Jump to content

Armanatar

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

 Content Type 

Everything posted by Armanatar

  1. Armanatar

    Don't know how I would have gotten rid of that infernal toolbar without your help. Thank you.

  2. Armanatar
    Scratch that last statement. Restarted Chrome and I think it might be gone. Thanks for your assistance; this thing was tenacious. Teach me to watch what I'm clicking, I'll tell you that.
  3. Armanatar
    No change, but hopefully this'll help. ComboFix.txt TDSSKiller.2.8.15.0_31.12.2012_20.58.34_log.txt
  4. Armanatar
    Reinstall of Chrome made no difference. Install happened a few weeks ago, probably via one of those banner adds that looks like a download button on a download page (normally I wouldn't fall for something like that, but it was my first time on the site and the fake was well done). Don't recall the name of the site.
  5. Armanatar
    No luck. Tried reinstalling, all it did was install a second Whitesmoke extension which has proven equally resilient. Tried the second suggestion as well to no avail, tried uninstalling both and clearing all browsing data, did that again with a reboot, nothing.
  6. Armanatar
    Did so, nothing detected at all.
  7. Armanatar
    Ran Hitman Pro, found a bunch of tracking cookies, but no threats.
  8. Armanatar
    Don't have IE installed, reset Firefox (after updating, I still had FF 7 or something; I don't exactly use it often). Getting ready to run Hitman Pro now.
  9. Armanatar
    # AdwCleaner v2.104 - Logfile created 12/31/2012 at 18:48:15 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : JDC - JUSTIN # Boot Mode : Normal # Running from : C:\Documents and Settings\JDC\My Documents\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\Conduit ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Registry is clean. -\\ Mozilla Firefox v7.0.1 (en-US) File : C:\Documents and Settings\JDC\Application Data\Mozilla\Firefox\Profiles\otx2cpr2.default\prefs.js [OK] File is clean. -\\ Chromium v window_placement: { bottom: 728 File : C:\Documents and Settings\JDC\Local Settings\Application Data\Chromium\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [940 octets] - [31/12/2012 18:48:15] ########## EOF - C:\AdwCleaner[R1].txt - [999 octets] ##########
  10. Armanatar
    The last two are AVG Do Not Track and DivX web player. I also have an autocomplete=on and a reload all tabs extension, which hadn't yet loaded. As far as I know, there's no problem with any of them, and I've had them for years. Tried to remove the Whitesmoke toolbar extension, but whenever I close out of and reopen Chrome, there it is.
  11. Armanatar
    OTL logfile created on: 12/31/2012 6:00:14 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\JDC\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 77.06% Memory free 5.33 Gb Paging File | 4.48 Gb Available in Paging File | 83.90% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 931.51 Gb Total Space | 689.51 Gb Free Space | 74.02% Space Free | Partition Type: NTFS Drive D: | 219.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JUSTIN | User Name: JDC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/31 17:58:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JDC\My Documents\Downloads\OTL.exe PRC - [2012/12/07 23:23:29 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2012/10/17 17:49:56 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2011/02/19 07:55:18 | 000,826,368 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\system32\PrintDisp.exe PRC - [2010/11/11 17:08:06 | 001,011,712 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe PRC - [2010/06/14 16:10:32 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2010/04/05 23:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe PRC - [2009/10/28 18:59:48 | 000,065,536 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\system32\PrintCtrl.exe PRC - [2009/02/22 22:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/11/08 23:55:04 | 000,884,696 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe PRC - [2007/11/08 23:53:54 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2007/11/08 23:53:50 | 000,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2007/11/08 23:52:22 | 001,274,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe PRC - [2005/02/03 10:34:58 | 000,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe PRC - [2005/02/03 03:08:52 | 000,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe PRC - [2004/07/27 09:08:22 | 000,262,144 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\memcard.exe PRC - [2004/07/25 19:50:00 | 000,401,667 | ---- | M] (Dritek System Inc.) -- C:\Program Files\KEMailKb\KEMailKb.EXE ========== Modules (No Company Name) ========== MOD - [2012/12/20 15:33:22 | 000,647,168 | ---- | M] () -- C:\Program Files\Steam\sdl.dll MOD - [2012/12/20 15:32:38 | 020,320,240 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll MOD - [2012/12/20 15:32:32 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll MOD - [2012/12/20 15:32:32 | 000,969,280 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll MOD - [2012/12/20 15:32:32 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll MOD - [2012/12/20 15:32:32 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2009/12/09 20:20:06 | 000,126,976 | ---- | M] () -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007/11/08 22:46:04 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageEchoWorkstation\fox.dll MOD - [2007/07/12 10:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\acAuth.dll MOD - [2005/02/03 10:34:58 | 000,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe MOD - [2005/02/03 