Jump to content

Wyndwraith

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by Wyndwraith

  1. Wyndwraith
    I've uninstalled Java 5, 6, and 7 and reinstalled Java 7 Update 11. I've updated to the latest Adobe Reader 9. I've updated Flash for IE to the latest version. The version for Chrome shows as good.
  2. Wyndwraith
    Here are the results: Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 22 Java 7 Update 7 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.52 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````
  3. Wyndwraith
    Hi TheDarkKnight, Sorry it's taken me a while to respond. I've run the scan and here are the results: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK The scanner found one result (It never made it into the log, somehow. I've copied and pasted from the results window instead.): C:\Program Files (x86)\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application
  4. Wyndwraith
    I ran OTL.exe with the custom scans as instructed and clicking Run Fix, but it closed with an APPCRASH error instead of opening a log. I tried rerunning a scan after that and none of O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet) O15 - HKCU\..Trusted Domains: geinfrastructure.com ([time] https in Trusted sites)showed up in the log when it finished. I guess that means it worked? After clicking on 10 or so links from Google searches, I haven't been redirected. Looks like it's fixed. Thanks so much for the help!
  5. Wyndwraith
    Extras.txt log follows: -------------------------------------------------------- OTL Extras logfile created on: 1/6/2013 4:07:48 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Belisarius\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.35% Memory free 16.05 Gb Paging File | 13.88 Gb Available in Paging File | 86.51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.51 Gb Total Space | 334.76 Gb Free Space | 35.94% Space Free | Partition Type: NTFS Computer Name: BYZANTIUM | User Name: Belisarius | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 0F 71 3F BD A7 E5 C9 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E6DE569-F7E0-4FBF-89AC-453973A6F036}" = lport=59116 | protocol=17 | dir=in | name=pando media booster | "{1B9B1246-182F-4ADA-A2A3-2B6A258E13A0}" = lport=21 | protocol=6 | dir=in | app=c:\windows\system32\inetsrv\inetinfo.exe | "{3014E520-C9FE-4C84-81F5-712388D330A6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{3EEC79AF-B799-4464-8FD6-35F2C06A7141}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{B44BA3A5-7ACA-4B7F-AC73-E714DB74D689}" = lport=59116 | protocol=6 | dir=in | name=pando media booster | "{D2C845B8-3013-4ADA-8D20-65B1B224D0BB}" = lport=59116 | protocol=17 | dir=in | name=pando media booster | "{E527B72A-E092-4457-AF1C-421DE3E82B3F}" = lport=59116 | protocol=6 | dir=in | name=pando media booster | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003675EE-06FE-499E-94B1-76D97C64BD55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{02152733-4626-4359-9E5E-8D4D60CCBCC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | "{0436B6EB-568F-465B-B39E-950FBC486059}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacechem\spacechem.exe | "{05A44116-868A-416C-BA19-E1B7C9428833}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{05C38FA2-A8D6-40F1-A84D-364D502D3C19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{05F8FFF4-8206-4A6D-992F-DA46CCAE6F76}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{073A7901-DC57-4D33-B884-AE5A4237EE0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | "{082A58F9-78BD-46C0-8A1D-BFDE8DF72F67}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe | "{09F173F3-4095-406A-A898-66612C9F556D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\addon.exe | "{0A3CB196-463B-4F65-95C2-56B02FF1EDC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | "{0B244AFD-3E2D-4643-918F-EF008D0E6848}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe | "{0D622203-7C50-44A2-A843-9163575F8E59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2 free to play\smp.exe | "{0DB7E2BD-7116-4205-BACF-529C88DD1F92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe | "{0E48F2A3-F403-4993-80B5-8B61408B2966}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip warlord\dedicated server\igwarlord.exe | "{109E3F2C-A864-4D57-90DA-A321AF80C22E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | "{149C4CD9-3B8C-4190-AF28-944D3CD7A091}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe | "{15F45AE4-EA92-45AA-8E9D-D8AC8ED3338E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{170D40E9-23BA-4F16-A40D-0EEA8FFB8469}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{19492C4C-B712-4DA4-A990-78888F264BAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | "{1A75F49A-DD70-4AF1-B49F-3D1C5EEFC66C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{1AB07A56-BA1E-4D24-9B88-C493F1A4CA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{1FD69528-15E4-4E30-B839-EB28BD845379}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe | "{22E5A601-2D27-4405-AED0-63AC8807D8B8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{245924B0-03FA-480E-8C40-B084AE3017D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{24BC26CD-C957-406E-8BF0-3FCB0AE45E8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{267D9FBB-FE4C-4972-8D41-EB0AB945BBC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{26DE9335-E337-40FF-BDF6-6F2ECF9127ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2 free to play\smp.exe | "{26F51786-3D16-4942-A8E4-5AEBB1E7E8C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{292EC23D-ECC7-4450-9460-4EBDC87510B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | "{2A8B361A-F833-4518-9BD8-2AE511FCA83E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe | "{2BA138F5-0880-412E-BB32-99423C10CEF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\victoria2.exe | "{2DC8701E-674E-4E7A-8B5A-D7872E1CF472}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{2DE08D9F-1281-4601-816E-B234EE160DDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{2E2FD915-0D80-4768-AF7E-545433C9EBEA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2F7BE6CD-F759-4097-B475-6E62B85FADC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\patrician iv\patrician4.exe | "{3080A012-F145-480A-B4F2-5BA928F97020}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{35C75944-A08B-4B0E-BC19-D17F57EA1EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe | "{35F485E6-5A16-46E5-B4D8-64600D4E6098}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{376DB214-94B6-48AD-ACE4-D53ABD738B02}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{3BF7E2C5-114E-4C80-B957-241D1A53FFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sword of the stars ii\bin\x86\sots2.exe | "{3C5B2EAB-2DD1-4944-8135-171C3B85BF1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | "{3D50742D-E73D-4E1E-9527-E91640D78EB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | "{3E64FB25-401A-43A3-82D6-9CE64498BDD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{3E8CC167-2107-4830-86D5-F842952960AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe | "{3FB0BBB9-E35D-4C9C-881A-FC7E4687272A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{40D40DD5-9F4C-4052-B8CF-48F2F3E11167}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{443A34B9-6C91-436F-ABAD-A03873935074}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{459DE8C4-42B9-496D-BD67-DCAAB0982C14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{46FDC61D-C393-4EA6-A112-A9D8D3851EB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{48637371-6B9F-4C26-A2DA-3101FCE131D0}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe | "{491C54FA-CB45-4654-8A90-610CD333F18C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{4B879F8C-E02F-4D4A-89F5-2F1C57EFCD26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | "{4C85A560-5E70-4550-93A7-57DA7964A77F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 3\rt3.exe | "{4ED1692A-58A1-442B-872A-8F6338B2ABAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | "{531949E2-4225-42A9-81E7-DEFC82AA9233}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{53BD1835-D37B-4203-9ED0-EA01814C64FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_quickstart.pdf | "{5B70C685-565A-4971-8562-505880C8269E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sword of the stars ii\bin\x86\sots2.exe | "{5CB33CE0-910D-421A-BB31-71B5C091BC0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | "{604917D6-8A09-4443-BBFA-E06E1BA4A09B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | "{615451A9-19A5-4878-965D-143B178278D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\victoria2.exe | "{634B804A-FFE2-402E-85DD-C4D8B57B450C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{6407C174-C4DF-4F13-8A61-9686C204DBF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{65158685-E143-4553-B443-63D93C3F6CE7}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe | "{65ABCC43-955E-458C-B9AF-F34D1CC9B48C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star ruler\starruler.exe | "{65C5D96E-7826-43A3-BF44-0EA46064067B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{6799535C-BEA0-4086-9318-FD6F092413E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{68C09BE7-C97C-4A1D-BF6E-396E5EDB2C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | "{6AB39AA7-F159-42CA-8BC4-214E9538C7DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{6E2EFD28-6216-49E4-9A62-B568D12C64D2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\anno4.exe | "{6EAA1227-A8DE-4C11-BFE8-E9E68BC7D686}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\anno4web.exe | "{6EBC5C4D-A811-417A-BE25-C7D1D6578AA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{6F05AF84-31F8-44B0-85F4-3C80D27C27B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{766C53C2-9397-4BB4-AF26-72C060C99A6C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe | "{780AEAFB-399A-4AA5-B09A-68136AE79AA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip warlord\dedicated server\igwarlord.exe | "{78EEE5E4-F8C8-422A-AC60-F2E057A3B001}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{7A084ED7-F878-4F82-84B4-A44A6C7FCFFB}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire demo\sins of a solar empire.exe | "{7B8DDA2F-24CD-448D-996C-90FC68FD2E84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | "{813D9F2B-E254-49C8-988F-8FCB2BC9E961}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | "{8262A927-E526-45F0-B6FE-1A45A2D6ACB5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{831C001B-EAC1-43FC-AA4F-196172CC9B05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{83A82055-0782-4FDC-B019-24F9B60BD599}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\anno4web.exe | "{886D3AAC-9E94-4C5C-893F-FA17790132B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\patrician iv\patrician4.exe | "{8960A879-D668-481C-A4FA-580E848139EB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\addonweb.exe | "{8EBACF35-F543-4A2B-97FF-8DF26DA168F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | "{8FA566F1-E65E-4B10-BEE0-ABB573261441}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{92DD8615-9DDE-4166-AAA1-AB910C2C281D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\demo\the settlers 7 - paths to a kingdom demo\data\base\_dbg\bin\release\settlers7r.exe | "{93B100A5-A369-4AFB-BDDC-8BB5AB7B3F47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{973D6288-F903-43D0-AF36-8BD6E2BB33E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\addon.exe | "{9B31C940-6096-4A70-B1B4-E4E4350B2FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{9C579443-1DF4-4DEA-AAE3-7CEC380A2FF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | "{A2C358FF-1E55-4711-8CF6-F0B5EF6CF1F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sword of the stars\sword of the stars.exe | "{A5091267-9057-43B5-B2A8-96472ECEF3BA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\anno4.exe | "{A744B044-CA49-4210-AB6F-18D3F00B6DD5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\demo\the settlers 7 - paths to a kingdom demo\data\base\_dbg\bin\release\settlers7r.exe | "{AE7FF0E9-0C0F-4DCE-9474-C931F9F881FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe | "{AEB29A56-257D-4A5D-AF3A-633166E79B28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{AF96BD4E-5E98-4E5F-AEBF-99B5C4C8C7B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{B12C86E3-DBA8-4899-8056-95C9635A3398}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{B136838F-2E61-4942-AB91-EB0A925DB092}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\patrician iv\patrician4_addon.exe | "{B372D482-2199-435D-9788-4F2119A8F6C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | "{B3A4E4AA-07EB-4399-B45D-24FE15AED848}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | "{B5179A6C-D35B-46E8-BECC-95567CE1F8EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_manual_steam_english.pdf | "{B5F65539-2EC9-4279-B0F0-CF8C3B70676D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{B659CF73-6C80-441C-9964-788EB16D7BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | "{B782E2F4-70A7-4577-A8DB-FA1FC9E3F43B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BAD11C72-8412-470C-9642-C689EC20DF1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{BB6FA8D9-AA01-4814-A605-9CB476282B73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | "{BCA8E711-6638-4BB7-B942-16AC22BEAC9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_quickstart.pdf | "{BDFFE099-B8CB-4491-BA88-C5C99BEC19F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{BF602329-0E43-45AC-91E5-C1E5156EE736}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{C1B65344-C3FE-4AED-A1A5-8E5E444861A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{C21F0410-E5EE-4047-BF8B-44CE860475FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{C33552C3-8ACF-4851-9255-20A416C2A57E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\addonweb.exe | "{C8E4DAC0-5687-42C4-A887-57F5D7A48456}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{C99A1FDB-DAD8-44E4-ABA8-C7A4D6D16C34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\patrician iv\patrician4_addon.exe | "{CC3C8056-AE9F-4618-8792-F23168D94029}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | "{CE02C983-F435-42E7-A9EF-6DA28FA5B2A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe | "{CF3A0820-D530-43BE-B753-6EB7A2C1B9FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sword of the stars\sword of the stars.exe | "{D1700A83-EAB0-460D-BC40-71E27E17C2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{D49FFC12-E0FE-4E2C-8A0A-8E1A21A9EF24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_manual_steam_english.pdf | "{D6381741-A2CB-4ABD-967F-BD5B3E5E880F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{D87CAAA2-C6E4-42C1-B63C-3DE4C73E3C79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{D956DDD6-726B-40D6-B3D2-68729630563D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | "{DB3C88B3-D4D1-46A3-B73B-9AEAECAA35FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{DBE4DBDF-B511-4081-9046-58A6253B7F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe | "{DCE4AB55-4ED1-4B8F-96BC-CA5703A483F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{DE8D8C9E-1BBF-4415-982A-C07EB2821D30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe | "{E17631E4-A1BF-4299-ACDA-D27EC5D78C64}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E503B2F1-D4A4-4D5F-B31C-1FFFFD0F3B44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | "{E6CD9285-DDE9-46CA-A11C-7D6168F8C77A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 3\rt3.exe | "{E7246669-B316-4B75-B5CE-B570E8C5FA0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star ruler\starruler.exe | "{EA48DA2E-59E8-4E97-AB98-CA1416B28AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{EBBDF3E1-921B-4EBD-BA86-864238242AB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | "{F2C23B7B-C438-4666-9202-850E3BA5D3B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe | "{F33CE2DF-4C02-4E2F-BBCA-829757A12D90}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{F6D2A9E2-CE23-4C24-A2F4-720F9922FFFF}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire demo\sins of a solar empire.exe | "{F7D613D0-4838-4B45-B772-F74731A5F278}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{F96D8090-0940-42BB-9627-8B16F3E1D2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FD514EB8-73F9-4890-8973-0DCF9D6A4623}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacechem\spacechem.exe | "{FD714C6C-4A72-4E1D-81AE-BCFCA9770AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | "{FEC94BEF-5C45-4C35-954C-5CEAD38BE9C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | "{FF7044AE-097A-4B94-A0B8-754E34AB8CFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe | "TCP Query User{0062B45E-7053-4C46-9F2D-2C59A4AFD68E}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "TCP Query User{07917B7C-21D9-40C3-B569-50437E01796F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{15ADE506-BBF1-4CDD-ACEF-4409D4487248}C:\program files (x86)\steam\steamapps\common\victoria 2\v2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\v2game.exe | "TCP Query User{42AE63A9-B2CC-4F25-9A3C-0543B3F0B9B8}C:\program files (x86)\gog.com\freespace 2\fs2_open_3_6_10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2_open_3_6_10.exe | "TCP Query User{52B38D0D-4F68-47F6-B344-2F60AE51F1EC}C:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe | "TCP Query User{6BBED0A5-950B-4281-A22D-4DA7A30C52CD}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe | "TCP Query User{7CF9B8E5-0C49-4326-9C91-0897E6708594}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{892EB2BF-82D7-40E6-8A26-052B08E65F9E}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe | "TCP Query User{999F5AEF-BC24-46D0-BDFA-9F3CCA0ECD02}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | "TCP Query User{9D0F9987-0444-4850-82B9-07065287BBED}C:\users\belisarius\downloads\games\diablo3-monktrailer_en-us-downloader.exe" = protocol=6 | dir=in | app=c:\users\belisarius\downloads\games\diablo3-monktrailer_en-us-downloader.exe | "TCP Query User{9DB1672B-3AF7-42AD-8D94-2EFC55D77805}C:\program files (x86)\gog.com\freespace 2\fs2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2.exe | "TCP Query User{BA029574-0C60-408A-B77B-E352E9DFEFE4}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "TCP Query User{C70A5FC3-598B-4ECF-BE4F-D2A3647212F3}C:\program files (x86)\1701 a.d. demo\1701_demo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1701 a.d. demo\1701_demo.exe | "TCP Query User{D8BEB993-D899-47EB-A03B-C5AD48E253D2}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "TCP Query User{D9A05FAD-B25C-4C5D-8C2F-B1309A91FA37}C:\program files (x86)\steam\steamapps\wyndwraith\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\wyndwraith\team fortress 2\hl2.exe | "TCP Query User{DC76F1C4-A68F-46C4-8566-75B179A017F7}C:\program files (x86)\neverwinternights\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\program files (x86)\neverwinternights\nwn\nwmain.exe | "TCP Query User{E6BEDB7F-41ED-4D09-83A1-120AA964D256}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{03C5D8AC-A999-41CA-8BAC-37BB86EFC7C9}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "UDP Query User{1AB730F5-D2E5-45C7-8197-6A9C8A5B6B4B}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "UDP Query User{31EAA966-7138-4E9C-82C0-9A8223B91782}C:\program files (x86)\1701 a.d. demo\1701_demo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1701 a.d. demo\1701_demo.exe | "UDP Query User{3F43E0B1-05F6-431A-95B0-DE0A4F0E520C}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "UDP Query User{40562B85-3D2F-45DB-BB61-B0573A6981D2}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | "UDP Query User{48FB5DD4-158E-4228-9285-35D0CB0482DE}C:\program files (x86)\gog.com\freespace 2\fs2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2.exe | "UDP Query User{549D072A-AE19-42CD-A2F5-C3B4F6B3E78F}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe | "UDP Query User{63BD542D-DBA7-4C46-A652-4DE68280B478}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe | "UDP Query User{652D1969-9E01-4926-815E-11E15B2442DA}C:\program files (x86)\neverwinternights\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\program files (x86)\neverwinternights\nwn\nwmain.exe | "UDP Query User{7015D25D-D820-40C4-B78A-028F2FE38C0A}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{76394802-BE1C-4622-AD7E-4BE56007976D}C:\program files (x86)\gog.com\freespace 2\fs2_open_3_6_10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2_open_3_6_10.exe | "UDP Query User{78C17655-2C6A-4E57-8DDF-4D2B018C7C5A}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "UDP Query User{93997DD2-F692-44F0-9BF2-4BE0D054B409}C:\program files (x86)\steam\steamapps\wyndwraith\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\wyndwraith\team fortress 2\hl2.exe | "UDP Query User{A245ED83-D695-4FFD-AD04-17023ACFD4DF}C:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe | "UDP Query User{BAFDAE93-DA2B-4EAC-BCA7-49613511E429}C:\program files (x86)\steam\steamapps\common\victoria 2\v2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\v2game.exe | "UDP Query User{DDEC548C-A315-4681-BCCD-F8CC8F5B3B62}C:\users\belisarius\downloads\games\diablo3-monktrailer_en-us-downloader.exe" = protocol=17 | dir=in | app=c:\users\belisarius\downloads\games\diablo3-monktrailer_en-us-downloader.exe | "UDP Query User{FE81C9E8-77AF-48BC-8FCD-456ADE84FC98}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "UltSounds" = Windows Sound Schemes [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{29BAD36F-F421-40F8-A128-E03382E59C70}" = Sins of a Solar Empire Demo "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English "{37DE9416-B259-4F40-8E8A-E6CAD69CB6BC}" = Dawn of Discovery - Venice "{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = Catalyst Control Center "{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader "{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{54510837-BD04-4C32-9676-DB1000028201}" = Red Faction: Guerrilla "{54510837-BD04-4C32-9676-DB1000028202}" = Red Faction: Guerrilla "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine "{57E71837-2A09-42B3-AAF6-FDFEF0DCFDDB}" = Dawn of Discovery "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial "{6A09EC92-016B-4032-8CF1-6840B20C254A}" = Dawn of Discovery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93F2D1C-9146-41BC-B662-60DB662B1FFA}_is1" = Gnomoria Demo version 0.8.21 "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit "{B59D7E45-401F-9542-965A-5B76915B6E6A}" = YNAB 3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5 "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures "{BABA6E74-615B-4105-A39C-EF20E99DB79B}" = GStreamer WinBuilds 0.10.6 (GPL) "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights "{C2E5BF6B-2DB2-4D18-BB27-75C20CC35A96}" = The Settlers 7 - Paths to a Kingdom DEMO "{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT "{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse® "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALchemy" = Creative ALchemy "AudioCS" = Creative Audio Control Panel "Bink and Smacker" = Bink and Smacker "com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader "com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3 "Console Launcher" = Creative Console Launcher "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Creative Volume Panel" = Volume Panel "Divine Divinity_is1" = Divine Divinity "Divine Wind_is1" = Divine Wind version 5.1 "DShow Viewer" = DShow Viewer "Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.14 "Freespace 2_is1" = Freespace 2 "Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21 "Google Chrome" = Google Chrome "Guild Wars" = Guild Wars "HandBrake" = HandBrake 0.9.8 "Impulse" = Impulse "Impulse®" = Impulse® "InstallShield_{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial "InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT "Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Money2008b" = Microsoft Money Plus "MSC" = McAfee AntiVirus Plus "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Origin" = Origin "pcsx2-r3113" = PCSX2 - Playstation 2 Emulator "Planescape - Torment" = Planescape - Torment "Rockstar Games Social Club" = Rockstar Games Social Club "Space Rangers 2 Complete" = Space Rangers 2 Complete "Steam App 105600" = Terraria "Steam App 107100" = Bastion "Steam App 110800" = L.A. Noire: The Complete Edition "Steam App 12210" = Grand Theft Auto IV "Steam App 1250" = Killing Floor "Steam App 13600" = Prince of Persia: The Sands of Time "Steam App 17460" = Mass Effect "Steam App 200210" = Realm of the Mad God "Steam App 200510" = XCOM: Enemy Unknown "Steam App 200900" = Cave Story+ "Steam App 203770" = Crusader Kings II "Steam App 20900" = The Witcher: Enhanced Edition "Steam App 220" = Half-Life 2 "Steam App 22300" = Fallout 3 "Steam App 22380" = Fallout: New Vegas "Steam App 24240" = PAYDAY: The Heist "Steam App 24980" = Mass Effect 2 "Steam App 25800" = Europa Universalis III "Steam App 25860" = Sword of the Stars: Ultimate Collection "Steam App 2700" = RollerCoaster Tycoon 3: Platinum! "Steam App 27400" = Dangerous High School Girls in Trouble! "Steam App 33230" = Assassin's Creed II "Steam App 35720" = Trine 2 "Steam App 3590" = Plants vs. Zombies: Game of the Year "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steam App 42960" = Victoria II "Steam App 42990" = Sword of the Stars II "Steam App 440" = Team Fortress 2 "Steam App 47810" = Dragon Age: Origins - Ultimate Edition "Steam App 48240" = Anno 2070 "Steam App 550" = Left 4 Dead 2 "Steam App 55040" = Atom Zombie Smasher "Steam App 55230" = Saints Row: The Third "Steam App 57620" = Patrician IV: Steam Special Edition "Steam App 57730" = Patrician IV: Rise of a Dynasty "Steam App 620" = Portal 2 "Steam App 65800" = Dungeon Defenders "Steam App 70900" = Star Ruler "Steam App 7110" = Jade Empire "Steam App 7610" = Railroad Tycoon 3 "Steam App 8980" = Borderlands "Steam App 92800" = SpaceChem "Tyrian 2000_is1" = Tyrian 2000 "WinRAR archiver" = WinRAR archiver "x2_allinone_bonus_package_is1" = X² All In One Bonus Package 1.04 "X3 Bonus Package_is1" = X3 Bonus Package 3.1.07 "Xfire" = Xfire (remove only) "xSIMS_Censor_Remover_TS3" = Sims 3 - Nude Censor Remover "YNAB_Pro_is1" = YNAB Pro version 2.9.6.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "Juniper_Setup_Client" = Juniper Networks Setup Client "Neoteris_Host_Checker" = Juniper Networks Host Checker "Sins of a Solar Empire Demo" = Sins of a Solar Empire Demo ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/6/2013 3:36:39 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000 Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297, faulting module gnscwgrmw.dll, version 4.0.31106.0, time stamp 0x4af3af84, exception code 0xc0000005, fault offset 0x000020e7, process id 0xee4, application start time 0x01cdebe04c4794bb. Error - 1/6/2013 3:39:50 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000 Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000281, process id 0x994, application start time 0x01cdebe0d0c9da4b. Error - 1/6/2013 3:39:52 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000 Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297, faulting module gnscwgrmw.dll, version 4.0.31106.0, time stamp 0x4af3af84, exception code 0xc0000005, fault offset 0x000020e7, process id 0x994, application start time 0x01cdebe0d0c9da4b. Error - 1/6/2013 4:09:46 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000 Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000284, process id 0x9fc, application start time 0x01cdebe4f0b5196b. Error - 1/6/2013 4:09:50 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000 Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297, faulting module gnscwgrmw.dll, version 4.0.31106.0, time stamp 0x4af3af84, exception code 0xc0000005, fault offset 0x000020e7, process id 0x9fc, application start time 0x01cdebe4f0b5196b. Error - 1/6/2013 12:28:05 PM | Computer Name = Byzantium | Source = Windows Search Service | ID = 3013 Description = Error - 1/6/2013 12:56:03 PM | Computer Name = Byzantium | Source = System Restore | ID = 8193 Description = Error - 1/6/2013 5:05:29 PM | Computer Name = Byzantium | Source = WinMgmt | ID = 10 Description = Error - 1/6/2013 5:11:20 PM | Computer Name = Byzantium | Source = Windows Search Service | ID = 3013 Description = Error - 1/6/2013 5:11:20 PM | Computer Name = Byzantium | Source = Windows Search Service | ID = 3013 Description = [ System Events ] Error - 1/5/2013 12:56:30 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7022 Description = Error - 1/5/2013 1:08:29 AM | Computer Name = Byzantium | Source = DCOM | ID = 10005 Description = Error - 1/5/2013 1:08:29 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7009 Description = Error - 1/5/2013 1:08:29 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7000 Description = Error - 1/5/2013 4:39:41 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7011 Description = Error - 1/6/2013 11:20:36 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7011 Description = Error - 1/6/2013 11:44:29 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7030 Description = Error - 1/6/2013 11:50:05 AM | Computer Name = Byzantium | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 1/6/2013 11:50:44 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7030 Description = Error - 1/6/2013 5:05:30 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7026 Description = < End of report >
  6. Wyndwraith
