 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2012/12/01 18:52:57 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe [2012/12/01 18:48:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com [2012/11/25 16:22:08 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\ESN [2012/11/23 12:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012/11/23 12:09:35 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012/11/23 12:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012/11/22 11:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2012/11/21 23:09:10 | 000,000,000 | ---D | C] -- C:\found.001 [2012/11/21 22:07:41 | 000,000,000 | ---D | C] -- C:\Fraps [2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\cYo [2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\cYo [2012/11/17 12:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack [2012/11/17 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack [2012/11/17 11:56:49 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012/11/17 11:05:38 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Desktop\Star Wars [2012/11/16 08:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/11/16 08:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\CrashRpt [2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Arktos [2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\Arktos [2012/11/13 23:24:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/13 23:24:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/13 23:24:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/13 23:24:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/13 23:24:31 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/13 23:24:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/13 23:24:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/13 23:24:31 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/13 23:24:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/13 23:24:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/13 23:24:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/13 23:24:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/13 23:24:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/13 23:24:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/13 23:24:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/13 19:16:02 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/13 19:16:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\The War Z [2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z [2012/11/10 17:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ========== Files - Modified Within 30 Days ========== [2012/12/02 18:14:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/02 18:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/02 18:13:59 | 2131,472,383 | -HS- | M] () -- C:\hiberfil.sys [2012/12/02 18:05:02 | 000,792,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/02 18:05:02 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/02 18:05:02 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/02 18:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/02 17:55:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/02 14:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe [2012/12/01 23:16:41 | 000,165,376 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe [2012/12/01 23:16:26 | 000,139,264 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe [2012/12/01 19:56:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/12/01 19:48:09 | 005,009,347 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe [2012/12/01 19:05:41 | 000,000,222 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url [2012/12/01 18:52:58 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe [2012/12/01 18:48:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com [2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/29 18:55:44 | 005,063,682 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub [2012/11/29 18:37:32 | 440,134,815 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/25 16:23:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/25 16:22:43 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/11/23 12:31:15 | 000,509,552 | ---- | M] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif [2012/11/23 12:29:16 | 000,068,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png [2012/11/23 12:10:42 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012/11/23 12:09:35 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012/11/22 11:40:30 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2012/11/21 23:47:05 | 000,785,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/11/19 09:03:07 | 000,020,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf [2012/11/17 12:40:22 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk [2012/11/17 11:56:49 | 000,000,221 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url [2012/11/17 11:52:29 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS [2012/11/16 08:57:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012/11/14 07:29:35 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/13 23:24:18 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2012/11/11 20:01:48 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/11/11 20:01:48 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/11/11 14:34:30 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk [2012/11/10 17:36:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk ========== Files Created - No Company Name ========== [2012/12/01 23:16:40 | 000,165,376 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe [2012/12/01 23:16:26 | 000,139,264 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe [2012/12/01 19:49:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/01 19:49:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/01 19:49:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/01 19:49:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/01 19:49:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/01 19:05:41 | 000,000,222 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url [2012/11/29 18:55:43 | 005,063,682 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub [2012/11/23 12:31:48 | 000,509,552 | ---- | C] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif [2012/11/23 12:29:27 | 000,068,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png [2012/11/23 12:10:42 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012/11/22 11:40:30 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2012/11/21 21:56:02 | 000,000,318 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Curse Client.appref-ms [2012/11/19 09:03:07 | 000,020,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf [2012/11/17 12:40:22 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk [2012/11/17 11:56:49 | 000,000,221 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url [2012/11/16 08:57:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012/11/13 23:24:18 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2012/11/11 14:34:30 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\The War Z.lnk [2012/09/14 19:57:25 | 392,589,500 | ---- | C] () -- C:\Users\EX-RIG\this.means.war.2012.unrated.720p.bluray.x264-sparks.mkv [2012/09/08 03:17:19 | 000,010,615 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.nfo [2012/09/08 03:17:19 | 000,003,317 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.sfv [2012/09/08 01:04:00 | 4290,085,058 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Return_of_the_King_Ext_2003_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4 [2012/09/08 01:04:00 | 4249,049,694 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Fellowship_of_the_Ring_Ext_2001_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4 [2012/09/08 00:35:33 | 4292,386,964 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Two_towers_Ext_2002_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4 [2012/09/03 23:42:11 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/09/03 23:42:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/07/15 10:58:06 | 000,000,094 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\fusioncache.dat [2012/07/15 10:55:11 | 000,785,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/15 10:02:36 | 000,027,520 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\dt.dat [2012/06/16 22:38:02 | 000,000,045 | ---- | C] () -- C:\Users\EX-RIG\jagex_cl_runescape_LIVE.dat [2012/06/16 22:38:02 | 000,000,024 | ---- | C] () -- C:\Users\EX-RIG\random.dat [2012/05/25 12:43:18 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012/05/25 12:43:17 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/05/25 12:43:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/05/25 12:42:21 | 000,000,003 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\user_data.ini [2012/05/25 12:34:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report >
  13. Gand
    Extras.txt: OTL Extras logfile created on: 12/2/2012 3:01:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EX-RIG\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.50% Memory free 15.96 Gb Paging File | 14.02 Gb Available in Paging File | 87.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 669.35 Gb Free Space | 71.86% Space Free | Partition Type: NTFS Drive E: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: EX-RIG-PC | User Name: EX-RIG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19D2EFEC-51DC-4B6F-9FED-63BBB29D6503}" = lport=445 | protocol=6 | dir=in | app=system | "{2F249552-DE95-40A5-8BE5-ED860AC5AA88}" = lport=57087 | protocol=17 | dir=in | name=pando media booster | "{31437DA3-946B-4766-8A09-8C85E2C07228}" = lport=57087 | protocol=6 | dir=in | name=pando media booster | "{39C96943-9991-4F4D-8D26-F8FC1C1BB97C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3C38490A-C2D3-45A9-8368-1BCD8E6C3F27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3DA6A66C-8E7B-4B7B-8923-3617D0EACF55}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{44EA860D-07CA-49D1-AC3A-1C37C9E2A329}" = rport=137 | protocol=17 | dir=out | app=system | "{459D5623-597A-4962-BF63-B25DAD6E8454}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{463C4DD5-D289-42A7-A63C-612745BF598C}" = rport=445 | protocol=6 | dir=out | app=system | "{5111773C-084A-4D6C-96D3-976549B1CD8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{523027EC-9492-4144-A334-1B6B7A9FDC18}" = lport=57087 | protocol=6 | dir=in | name=pando media booster | "{64327D8F-0F2B-4607-8D2A-B96BFD00BFC0}" = rport=138 | protocol=17 | dir=out | app=system | "{700F4F0C-3E5D-47D9-B20A-E6108E97B368}" = lport=137 | protocol=17 | dir=in | app=system | "{76E27740-A7B6-4D3A-ADAC-6C22AE4496AB}" = lport=138 | protocol=17 | dir=in | app=system | "{8709D062-7161-4796-B353-AFFCEC732DDC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A5D635FC-5CA2-4D64-88F6-8A68D9330C8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AC51C4D4-258A-4895-B502-0F8DC30D8575}" = lport=2869 | protocol=6 | dir=in | app=system | "{C54F0780-2255-456C-83E9-091E6955373B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CDBBCB80-FF01-4FEA-A521-4685A433D20A}" = lport=10243 | protocol=6 | dir=in | app=system | "{D77E9F1D-E6C8-4688-89DB-6B82BB0494D3}" = rport=139 | protocol=6 | dir=out | app=system | "{D8DCF515-A355-4E52-A19C-135D5671C082}" = rport=10243 | protocol=6 | dir=out | app=system | "{DFE6A691-9883-463B-8AE9-324AFCD96A47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E5B4EF0B-24FC-4F03-BB6B-068B517BC94C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ED4D5A3A-1E1F-4248-9A26-4EDA4BB22085}" = lport=57087 | protocol=17 | dir=in | name=pando media booster | "{F59D51AB-D28C-4202-B7EE-7B7ED63D4309}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09941C26-D77A-4CF1-9720-55DBA881B0D4}" = dir=in | app=c:\users\ex-rig\documents\the war z\warz.exe | "{0B4555C1-388F-4364-B76D-BA5138EA38B5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{0CC19BDE-735C-4A3F-9A82-A45A2DCC4A33}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1594394D-0D3E-43BF-BFFA-09B8DDC68E0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1C557C06-9075-42C8-A02E-EA953AF2537A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{25BA657C-6E92-455C-A246-FEBF6F3694CD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{25F26C4E-9A9C-4C78-8C25-93E81067B569}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | "{26598C38-74A9-40F1-84FA-3C49E94FBF76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{30414F48-472F-4D9C-A609-7A69066C429F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{32CFB45F-44F6-4D3F-8F09-0BD53866EFAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{33123B94-B2CF-46A4-8E81-8D690E8854F3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{331C6B24-6A89-4BF0-A01A-54FDF406C323}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3415F4A0-C367-4612-AB18-6A8E291F508D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | "{35EC6873-D75E-415E-B946-8A9562ED36D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | "{3AA948EF-FF2E-49ED-B155-8F178A3214CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3AB7689B-A281-4DE8-A3E9-6035C95A39D6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{41581719-90D1-4536-A43F-CF5F75A3A3F5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{418A521F-7E72-422E-B419-4A67B6C808C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{480347EB-F5C5-4083-8167-D1DACD9C104C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4A2B5FD8-8033-4C7E-95A0-3607299E770C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4AD96690-B3D8-4929-AEB8-70AFA3505B99}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{4CE8C33A-2893-4020-BA07-C9AA03B9A8EF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4E43A1F8-6880-4D82-87AE-14C46BA23E84}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{51CE23A6-7F15-4CD2-B08E-EB4C939B4A16}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{571B1F3F-E2D9-4C9E-AAAB-A6156BCD0D80}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{59CDA3EC-F27F-4675-B551-437A74EDE0DE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5D51C866-BF7B-4413-B1CB-891069572197}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{5E9C32D3-923A-47AE-9879-72EFB19579A6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{5ECD00BB-51A2-4E5C-B09C-CC6EAF67A195}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{5FB0A922-BFF4-4860-86BC-C57C7E4901DD}" = dir=in | app=c:\program files (x86)\desktopcentral_server\mysql\bin\mysqld-nt.exe | "{5FD1279B-2E26-423D-A9B1-929E41C15472}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{6249C03E-7242-4D21-A4DA-326C74A1E7D1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{63364CAC-F034-4B40-8ED3-DB9F21256DDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{6784645C-27B3-41F3-8C01-E7B908271090}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{680A92EE-1095-4955-9702-F8ADDB4A7C09}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{68F295F3-54CD-43D7-8F09-868A0CA0F37E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{6F084418-384D-49DF-815A-BD207CF0A9AE}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{76AFBF41-6AAB-45C8-BA92-4FD795905398}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{76E8F0B3-E5FC-4251-B079-5CFA07ECF586}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{780419C9-F89D-4B5C-A454-84F304ECA031}" = dir=in | app=c:\program files (x86)\desktopcentral_server\bin\wrapper.exe | "{7E2B2C74-B3C6-4122-BD76-C20C4AD3B0C4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{82168230-688F-439E-8500-B5CC4BA0F827}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{84C6B417-8367-4A27-9F64-9651D8EE6DF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{853B657A-57B1-47F6-A25C-25DD0D366519}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{8856C097-98D8-4870-B42E-469E71D064A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8ACF88B5-E71B-4777-BEFF-FCB498A1D943}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{8BC9FBB0-64F5-4C06-B7B2-E0282964D67E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{8DCE207C-0153-443C-A20E-231678310704}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{92AB5E08-835C-4D9B-9897-809FB68FA6F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{99F0AE63-6888-446E-AF7A-360C495092C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{9F597C17-EB50-428F-A1BF-60BC3774D8AE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{A18F797C-EEB1-44D3-AF54-AD24915D4C24}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A90DAD4A-C86A-4B6C-979E-49ECFD40348F}" = dir=in | app=c:\program files (x86)\desktopcentral_server\bin\dcnotificationserver.exe | "{AB3C2C78-F98F-4371-A84D-124EB4DBC61D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B28606C7-799E-4DBB-8AF7-A24A6216383B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B5B2A700-1C58-4C31-989A-68254E6DC358}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{B60B3165-6D40-4088-B54E-1A31EC573485}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{B9955FB6-BE4A-48A7-8D3B-6FF3FA403210}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BA9B2137-5747-47FE-BEC5-AAB4F3D3312D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BE31AC04-C3C4-4A8B-A879-48539123D2CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C99C7240-0CAE-415E-96E2-658F7445858C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{C9F46C7C-A2B4-415B-B47D-3AB16756274D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D07770E0-FE2C-4222-B6D3-77DD7B502133}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{D1E52EAC-C1FC-4CFD-ACF4-D3277DA3B54A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | "{D39040BB-EE33-4AF9-A8DB-538218DD4411}" = dir=in | app=c:\program files (x86)\desktopcentral_server\apache\bin\dcserverhttpd.exe | "{D4148E93-7D63-45D1-9E0F-55354E71EC31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{DB2DC029-AA97-4151-82CF-880F908ECF7A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{E13AC781-D638-4AD3-A2F6-E40C249DEE3C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E403EB2A-2332-44F8-A3BB-02E424AD9D8E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{E46F10D0-DBB2-4A23-B473-08918BDA00C4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{E8F61BBF-4055-4C3C-8D8E-072AEA6FDB7D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{E9C8AA9F-175E-4EE3-8B9B-CF785E4C0A88}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{EDC37927-32BF-4C45-B070-0B80C51E0E34}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{F4BAAC20-C174-4AEC-8D79-7C84BC452782}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F6435A03-74F1-4A4B-BF47-0DBCEB99C57C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{FD29414C-FD07-48AE-9B9A-7C7B41133226}" = protocol=6 | dir=out | app=system | "{FD8F8F25-C5E8-4A65-BB63-6190403C098F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "TCP Query User{810BF87C-EA60-41E7-B01D-A72AF903851B}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe | "TCP Query User{DA7F93C3-33EC-4DBC-B5B0-A9A59ACE5D50}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "TCP Query User{E525008D-AFDF-40BB-A6B7-680DDD7B11E4}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "UDP