03:08:52 | 000,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe MOD - [2005/02/03 03:07:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\JetPrint.dll MOD - [2005/02/03 03:06:50 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\JetScan.dll MOD - [2005/02/03 03:05:54 | 000,135,168 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\JetDecmp.dll MOD - [2005/02/03 03:05:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\JetImage.dll MOD - [2005/02/03 03:05:21 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\JetPDF.dll MOD - [2005/02/03 03:05:05 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\JetFunc.dll MOD - [2004/10/08 13:47:26 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBUPP5C.DLL MOD - [2004/07/29 16:54:20 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\ConvDIB.dll MOD - [2004/07/27 09:08:22 | 000,262,144 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe WMP54GSv1_1.exe -- (WMP54GSSVC) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService) SRV - [2012/12/13 14:27:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/24 16:50:55 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2012/10/17 17:49:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/09/23 09:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/08/15 10:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010/10/29 11:48:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010/04/05 23:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2009/10/28 18:59:48 | 000,065,536 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\WINDOWS\system32\PrintCtrl.exe -- (Printer Control) SRV - [2009/02/22 22:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2007/11/08 23:53:50 | 000,423,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2004/10/25 16:13:32 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\system32\dlbucoms.exe -- (dlbu_device) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JDC\LOCALS~1\Temp\gtermddo.sys -- (gtermddo) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/08/24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/07/26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/07/03 10:25:19 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/12/26 14:34:30 | 000,010,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ampa.sys -- (ampa) DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011/12/23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011/05/26 21:31:52 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010/11/05 10:13:10 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/04/27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010/04/27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010/04/27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010/04/27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2010/01/26 12:41:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009/07/16 16:11:43 | 000,454,688 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2009/07/16 16:11:43 | 000,043,008 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2009/07/16 16:11:39 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2009/07/07 05:59:03 | 001,810,560 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ctafilt.sys -- (Ctafilt) DRV - [2009/02/25 12:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32) DRV - [2008/05/13 18:08:04 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008/04/17 03:33:00 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008/01/15 20:12:39 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006/10/15 22:58:36 | 000,472,832 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) DRV - [2004/12/22 00:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2003/09/25 21:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5) DRV - [2001/08/17 11:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) DRV - [2001/08/17 11:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) DRV - [2001/08/17 11:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) DRV - [2001/08/17 11:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate08232012 IE - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ IE - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} IE - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "XFINITY" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://agc.deskslave.org/" FF - prefs.js..extensions.enabledAddons: info@allpremiumplay.info:1.0 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189 FF - prefs.js..extensions.enabledAddons: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2191 FF - prefs.js..extensions.enabledAddons: btpersonas@brandthunder.com:1.6.2.8 FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:2.4.26 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: cacaoweb@cacaoweb.org:1.0.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: lookingforgroupboom@lookingforgroup.com:1.2.4 FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 07:40:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/29 20:27:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 12:52:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/04 00:51:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 09:22:03 | 000,000,000 | ---D | M] [2009/10/01 15:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JDC\Application Data\Mozilla\Extensions [2009/10/01 15:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JDC\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2012/12/31 17:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JDC\Application Data\Mozilla\Firefox\Profiles\otx2cpr2.default\extensions [2009/09/02 08:20:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JDC\Application Data\Mozilla\Firefox\Profiles\otx2cpr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/03/08 21:25:24 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\JDC\Application Data\Mozilla\Firefox\Profiles\otx2cpr2.