    I've run AdwCleaner in delete mode and OTL. Logs for AdwCleaner[s1].txt and OTL.txt are as follows. Extras.txt will be in the next post --------------------------------------------------------- # AdwCleaner v2.104 - Logfile created 01/06/2013 at 16:00:30 # Updated 29/12/2012 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (64 bits) # User : Belisarius - BYZANTIUM # Boot Mode : Normal # Running from : C:\Users\Belisarius\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [984 octets] - [06/01/2013 10:59:10] AdwCleaner[s1].txt - [824 octets] - [06/01/2013 16:00:30] ########## EOF - C:\AdwCleaner[s1].txt - [883 octets] ########## ------------------------------------------------------ OTL logfile created on: 1/6/2013 4:07:48 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Belisarius\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.35% Memory free 16.05 Gb Paging File | 13.88 Gb Available in Paging File | 86.51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.51 Gb Total Space | 334.76 Gb Free Space | 35.94% Space Free | Partition Type: NTFS Computer Name: BYZANTIUM | User Name: Belisarius | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/06 15:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Belisarius\Desktop\OTL.exe PRC - [2011/10/18 20:00:25 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2009/03/26 21:58:08 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2008/09/12 22:20:52 | 000,615,424 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe PRC - [2008/08/06 15:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe PRC - [2008/06/03 00:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe PRC - [2008/05/21 12:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ========== Modules (No Company Name) ========== MOD - [2011/10/18 20:00:25 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2008/09/12 22:20:53 | 000,204,851 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\PowerDll.dll MOD - [2008/09/12 22:20:53 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2008/09/12 22:20:52 | 000,615,424 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe MOD - [2008/09/12 22:20:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\cpuutil.dll MOD - [2008/06/03 00:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe MOD - [2008/05/21 12:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe MOD - [2008/02/25 14:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll MOD - [2007/01/03 21:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll MOD - [2005/05/11 15:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/11/09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2012/07/09 21:38:07 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/10/16 18:10:46 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device) SRV:64bit: - [2008/01/20 21:50:31 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (MSFTPSVC) SRV:64bit: - [2008/01/20 21:50:31 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/12/19 18:36:54 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/11/13 20:18:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/01/04 00:55:59 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/26 21:58:08 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008/09/12 21:59:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/11/09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/07/09 21:38:48 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2012/07/09 21:38:17 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012/07/09 21:38:17 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/07/09 21:37:50 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010/05/06 04:21:40 | 000,122,384 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS) DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX) DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS) DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT) DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS) DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT) DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/06/22 22:36:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009/06/22 22:36:36 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21) DRV:64bit: - [2009/03/26 21:41:04 | 000,029,184 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dsNcAdX64.sys -- (dsNcAdpt) DRV:64bit: - [2009/01/15 09:49:30 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\dc3d.sys -- (dc3d) DRV:64bit: - [2007/12/06 08:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2006/10/31 10:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 7F D1 DA 01 EB CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/21 11:29:06 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Drive = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SiteAdvisor = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ CHR - Extension: Gmail = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/01/06 10:50:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Reg Error: Value error.) - {0E4B7A1B-E325-4DB0-B6BF-68A892AB0962} - C:\Users\Belisarius\AppData\Local\Shellx86_x64.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [updateUSB] C:\Windows\inf\UpdateUSB.exe (AsusTek Inc.) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe () O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet) O15 - HKCU\..Trusted Domains: geinfrastructure.com ([time] https in Trusted sites) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58BA7886-3C7A-44E1-92BA-9EB981D28175}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Belisarius\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Belisarius\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.l3codec - c:\windows\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll () Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/01/06 16:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/01/06 16:04:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/06 15:57:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Belisarius\Desktop\OTL.exe [2013/01/06 10:53:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/06 10:33:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/01/06 10:33:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/01/06 10:33:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/01/06 10:33:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/06 10:32:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/06 10:29:16 | 005,019,547 | R--- | C] (Swearware) -- C:\Users\Belisarius\Desktop\ComboFix.exe [2013/01/05 12:20:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Belisarius\Desktop\dds.com [2013/01/05 12:20:24 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Belisarius\Desktop\dds.scr [2013/01/05 11:50:20 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\Desktop\RK_Quarantine [2013/01/05 11:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013/01/04 23:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/04 23:34:07 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/01/04 23:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/01/04 08:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/12/22 12:59:42 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\Desktop\Insurance Stuff [2012/12/22 12:59:21 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\AppData\Local\PDF Writer [2012/12/22 12:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip [2012/12/22 12:56:37 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzFlRdr.dll [2012/12/22 12:56:37 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzDCT.dll [2012/12/22 12:56:37 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\AppData\Roaming\PDF Writer [2012/12/22 12:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer [2012/12/22 12:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip [2012/12/22 12:56:35 | 000,139,264 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll [2012/12/22 12:56:29 | 000,218,624 | ---- | C] (Bullzip) -- C:\Windows\SysNative\bzpdf.dll [2012/12/22 12:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip [2012/12/21 01:04:49 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/21 01:04:49 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/21 01:04:49 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/21 01:04:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/20 22:13:06 