Query User{5A85EF82-C74E-4A07-94D2-BF875C466392}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe | "UDP Query User{CCDEA857-0EF6-4B10-9719-CC99494E864C}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "UDP Query User{E1677110-FBCF-40CD-94B8-C3F3AAB85A38}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit) "{3AB49270-1A18-D672-48AA-74F211D18B67}" = AMD Fuel "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64 "{53FF78D3-28A3-2A34-2DEF-F79BE2581146}" = AMD Drag and Drop Transcoding "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9C85D3CB-C982-2748-1169-017C2D873E2E}" = ATI AVIVO64 Codecs "{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center "{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013 "{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "ASRock App Charger_is1" = ASRock App Charger v1.0.5 "AVG" = AVG 2013 "ComicRack" = ComicRack v0.9.156 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-bit) "XFast LAN" = XFast LAN v6.61 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0FD40A50-38AB-454F-B41E-AC365E13D06D}" = calibre "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C284C44-B8E0-2ED3-8154-52133AAFF538}" = HydraVision "{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian "{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek "{55DBE324-BA6A-4AE2-BC68-B406915C2C0B}" = Overwolf "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish "{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish "{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish "{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = AMD VISION Engine Control Center "{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian "{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai "{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish "{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 "{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha "{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}" = ManageEngine Desktop Central 8 - Server "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean "{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All "{D726D186-0BA7-8BC4-6273-A9AED17C7B8A}" = Application Profiles "{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech "{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.122 "ASRock InstantBoot_is1" = ASRock InstantBoot v1.29 "Battlelog Web Plugins" = Battlelog Web Plugins "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DAEMON Tools Lite" = DAEMON Tools Lite "e01f4d10-f2d0-11dd-ba2f-0800200c9a66_is1" = The Lord of the Rings Online™: Riders of Rohan™! v03.08.00.1107 "ESN Sonar-0.70.4" = ESN Sonar "Fraps" = Fraps (remove only) "Google Chrome" = Google Chrome "InstallShield_{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost "InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Steam App 207610" = The Walking Dead "Steam App 48190" = Assassin's Creed Brotherhood "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.3 "World of Warcraft" = World of Warcraft "XFast USB" = XFast USB ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "101a9f93b8f0bb6f" = Curse Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/1/2012 1:46:27 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 12/1/2012 1:57:48 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 12/1/2012 6:41:09 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 12/1/2012 7:43:02 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 12/1/2012 8:40:59 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 12/2/2012 4:07:24 AM | Computer Name = EX-RIG-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 12/2/2012 4:18:46 AM | Computer Name = EX-RIG-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/2/2012 4:18:46 AM | Computer Name = EX-RIG-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9968 Error - 12/2/2012 4:18:46 AM | Computer Name = EX-RIG-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9968 Error - 12/2/2012 1:45:50 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 12/2/2012 3:38:50 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. [ System Events ] Error - 10/9/2012 12:44:32 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7034 Description = The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error - 10/9/2012 9:02:29 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 10/9/2012 9:02:31 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7034 Description = The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error - 10/9/2012 9:02:31 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7038 Description = The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%1352 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 10/9/2012 9:02:31 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7000 Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: %%1069 Error - 10/9/2012 7:07:57 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 10/9/2012 8:49:40 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 10/9/2012 8:49:40 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7034 Description = The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error - 10/9/2012 11:48:17 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 10/9/2012 11:48:19 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7034 Description = The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). < End of report >
  14. Gand
    OTL.txt OTL logfile created on: 12/2/2012 3:01:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EX-RIG\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.50% Memory free 15.96 Gb Paging File | 14.02 Gb Available in Paging File | 87.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 669.35 Gb Free Space | 71.86% Space Free | Partition Type: NTFS Drive E: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: EX-RIG-PC | User Name: EX-RIG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\EX-RIG\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe () PRC - C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.) PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Origin\tufao.