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010/03/08 21:25:13 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\JDC\Application Data\Mozilla\Firefox\Profiles\otx2cpr2.default\extensions\activegs@freetoolsassociation.com [2012/11/13 00:49:03 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Documents and Settings\JDC\Application Data\Mozilla\Firefox\Profiles\otx2cpr2.default\extensions\btpersonas@brandthunder.com [2012/09/13 11:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/04/30 13:41:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/03 10:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/12 21:22:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/02 13:23:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/01 09:30:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/06/22 21:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/07/29 23:31:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/09/13 11:48:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/07/02 12:52:52 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK [2012/09/11 07:40:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4 [2012/04/29 20:27:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012/02/04 00:51:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2007/02/12 14:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\mozilla firefox\plugins\npigl.dll [2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2012/02/04 00:51:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/28 15:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xfinity.xml CHR - Extension: No name found = C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\ CHR - Extension: No name found = C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: No name found = C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: No name found = C:\Documents and Settings\JDC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/11/23 15:18:24 | 000,444,793 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15279 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CtaMon] C:\WINDOWS\System32\CtaMon.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [CTAPR2] C:\Program Files\Creative\SB Arena Surround Headset\Console Launcher 3\Entertainment Console\CTAPR2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe () O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL () O4 - HKLM..\Run: [KEMailKb] C:\Program Files\KEMailKb\KEMailKb.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com) O4 - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-1454471165-412668190-1417001333-1003..\Run: [steam] C:\program files\steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1454471165-412668190-1417001333-1003..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/533.4_(KHTML,_like_Gecko)_Chrome/5.0.375.126_Safari/533.4" -"http://homepages.paradise.net.nz/~trekker/policeboxes/replicas.html" File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1454471165-412668190-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E21BF74-5EBB-49FF-891E-986AB2CA48BA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5C4DE01-43D1-482D-81C2-A054B9276D67}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\JDC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\JDC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/07/09 06:05:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2002/08/17 17:11:50 | 000,122,880 | R--- | M] () - D:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002/08/02 14:23:28 | 000,000,136 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{8c990a64-68d8-11df-b88e-0015e9fc8910}\Shell\AutoRun\command - "" = G:\__STICKYDRIVE\StickyDrive.exe O33 - MountPoints2\{c883879a-1b58-11e0-b982-001cc0e30004}\Shell - "" = AutoRun O33 - MountPoints2\{c883879a-1b58-11e0-b982-001cc0e30004}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c883879a-1b58-11e0-b982-001cc0e30004}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{ef8efce4-7f76-11de-97e5-0015e9fc8910}\Shell - "" = AutoRun O33 - MountPoints2\{ef8efce4-7f76-11de-97e5-0015e9fc8910}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ef8efce4-7f76-11de-97e5-0015e9fc8910}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/12/31 17:19:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2012/12/31 17:19:26 | 000,000,000 | ---D | C] -- C:\JRT [2012/12/31 16:26:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JDC\Start Menu\Programs\Administrative Tools [2012/12/16 21:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JDC\Application Data\Warner Bros. Interactive Entertainment [2012/12/14 13:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/14 13:57:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/12/14 13:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/12/13 19:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/12/13 19:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/12/13 19:00:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/31 17:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/31 17:18:03 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-412668190-1417001333-1003UA.job [2012/12/31 17:17:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/31 17:17:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/31 08:31:38 | 104,799,771 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/12/30 20:18:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-412668190-1417001333-1003Core.job [2012/12/28 08:22:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/12/25 18:19:26 | 000,344,538 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/12/23 10:50:02 | 000,502,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/12/23 10:50:02 | 000,088,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/12/23 10:40:19 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/20 05:18:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/18 01:25:31 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\JDC\Desktop\Skype.lnk [2012/12/16 21:41:15 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\JDC\Desktop\LEGO Lord of the Rings.url [2012/12/14 13:57:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/13 19:00:13 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/12/13 14:20:33 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\JDC\Desktop\Google Chrome.lnk [2012/12/13 14:20:33 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\JDC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/12/13 13:41:12 | 000,000,620 | ---- | M] () -- C:\WINDOWS\dellstat.ini [2012/12/11 14:22:18 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/04 16:31:24 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\dt.dat [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/18 01:25:31 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\JDC\Desktop\Skype.lnk [2012/12/16 18:41:14 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\JDC\Desktop\LEGO Lord of the Rings.url [2012/12/14 13:57:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/04 16:31:24 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\dt.dat [2012/09/06 08:57:26 | 004,399,616 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012/05/17 23:06:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2012/04/14 20:46:37 | 001,323,448 | ---- | C] () -- C:\WINDOWS\ampa.exe [2012/04/14 20:46:37 | 000,010,936 | ---- | C] () -- C:\WINDOWS\System32\ampa.sys [2012/03/08 11:03:51 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/03/08 11:03:51 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/03/08 11:03:51 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/03/08 11:02:43 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/02/15 18:14:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/09 22:45:18 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011/07/20 19:06:44 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2011/07/20 19:06:44 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2011/07/20 19:06:44 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2011/06/29 15:00:59 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll [2011/06/29 15:00:52 | 001,218,627 | ---- | C] () -- C:\WINDOWS\unins000.exe [2011/06/29 15:00:52 | 000,020,714 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011/06/29 15:00:40 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe [2011/06/29 15:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe [2011/05/31 10:51:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SelSet.INI [2011/04/07 20:51:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2011/03/21 12:31:25 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2011/03/21 12:27:59 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2011/02/28 14:26:40 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys [2011/02/28 14:26:40 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin [2011/02/04 18:15:31 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll [2011/02/04 18:14:57 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011/01/11 17:15:37 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/09/15 21:49:07 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\fusioncache.dat [2009/07/22 23:40:07 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\JDC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/22 20:57:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 06:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009/07/16 16:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2012/06/19 11:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2011/04/21 08:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2012/10/24 15:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare [2011/03/15 10:07:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/01/26 12:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2012/05/18 20:01:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS [2011/02/04 18:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD X Studios [2012/03/07 18:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core [2012/03/10 12:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs [2012/03/07 18:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2011/08/01 00:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibraltar [2011/06/29 15:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iceni [2010/10/30 17:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kalypso [2012/12/31 08:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/03/07 18:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin [2011/06/15 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock [2011/10/07 00:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2009/09/15 21:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine [2012/11/13 22:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs [2010/10/30 14:29:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1338EDEE-1DCB-4AA7-9B0F-956BE76B0A4A} [2011/06/15 17:28:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F8C68EDE-B8FE-4310-97A9-BF1BF0722E5E} [2010/09/30 16:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\.minecraft [2010/09/07 12:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\.ZMatrix [2011/10/06 23:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\AVG [2011/10/19 09:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\AVG2012 [2010/11/25 16:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\Bioshock [2011/11/03 01:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\Bioshock2 [2012/08/07 16:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\BitTyrant [2009/07/25 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\DAEMON Tools Lite [2012/04/29 20:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\DDMSettings [2010/10/13 17:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\Digiarty [2010/07/28 19:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\FreeBurner [2010/12/22 18:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\GetRightToGo [2011/06/29 15:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\Iceni [2009/07/09 06:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\InterTrust [2010/03/02 20:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\LEGO Company [2012/02/26 11:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\LimeWire [2010/08/04 23:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\LucasArts [2012/03/06 12:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\Origin [2010/08/04 23:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\Petroglyph [2009/11/13 16:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\runic games [2009/09/18 13:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\ScripterRon [2009/11/04 23:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\SecondLife [2010/10/30 14:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\Stardock [2012/11/13 22:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\SystemRequirementsLab [2009/09/03 14:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\uTorrent [2012/11/13 22:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\VistaCodecs [2012/12/16 21:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JDC\Application Data\Warner Bros. Interactive Entertainment ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\xvid.ax:SummaryInformation @Alternate Data Stream - 368 bytes -> C:\Documents and Settings\JDC\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4 < End of report > OTL Extras logfile created on: 12/31/2012 6:00:14 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\JDC\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 77.06% Memory free 5.33 Gb Paging File | 4.48 Gb Available in Paging File | 83.90% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 931.51 Gb Total Space | 689.51 Gb Free Space | 74.02% Space Free | Partition Type: NTFS Drive D: | 219.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JUSTIN | User Name: JDC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1454471165-412668190-1417001333-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age: Origins "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins Launcher "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater "C:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe" = C:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main "C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD "C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater "C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server "C:\Program Files\Ubi Soft\SSG\Warlords Battlecry II\Battlecry II.exe" = C:\Program Files\Ubi Soft\SSG\Warlords Battlecry II\Battlecry II.exe:*:Enabled:Warlords Battlecry II -- (Strategic Studies Group) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\BitTyrant\Azureus.exe" = C:\Program Files\BitTyrant\Azureus.exe:*:Enabled:Azureus -- (Aelitis) "C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.) "C:\Program Files\Irrational Games\Freedom Force vs The 3rd Reich\ffvt3r.exe" = C:\Program Files\Irrational Games\Freedom Force vs The 3rd Reich\ffvt3r.exe:*:Enabled:Freedom Force ® vs. The 3rd Reich -- (Irrational Games) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Graboid\GraboidVideo\1.6.5.0\GraboidClient.exe" = C:\Program Files\Graboid\GraboidVideo\1.6.5.0\GraboidClient.exe:*:Enabled: -- (Graboid Inc) "C:\Program Files\Infogrames\Robot Arena 2\Robot Arena 2.exe" = C:\Program Files\Infogrames\Robot Arena 2\Robot Arena 2.exe:*:Enabled:Robot Arena 2 -- () "C:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe" = C:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Disabled:EE-AOC -- () "C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.) "C:\Program Files\Steam\steamapps\armanatar\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\armanatar\team fortress 2\hl2.exe:*:Enabled:hl2 "C:\Program Files\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe" = C:\Program Files\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe:*:Enabled:Mass Effect™ 3 -- (BioWare) "C:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe" = C:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe:*:Enabled:BmGame -- (Rocksteady Studios Ltd) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE.exe" = C:\Program Files\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE.exe:*:Enabled:Serious Sam HD: The Second Encounter -- () "C:\Program Files\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE_Unrestricted.exe" = C:\Program Files\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE_Unrestricted.exe:*:Enabled:Serious Sam HD: The Second Encounter -- () "C:\Program Files\Steam\steamapps\common\frozen synapse\FrozenSynapse.exe" = C:\Program Files\Steam\steamapps\common\frozen synapse\FrozenSynapse.exe:*:Enabled:Frozen Synapse -- () "C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\witcher.exe" = C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\witcher.