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\AppData\Roaming\Trine2 [2012/12/12 21:28:02 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/12/12 21:28:02 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll [2012/12/12 21:28:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/12/12 21:28:01 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/12/12 21:28:01 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/12/12 21:28:01 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/12/12 21:28:01 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/12/12 21:26:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/12 21:26:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/12 21:26:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/12 21:26:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/12 21:26:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/12 21:26:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/12 21:26:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/12 21:26:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/12 21:26:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/12 21:26:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/12 21:26:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/12 21:26:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/12 21:26:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/12 21:26:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/12 21:26:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/12 21:25:22 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/12 21:23:50 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/12 21:23:50 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/12 21:23:50 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll [2012/12/12 21:23:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe [2012/12/12 21:23:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/06 16:11:12 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2013/01/06 16:05:52 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/06 16:04:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/06 16:04:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/06 16:03:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/06 16:02:59 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx [2013/01/06 16:02:59 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx [2013/01/06 16:02:59 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx [2013/01/06 15:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Belisarius\Desktop\OTL.exe [2013/01/06 15:55:56 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/06 10:50:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/01/06 10:29:18 | 005,019,547 | R--- | M] (Swearware) -- C:\Users\Belisarius\Desktop\ComboFix.exe [2013/01/06 10:23:01 | 000,551,997 | ---- | M] () -- C:\Users\Belisarius\Desktop\adwcleaner.exe [2013/01/06 00:50:39 | 000,379,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/05 12:20:31 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Belisarius\Desktop\dds.com [2013/01/05 12:20:24 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Belisarius\Desktop\dds.scr [2013/01/05 11:44:45 | 000,761,856 | ---- | M] () -- C:\Users\Belisarius\Desktop\RogueKiller.exe [2013/01/04 23:34:12 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/04 08:53:50 | 000,002,031 | ---- | M] () -- C:\Users\Belisarius\Desktop\Google Chrome.lnk [2012/12/22 23:33:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012/12/21 23:29:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/21 23:29:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/16 08:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/16 06:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/15 09:39:05 | 000,824,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/15 09:39:05 | 000,688,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/15 09:39:05 | 000,137,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/11 23:06:58 | 998,003,357 | ---- | M] () -- C:\Windows\MEMORY.DMP [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/06 10:33:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/01/06 10:33:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/01/06 10:33:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/01/06 10:33:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/01/06 10:33:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/06 10:22:56 | 000,551,997 | ---- | C] () -- C:\Users\Belisarius\Desktop\adwcleaner.exe [2013/01/05 11:44:41 | 000,761,856 | ---- | C] () -- C:\Users\Belisarius\Desktop\RogueKiller.exe [2013/01/04 23:34:12 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/04 08:53:50 | 000,002,031 | ---- | C] () -- C:\Users\Belisarius\Desktop\Google Chrome.lnk [2012/12/22 23:33:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012/12/12 21:28:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/12/12 21:28:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/12/11 23:06:58 | 998,003,357 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/07/09 21:37:57 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012/02/13 00:08:56 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll [2012/02/13 00:08:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll [2012/02/13 00:08:56 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll [2012/02/10 17:38:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/25 11:31:06 | 000,184,434 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\census.cache [2011/09/25 11:31:03 | 000,161,355 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\ars.cache [2011/09/25 11:26:36 | 000,000,036 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\housecall.guid.cache [2011/09/25 10:23:49 | 000,007,160 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\d3d9caps.dat [2011/06/29 22:21:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/06/14 12:18:08 | 000,000,632 | RHS- | C] () -- C:\Users\Belisarius\ntuser.pol [2008/09/21 13:50:20 | 000,000,098 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\fusioncache.dat [2008/09/13 17:43:37 | 000,136,192 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/12 16:46:20 | 000,000,732 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006/11/02 10:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2013/01/06 10:59:15 | 000,000,984 | ---- | M] () -- C:\AdwCleaner[R1].txt [2013/01/06 16:00:36 | 000,000,949 | ---- | M] () -- C:\AdwCleaner[s1].txt [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008/09/12 23:24:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2013/01/06 10:53:21 | 000,017,321 | ---- | M] () -- C:\ComboFix.txt [2009/12/10 19:58:49 | 000,042,945 | ---- | M] () -- C:\CTSUFile.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2008/04/11 10:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2008/04/11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2013/01/06 16:03:46 | 312,602,622 | -HS- | M] () -- C:\pagefile.sys [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report >
  7. Wyndwraith