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (cFosSpeedS) -- C:\Program Files\ASRock\XFast LAN\spd.exe (cFos Software GmbH) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd) SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (DesktopCentralServer) -- C:\Program Files (x86)\DesktopCentral_Server\bin\wrapper.exe (Tanuki Software, Ltd.) SRV - (MEDC Server Component - Notification Server) -- C:\Program Files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe () SRV - (MEDCServerComponent-Apache) -- C:\Program Files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe (Apache Software Foundation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc. ) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=18BA7DCC-3780-4D1D-8013-524F44E25EA3&apn_sauid=DCA3FF93-A6A8-4E68-A4A4-817AC8398A18 IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{26685492-363D-4498-B351-4C93655AD19C}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120833,17118,0,18,0 IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=A46A48171591F705ADFD42502FBE0506&q={searchTerms} IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{7380A3CB-88C7-4e36-9626-4E2A4BE6E6BB}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8341BCA4-0CE5-44FB-AF38-2D95A59CF173}&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=AVG&pr=fr&d=2012-10-06 13:39:04&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.2.100013 FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32 FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q=" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/06 12:39:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/03 17:51:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/16 12:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Extensions [2012/10/28 12:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions [2012/06/16 12:10:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [1832/11/28 23:37:17 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\firefox\profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi [2012/09/09 13:17:53 | 000,002,568 | ---- | M] () -- C:\Users\EX-RIG\AppData\Roaming\mozilla\firefox\profiles\wwmoc3kr.default\searchplugins\askcom.xml [2012/06/16 12:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/08 19:05:44 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/12/01 19:56:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () O3 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe () O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.) O4 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F7AF5A-1CB6-4058-B335-6EB262D7D740}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 02:44:56 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/02 14:47:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe [2012/12/02 14:28:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/12/01 19:49:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/01 19:49:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/01 19:49:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/01 19:49:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/01 19:49:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/01 19:48:09 | 005,009,347 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe [2012/12/01 19:39:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/12/01 19:38:10 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Telltale Games [2012/12/01 18:52:57 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe [2012/12/01 18:48:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com [2012/11/25 16:22:08 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\ESN [2012/11/23 12:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012/11/23 12:09:35 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012/11/23 12:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012/11/22 11:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2012/11/21 23:09:10 | 000,000,000 | ---D | C] -- C:\found.001 [2012/11/21 22:07:41 | 000,000,000 | ---D | C] -- C:\Fraps [2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\cYo [2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\cYo [2012/11/17 12:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack [2012/11/17 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack [2012/11/17 11:56:49 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012/11/17 11:05:38 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Desktop\Star Wars [2012/11/16 08:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/11/16 08:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\CrashRpt [2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Arktos [2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\Arktos [2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\The War Z [2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z [2012/11/10 17:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/02 15:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/02 14:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/02 14:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe [2012/12/02 14:44:15 | 000,792,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/02 14:44:15 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/02 14:44:15 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/02 14:38:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/02 14:38:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/02 14:38:46 | 2131,472,383 | -HS- | M] () -- C:\hiberfil.sys [2012/12/01 23:16:41 | 000,165,376 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe [2012/12/01 23:16:26 | 000,139,264 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe [2012/12/01 19:56:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/12/01 19:48:09 | 005,009,347 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe [2012/12/01 19:05:41 | 000,000,222 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url [2012/12/01 18:52:58 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe [2012/12/01 18:48:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com [2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/29 18:55:44 | 005,063,682 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub [2012/11/29 18:37:32 | 440,134,815 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/25 16:23:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/25 16:22:43 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/11/23 12:31:15 | 000,509,552 | ---- | M] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif [2012/11/23 12:29:16 | 000,068,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png [2012/11/23 12:10:42 