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red) "C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\djinni!.exe" = C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\djinni!.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red) "C:\Program Files\Steam\steamapps\common\cthulhu saves the world\CSTW.exe" = C:\Program Files\Steam\steamapps\common\cthulhu saves the world\CSTW.exe:*:Enabled:Cthulhu Saves the World -- (Microsoft) "C:\Program Files\Steam\steamapps\common\breath of death vii\BoDVIIPC.exe" = C:\Program Files\Steam\steamapps\common\breath of death vii\BoDVIIPC.exe:*:Enabled:Breath of Death VII -- (Microsoft) "C:\Program Files\Steam\steamapps\common\Psychonauts\Psychonauts.exe" = C:\Program Files\Steam\steamapps\common\Psychonauts\Psychonauts.exe:*:Enabled:Psychonauts -- (Double Fine Productions) "C:\Program Files\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe" = C:\Program Files\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe:*:Enabled:Alice: Madness Returns -- (Electronic Arts, Inc.) "C:\Program Files\Rocksteady\Batman Arkham City\Binaries\Win32\BatmanAC.exe" = C:\Program Files\Rocksteady\Batman Arkham City\Binaries\Win32\BatmanAC.exe:*:Enabled:Batman: Arkham City -- (Rocksteady Studios Ltd.) "C:\Program Files\Steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe" = C:\Program Files\Steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe:*:Enabled:Vampire: The Masquerade - Bloodlines -- () "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Steam\steamapps\common\dungeons of dredmor\Dungeons of Dredmor.exe" = C:\Program Files\Steam\steamapps\common\dungeons of dredmor\Dungeons of Dredmor.exe:*:Enabled:Dungeons of Dredmor -- () "C:\Program Files\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe" = C:\Program Files\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe:*:Enabled:Deus Ex: Human Revolution -- (Square Enix Limited) "C:\Program Files\Steam\steamapps\common\dxhrml\dxhrml.exe" = C:\Program Files\Steam\steamapps\common\dxhrml\dxhrml.exe:*:Enabled:Deus Ex: Human Revolution - The Missing Link -- (Square Enix Limited) "C:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe" = C:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe:*:Enabled:Batman: Arkham Asylum GOTY Edition -- (Rocksteady Studios Ltd) "C:\Program Files\Steam\steamapps\common\magicka\Magicka.exe" = C:\Program Files\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka -- (Arrowhead Game Studios AB) "C:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe" = C:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins - Ultimate Edition -- (BioWare) "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAOrigins.exe" = C:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAOrigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare) "C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants vs. Zombies: Game of the Year -- () "C:\Program Files\Steam\steamapps\common\Darksiders 2\Darksiders2.exe" = C:\Program Files\Steam\steamapps\common\Darksiders 2\Darksiders2.exe:*:Enabled:Darksiders II -- () "C:\Program Files\Steam\steamapps\common\Blood Bowl Chaos Edition\BB_Chaos.exe" = C:\Program Files\Steam\steamapps\common\Blood Bowl Chaos Edition\BB_Chaos.exe:*:Enabled:Blood Bowl: Chaos Edition -- (Cyanide) "C:\Program Files\Steam\steamapps\common\blood bowl legendary edition\BB_LE.exe" = C:\Program Files\Steam\steamapps\common\blood bowl legendary edition\BB_LE.exe:*:Enabled:Blood Bowl: Legendary Edition -- (Cyanide) "C:\Program Files\Steam\steamapps\common\spacechem\SpaceChem.exe" = C:\Program Files\Steam\steamapps\common\spacechem\SpaceChem.exe:*:Enabled:SpaceChem -- (Zachtronics Industries) "C:\Program Files\Steam\steamapps\common\on the rain-slick precipice of darkness - episode one\RainSlickEp1.exe" = C:\Program Files\Steam\steamapps\common\on the rain-slick precipice of darkness - episode one\RainSlickEp1.exe:*:Enabled:On the Rain-Slick Precipice of Darkness, Episode One -- () "C:\Program Files\Steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\RainSlickEp2.exe" = C:\Program Files\Steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\RainSlickEp2.exe:*:Enabled:On the Rain-Slick Precipice of Darkness, Episode Two -- () "C:\Program Files\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe" = C:\Program Files\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare) "C:\Program Files\Steam\steamapps\common\mass effect 2\MassEffect2Launcher.exe" = C:\Program Files\Steam\steamapps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare) "C:\Program Files\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- () "C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- () "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\Steam\steamapps\common\CastleCrashers\castle.exe" = C:\Program Files\Steam\steamapps\common\CastleCrashers\castle.exe:*:Enabled:Castle Crashers -- () "C:\Program Files\Steam\steamapps\common\LEGO Lord of the Rings\LEGOLOTR.exe" = C:\Program Files\Steam\steamapps\common\LEGO Lord of the Rings\LEGOLOTR.exe:*:Enabled:LEGO Lord of the Rings -- (Warner Bros. Interactive Entertainment) "C:\Program Files\Steam\steamapps\common\Precipice Of Darkness 3\Rainslick3.exe" = C:\Program Files\Steam\steamapps\common\Precipice Of Darkness 3\Rainslick3.exe:*:Enabled:Penny Arcade's On the Rain-Slick Precipice of Darkness 3 -- (Zeboyd Games) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1" = Aomei Partition Assistant Home Edition 4.0 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1759FA61-153B-436D-A663-E7C50D80D2D8}_is1" = Batman Arkham