    I've run both ComboFix and AdwCleaner as instructed. Here are the logs: ComboFix 13-01-05.01 - Belisarius 01/06/2013 10:37:18.1.2 - x64 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.5983 [GMT -5:00] Running from: c:\users\Belisarius\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\cmdline.cfg C:\Install.exe c:\users\Belisarius\AppData\Local\Ascaron Entertainment\Apple Computer\gnscwgrmw.dll c:\users\Belisarius\AppData\Local\assembly\tmp c:\users\Belisarius\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD6F0B4A-2FA2-426C-8F1B-2B292D2F9AAF}.xps c:\users\Belisarius\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE88F7D9-45B1-410E-9DC3-80C043ACAAA3}.xps c:\users\Belisarius\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C0629BB5-E52F-40BE-9114-07AC6289B00F}.xps c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-06 15:50 . 2013-01-06 15:50 -------- d-----w- c:\users\Milka\AppData\Local\temp 2013-01-06 15:50 . 2013-01-06 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-05 16:50 . 2013-01-05 16:50 -------- d-----w- c:\windows\system32\appmgmt 2013-01-05 04:34 . 2013-01-05 04:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-05 04:34 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-22 17:59 . 2012-12-22 17:59 -------- d-----w- c:\users\Belisarius\AppData\Local\PDF Writer 2012-12-22 17:57 . 2008-01-21 02:46 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL 2012-12-22 17:56 . 2012-12-22 17:56 -------- d-----w- c:\users\Belisarius\AppData\Roaming\PDF Writer 2012-12-22 17:56 . 2012-12-22 17:56 -------- d-----w- c:\programdata\PDF Writer 2012-12-22 17:56 . 2012-12-22 17:56 -------- d-----w- c:\program files\Common Files\Bullzip 2012-12-22 17:56 . 2008-10-30 06:14 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll 2012-12-22 17:56 . 2008-07-09 06:14 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll 2012-12-22 17:56 . 2012-12-05 06:14 139264 ----a-w- c:\windows\SysWow64\bzpdfc.dll 2012-12-22 17:56 . 2012-12-05 06:14 218624 ----a-w- c:\windows\system32\bzpdf.dll 2012-12-22 17:56 . 2012-12-22 17:56 -------- d-----w- c:\program files\Bullzip 2012-12-21 06:04 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 06:04 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 06:04 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 06:04 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-21 03:13 . 2012-12-21 03:16 -------- d-----w- c:\users\Belisarius\AppData\Roaming\Trine2 2012-12-13 02:26 . 2012-11-14 07:11 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-12-13 02:25 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 02:25 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll 2012-12-13 02:25 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys 2012-12-13 02:24 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-13 02:24 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-13 02:23 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 02:23 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll 2012-12-13 02:23 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-13 02:23 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-13 02:23 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-22 04:29 . 2012-04-09 03:21 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-22 04:29 . 2011-05-24 04:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-13 02:29 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe 2012-12-01 23:41 . 2012-12-01 23:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-11-14 01:24 . 2008-09-13 02:59 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2012-11-14 01:24 . 2008-09-13 02:59 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-11-14 01:24 . 2008-09-13 02:59 123480 ----a-w- c:\windows\system32\OpenAL32.dll 2012-11-14 01:24 . 2008-09-13 02:59 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-11-09 11:40 . 2011-09-26 01:49 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 11:37 . 2011-09-26 01:49 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 11:37 . 2011-09-26 01:39 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 11:36 . 2011-09-26 01:49 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 11:36 . 2011-09-26 01:49 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 11:35 . 2011-03-13 15:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 11:34 . 2011-09-26 01:49 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 11:34 . 2011-09-26 01:49 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 11:33 . 2011-03-13 15:20 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-19 3077528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AsioThk32Reg"="CTASIO.DLL" [2010-05-06 51712] "Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360] "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432] "Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152] "VolPanel"="c:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CtxfiReg"="CTXFIREG.exe" [2010-05-06 47104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 03:15] . 2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateUSB"="c:\windows\inf\UpdateUSB.exe" [2006-06-23 30720] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: geinfrastructure.com\time TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . BHO-{0E4B7A1B-E325-4DB0-B6BF-68A892AB0962} - c:\users\Belisarius\AppData\Local\Shellx86_x64.dll Wow6432Node-HKCU-Run-PlayNC Launcher - (no file) Wow6432Node-HKCU-Run-KeyboardTrayProfile - c:\programdata\KeyboardTrayProfile.dll Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKCU-Run-Apple Computer - c:\users\Belisarius\AppData\Local\Ascaron Entertainment\Apple Computer\gnscwgrmw.dll SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Impulse - c:\programdata\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\Impulse_setup.exe AddRemove-Space Rangers 2 Complete - c:\program files (x86)\Stardock\Impulse\Impulse.exe AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-943816074-3982256245-2976934357-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:fc,56,f5,29,ca,f5,e8,2b,5a,5a,be,ff,c1,b1,b3,28,17,c3,3f,ac,5d,c2,76, 89,39,83,d4,b1,7e,ba,e8,fd,05,f6,9f,a3,08,ee,18,16,f5,3f,9b,d3,d5,64,f7,38,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 . [HKEY_USERS\S-1-5-21-943816074-3982256245-2976934357-1000\Software\SecuROM\License information*] "datasecu"=hex:67,13,6f,32,f1,a0,4f,06,bb,3d,47,46,c2,84,d1,4e,11,6f,be,86,b5, 11,c6,95,e4,e3,80,51,e9,8f,85,85,27,f4,23,30,e9,50,8c,27,69,ac,3d,13,50,d5,\ "rkeysecu"=hex:e5,50,3b,a4,dc,0c,5e,71,0f,e3,cc,95,9f,82,4a,4c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . Completion time: 2013-01-06 10:53:21 ComboFix-quarantined-files.txt 2013-01-06 15:53 . Pre-Run: 359,941,025,792 bytes free Post-Run: 358,606,155,776 bytes free . - - End Of File - - 42D0312B8416002C7EBE909B22188AFC # AdwCleaner v2.104 - Logfile created 01/06/2013 at 10:59:10 # Updated 29/12/2012 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (64 bits) # User : Belisarius - BYZANTIUM # Boot Mode : Normal # Running from : C:\Users\Belisarius\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [859 octets] - [06/01/2013 10:59:10] ########## EOF - C:\AdwCleaner[R1].txt - [918 octets] ##########
  8. Wyndwraith