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012/11/23 12:09:35 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012/11/22 11:40:30 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2012/11/21 23:47:05 | 000,785,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/11/19 09:03:07 | 000,020,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf [2012/11/17 12:40:22 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk [2012/11/17 11:56:49 | 000,000,221 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url [2012/11/17 11:52:29 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS [2012/11/16 08:57:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012/11/14 07:29:35 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/13 23:24:18 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2012/11/11 14:34:30 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk [2012/11/10 17:36:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/01 23:16:40 | 000,165,376 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe [2012/12/01 23:16:26 | 000,139,264 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe [2012/12/01 19:49:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/01 19:49:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/01 19:49:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/01 19:49:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/01 19:49:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/01 19:05:41 | 000,000,222 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url [2012/11/29 18:55:43 | 005,063,682 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub [2012/11/23 12:31:48 | 000,509,552 | ---- | C] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif [2012/11/23 12:29:27 | 000,068,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png [2012/11/23 12:10:42 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012/11/22 11:40:30 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2012/11/21 21:56:02 | 000,000,318 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Curse Client.appref-ms [2012/11/19 09:03:07 | 000,020,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf [2012/11/17 12:40:22 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk [2012/11/17 11:56:49 | 000,000,221 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url [2012/11/16 08:57:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012/11/13 23:24:18 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2012/11/11 14:34:30 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\The War Z.lnk [2012/09/14 19:57:25 | 392,589,500 | ---- | C] () -- C:\Users\EX-RIG\this.means.war.2012.unrated.720p.bluray.x264-sparks.mkv [2012/09/08 03:17:19 | 000,010,615 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.nfo [2012/09/08 03:17:19 | 000,003,317 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.sfv [2012/09/08 01:04:00 | 4290,085,058 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Return_of_the_King_Ext_2003_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4 [2012/09/08 01:04:00 | 4249,049,694 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Fellowship_of_the_Ring_Ext_2001_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4 [2012/09/08 00:35:33 | 4292,386,964 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Two_towers_Ext_2002_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4 [2012/09/03 23:42:11 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/09/03 23:42:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/07/15 10:58:06 | 000,000,094 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\fusioncache.dat [2012/07/15 10:55:11 | 000,785,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/15 10:02:36 | 000,027,520 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\dt.dat [2012/06/16 22:38:02 | 000,000,045 | ---- | C] () -- C:\Users\EX-RIG\jagex_cl_runescape_LIVE.dat [2012/06/16 22:38:02 | 000,000,024 | ---- | C] () -- C:\Users\EX-RIG\random.dat [2012/05/25 12:43:18 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012/05/25 12:43:17 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/05/25 12:43:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/05/25 12:42:21 | 000,000,003 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\user_data.ini [2012/05/25 12:34:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/10/12 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012/10/12 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012/07/21 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\.minecraft [2012/07/16 18:59:20 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\AVG [2012/10/06 12:41:46 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\AVG2013 [2012/07/24 16:56:19 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\calibre [2012/11/17 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\cYo [2012/08/18 11:11:18 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\DAEMON Tools Lite [2012/07/15 01:24:14 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\DeviceVm [2012/09/20 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\DriverCure [2012/05/25 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Leadertech [2012/07/21 18:50:02 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Marine Aquarium 3 [2012/10/11 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Mumble [2012/09/03 17:53:22 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Nuance [2012/11/29 18:39:31 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Origin [2012/09/20 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\ParetoLogic [2012/08/11 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Splashtop [2012/08/18 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Thinstall [2012/11/22 00:49:33 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\TS3Client [2012/08/03 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\ts3overlay [2012/10/06 12:39:16 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\TuneUp Software [2012/07/15 10:58:16 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Turbine [2012/11/22 11:37:09 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\uTorrent [2012/06/07 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report >
  15. Gand
    Under point 6 in your post you state: "Under the Custom Scan box paste this in" but there is nothing there. Please confirm.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.