City "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{297D51FC-9AE2-4778-AB62-D202E7EE7D53}" = Robot Arena 2 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0 "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{300D824F-DA86-4F08-B38C-3B204291AFE9}_is1" = SpaceChem Demo "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{46E89225-3BA5-4AE1-A7CD-1FCED004394A}" = Acronis True Image Echo Workstation "{4856D36C-43EB-4D9C-B2EA-CFEE7B945E4F}" = AVG 2012 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{5054EB64-22BB-43EF-BD7E-102609CEF478}" = Gamut "{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{927D5D39-5B7F-488E-ACC8-D1AEE56B4631}" = Fractal Terrains Pro Demo "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.81 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.81 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit "{B3DFF4C8-50BA-463D-8334-4BAFE7172EA6}" = SB Arena Headset "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B49C924C-A651-4378-94F6-5D9BF44A959F}" = Empire Earth - The Art of Conquest "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012 "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C87D9E1D-A919-4FCD-98FE-692193937D06}" = The Political Machine 2008 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse "{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.31 "4U AVI MPEG Converter_is1" = 4U AVI MPEG Converter (version 5.6.9) "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Age of Mythology 1.0" = Age of Mythology "Amazon Kindle" = Amazon Kindle "Audacity_is1" = Audacity 1.2.6 "AutoHotkey" = AutoHotkey 1.0.48.05 "AutoREALM_is1" = AutoREALM Version 2.2.1 "AVG" = AVG 2012 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "Baldur's Gate" = Baldur's Gate "Battle for Wesnoth 1.8.5" = Battle for Wesnoth 1.8.5 "BitTyrant" = BitTyrant "CDisplay_is1" = CDisplay 1.8 "Creative Software AutoUpdate" = Creative Software AutoUpdate "DAEMON Tools Lite" = DAEMON Tools Lite "DebugMode Wax 2.0" = DebugMode Wax 2.0 "Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942 "DivX Setup" = DivX Setup "DVD X Player 5.4 Professional_is1" = DVD X Player 5.4 Professional "DVDStyler_is1" = DVDStyler v1.8.1 "Easy Image Converter_is1" = Easy Image Converter "Free Easy Burner_is1" = Free Easy Burner V 4.0 "GalCiv II - Ultimate Edition" = GalCiv II - Ultimate Edition "GameSpy Arcade" = GameSpy Arcade "Graboid Video" = Graboid Video 1.65 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HOTLLAMA Media Player" = HOTLLAMA Media Player "HOTLLAMA Media Player - Update" = HOTLLAMA Media Player - Update "Image Merger .EXE_is1" = Image Merger .EXE 1.0.0.19 "Impulse" = Impulse "InstallShield_{297D51FC-9AE2-4778-AB62-D202E7EE7D53}" = Robot Arena 2 "InstallShield_{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich "IrfanView" = IrfanView (remove only) "KEMailKb" = KEMailKb "Magic Workstation_is1" = Magic Workstation 0.94f "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US) "MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation "NWN2DW" = NWN2 - Dark Waters "On the Rain-Slick Precipice of Darkness, Episode Two" = On the Rain-Slick Precipice of Darkness, Episode Two "Origin" = Origin "PCFriendly" = PCFriendly "PCGen5161" = PCGen5161 "RGF HotSpot_is1" = RGF HotSpot version 0.6b "RivaTuner" = RivaTuner v2.24 "S2Mdemo" = AudioWorks Sound2Midi v1.5c "ST5UNST #1" = ENIGMA "Steam App 107300" = Breath of Death VII "Steam App 107310" = Cthulhu Saves the World "Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One "Steam App 18020" = On the Rain-Slick Precipice of Darkness, Episode Two "Steam App 19680" = Alice: Madness Returns "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link "Steam App 204360" = Castle Crashers "Steam App 20900" = The Witcher: Enhanced Edition "Steam App 213030" = Penny Arcade's On the Rain-Slick Precipice of Darkness 3 "Steam App 214510" = LEGO Lord of the Rings "Steam App 216890" = Blood Bowl: Chaos Edition "Steam App 24980" = Mass Effect 2 "Steam App 2600" = Vampire: The Masquerade - Bloodlines "Steam App 28050" = Deus Ex: Human Revolution "Steam App 35140" = Batman: Arkham Asylum GOTY Edition "Steam App 3590" = Plants vs. Zombies: Game of the Year "Steam App 3830" = Psychonauts "Steam App 41010" = Serious Sam HD: The Second Encounter "Steam App 41500" = Torchlight "Steam App 42910" = Magicka "Steam App 440" = Team Fortress 2 "Steam App 47810" = Dragon Age: Origins - Ultimate Edition "Steam App 50650" = Darksiders II "Steam App 550" = Left 4 Dead 2 "Steam App 58520" = Blood Bowl: Legendary Edition "Steam App 92800" = SpaceChem "Steam App 98200" = Frozen Synapse "Steam App 98800" = Dungeons of Dredmor "SysInfo" = Creative System Information "SystemRequirementsLab" = System Requirements Lab "The Political Machine 2008" = The Political Machine 2008 "ThudBoard_is1" = ThudBoard 1.8 "Variety Games Inc's Cryptogram Maker 1.0" = Variety Games Inc's Cryptogram Maker 1.0 "Virtual Printer SDK Patch_is1" = 3.3 "Warlords Battlecry II" = Warlords Battlecry II "WaveStudio 7" = Creative WaveStudio 7 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WinRAR archiver" = WinRAR archiver "WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.10.2 "WinX Video Converter_is1" = WinX Video Converter 4.5.5 "Xvid_is1" = Xvid 1.2.1 final uninstall "Yahoo! Widget Engine" = Yahoo! Widgets "YInstHelper" = Yahoo! Install Manager "ZMatrix_is1" = ZMatrix 1.5.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1454471165-412668190-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Freedom Force Mod for FFv3R" = Freedom Force Mod for FFv3R "Google Chrome" = Google Chrome "Limbo" = LIMBO "New LEGO Digital Designer" = LEGO Digital Designer ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/16/2012 11:03:46 PM | Computer Name = JUSTIN | Source = FolderSize | ID = 0 Description = Error - 12/20/2012 5:37:38 PM | Computer Name = JUSTIN | Source = Application Hang | ID = 1002 Description = Hanging application steam.exe, version 1.0.1595.686, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/27/2012 3:02:58 PM | Computer Name = JUSTIN | Source = FolderSize | ID = 0 Description = Error - 12/30/2012 2:01:54 AM | Computer Name = JUSTIN | Source = FolderSize | ID = 0 Description = Error - 12/31/2012 5:16:21 PM | Computer Name = JUSTIN | Source = FolderSize | ID = 0 Description = Error - 12/31/2012 6:18:37 PM | Computer Name = JUSTIN | Source = FolderSize | ID = 0 Description = Error - 12/31/2012 6:58:18 PM | Computer Name = JUSTIN | Source = FolderSize | ID = 0 Description = Error - 12/31/2012 6:58:20 PM | Computer Name = JUSTIN | Source = FolderSize | ID = 0 Description = Error - 12/31/2012 6:58:20 PM | Computer Name = JUSTIN | Source = FolderSize | ID = 0 Description = Error - 12/31/2012 6:58:22 PM | Computer Name = JUSTIN | Source = FolderSize | ID = 0 Description = [ System Events ] Error - 9/29/2012 9:43:46 AM | Computer Name = JUSTIN | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk0\D. Error - 9/29/2012 9:43:49 AM | Computer Name = JUSTIN | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk0\D. Error - 9/29/2012 9:43:49 AM | Computer Name = JUSTIN | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk0\D. Error - 9/29/2012 9:47:08 AM | Computer Name = JUSTIN | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk0\D. Error - 10/3/2012 12:10:47 PM | Computer Name = JUSTIN | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'change.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 10/7/2012 12:08:29 PM | Computer Name = JUSTIN | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'localconfig.vdf.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 10/11/2012 9:52:44 AM | Computer Name = JUSTIN | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk0\D. Error - 10/11/2012 9:53:01 AM | Computer Name = JUSTIN | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk0\D. Error - 10/11/2012 9:53:08 AM | Computer Name = JUSTIN | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk0\D. < End of report >
  12. Armanatar
    Browser is Chrome. Doing scan now.
  13. Armanatar
    Nope, still there.
  14. Armanatar
    # AdwCleaner v2.104 - Logfile created 12/31/2012 at 17:16:16 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : JDC - JUSTIN # Boot Mode : Normal # Running from : C:\Documents and Settings\JDC\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\JDC\Local Settings\Application Data\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\SmartBar ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Registry is clean. -\\ Mozilla Firefox v7.0.1 (en-US) File : C:\Documents and Settings\JDC\Application Data\Mozilla\Firefox\Profiles\otx2cpr2.default\prefs.js [OK] File is clean. -\\ Chromium v window_placement: { bottom: 728 File : C:\Documents and Settings\JDC\Local Settings\Application Data\Chromium\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [327727 octets] - [31/12/2012 16:05:18] AdwCleaner[R2].txt - [1313 octets] - [31/12/2012 16:44:46] AdwCleaner[s1].txt - [5559 octets] - [31/12/2012 16:05:41] AdwCleaner[s2].txt - [1250 octets] - [31/12/2012 17:16:16] ########## EOF - C:\AdwCleaner[s2].txt - [1310 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.3.2 (12.29.2012:3) OS: Microsoft Windows XP x86 Ran by JDC on Mon 12/31/2012 at 17:19:43.43 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\fixcleaner Successfully deleted: [Registry Key] hkey_local_machine\software\fixcleaner Successfully deleted: [Registry Key] hkey_local_machine\software\systweak ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.1049.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.1049.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\codec-c" Successfully deleted: [Folder] "C:\Documents and Settings\JDC\Application Data\fixcleaner" Successfully deleted: [Folder] "C:\Program Files\fixcleaner" ~~~ FireFox Successfully deleted: [Folder] C:\Documents and Settings\JDC\Application Data\mozilla\firefox\profiles\otx2cpr2.default\extensions\searchtoolbar@zugo.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 12/31/2012 at 17:24:03.76 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  15. Armanatar
    # AdwCleaner v2.104 - Logfile created 12/31/2012 at 16:44:46 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : JDC - JUSTIN # Boot Mode : Normal # Running from : C:\Documents and Settings\JDC\My Documents\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\JDC\Local Settings\Application Data\Conduit ***** [Registry] ***** Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\SmartBar ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Registry is clean. -\\ Mozilla Firefox v7.0.1 (en-US) File : C:\Documents and Settings\JDC\Application Data\Mozilla\Firefox\Profiles\otx2cpr2.default\prefs.js [OK] File is clean. -\\ Chromium v window_placement: { bottom: 728 File : C:\Documents and Settings\JDC\Local Settings\Application Data\Chromium\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [327727 octets] - [31/12/2012 16:05:18] AdwCleaner[R2].txt - [1124 octets] - [31/12/2012 16:44:46] AdwCleaner[s1].txt - [5559 octets] - [31/12/2012 16:05:41] ########## EOF - C:\AdwCleaner[R2].txt - [1244 octets] ##########
  16. Armanatar
    Been wrestling with Whitesmoke toolbar for weeks, and I've exhausted my modest arsenal of tactics. Logs are attached per instructions. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.