    No problem! Logs are posted in the following order: * Malwarebytes * dds.txt * attach.txt -------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.05.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Belisarius :: BYZANTIUM [administrator] 1/4/2013 11:34:47 PM mbam-log-2013-01-04 (23-34-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232299 Time elapsed: 9 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Belisarius\AppData\Local\Temp\0.1243803411674812 (Trojan.Happili) -> Quarantined and deleted successfully. (end) ----------------------------------------------------------------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run by Belisarius at 12:22:46 on 2013-01-05 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.5097 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe C:\Windows\system32\inetsrv\inetinfo.exe C:\Windows\system32\lxdxcoms.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = Preserve mWinlogon: Userinit = userinit.exe, BHO: <No Name>: {0E4B7A1B-E325-4DB0-B6BF-68A892AB0962} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [PlayNC Launcher] <no file> mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime dRun: [CtxfiReg] CTXFIREG.exe /FAIL1 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{58BA7886-3C7A-44E1-92BA-9EB981D28175} : DHCPNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-Run: [updateUSB] C:\Windows\inf\UpdateUSB.exe x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 771096] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-9-25 339776] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-9 236544] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 lxdx_device;lxdx_device;C:\Windows\System32\lxdxcoms.exe -service --> C:\Windows\System32\lxdxcoms.exe -service [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-4 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-4 682344] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-25 201304] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-25 201304] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-25 201304] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-25 201304] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-25 241016] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-25 218320] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-9-25 177680] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-7-9 92176] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-9-25 69672] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-4 24176] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-9-25 309400] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-9-25 515528] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-6 391680] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-13 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-9-12 79360] S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840] S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304] S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-1-4 25832] S3 dc3d;USBCCGP filter driver (dc3d);C:\Windows\System32\drivers\dc3d.sys [2009-1-15 19968] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-27 196440] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-9-25 106112] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-4 89920] . =============== File Associations =============== . FileExt: .txt: Applications\TextPad.exe="C:\Program Files (x86)\TextPad 5\TextPad.exe" -s "%1" [userChoice] FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-12-22 04:29:28 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-22 04:29:28 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-13 02:29:58 67413224 ----a-w- C:\Windows\System32\mrt.exe 2012-12-05 06:14:00 218624 ----a-w- C:\Windows\System32\bzpdf.dll 2012-12-05 06:14:00 139264 ----a-w- C:\Windows\SysWow64\bzpdfc.dll 2012-12-01 23:41:17 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll 2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll 2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll 2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll 2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll 2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll 2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll 2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll 2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll 2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll 2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll 2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll 2012-11-14 01:24:33 466520 ----a-w- C:\Windows\System32\wrap_oal.dll 2012-11-14 01:24:33 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2012-11-14 01:24:33 123480 ----a-w- C:\Windows\System32\OpenAL32.dll 2012-11-14 01:24:32 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys 2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-09 11:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2012-11-09 11:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2012-11-09 11:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe 2012-11-09 11:36:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2012-11-09 11:36:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys 2012-11-09 11:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2012-11-09 11:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2012-11-09 11:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2012-11-09 11:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll 2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe 2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe 2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 12:23:17.25 =============== ------------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 9/12/2008 11:28:03 PM System Uptime: 1/5/2013 5:19:55 AM (7 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5Q DELUXE Processor: Intel® Core2 Duo CPU E8500 @ 3.16GHz | LGA 775 | 3166/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 932 GiB total, 334.224 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun Miniport Adapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.1 Age of Empires III - The Asian Dynasties Trial AI Suite AMD APP SDK Runtime AMD Catalyst Install Manager Anno 2070 ANNO 2070 DEMO Apple Application Support Apple Software Update Assassin's Creed II ASUSUpdate Atom Zombie Smasher Bastion Bink and Smacker BitTorrent Borderlands Bullzip PDF Printer 9.3.0.1516 Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Localization All Cave Story+ ccc-utility64 CCC Help English Creative ALchemy Creative Audio Control Panel Creative Console Launcher Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition Crusader Kings II Dangerous High School Girls in Trouble! Dawn of Discovery Dawn of Discovery - Venice Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Divine Divinity Divine Wind version 5.1 Dragon Age: Origins - Ultimate Edition DShow Viewer Dungeon Defenders EPU-6 Engine Europa Universalis III Fallout 3 Fallout 3 - The Garden of Eden Creation Kit Fallout Mod Manager 0.13.21 Fallout Mod Manager 0.9.14 Fallout: New Vegas Freespace 2 Gnomoria Demo version 0.8.21 GOG.com Downloader Google Chrome Google Toolbar for Internet Explorer Google Update Helper Grand Theft Auto IV Grand Theft Auto Vice City GStreamer WinBuilds 0.10.6 (GPL) Guild Wars Half-Life 2 Half-Life 2: Episode One Half-Life 2: Episode Two HandBrake 0.9.8 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Impulse Impulse® J2SE Runtime Environment 5.0 Update 10 Jade Empire Java 7 Update 7 Java Auto Updater Java 6 Update 22 Juniper Networks Host Checker Juniper Networks Network Connect 6.3.0 Juniper Networks Setup Client Killing Floor L.A. Noire: The Complete Edition Left 4 Dead 2 Malwarebytes Anti-Malware version 1.70.0.1100 Marvell Miniport Driver Mass Effect Mass Effect 2 McAfee AntiVirus Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Money Plus Microsoft Money Shared Libraries Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft Xbox 360 Accessories 1.2 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser NCsoft Launcher Neverwinter Nights NVIDIA PhysX OpenAL Origin Pando Media Booster Patrician IV: Rise of a Dynasty Patrician IV: Steam Special Edition PAYDAY: The Heist PC Probe II PCSX2 - Playstation 2 Emulator Planescape - Torment Plants vs. Zombies: Game of the Year Portal Portal 2 Prince of Persia: The Sands of Time QuickTime Railroad Tycoon 3 Realm of the Mad God Red Faction: Guerrilla RIFT Rockstar Games Social Club RollerCoaster Tycoon 3: Platinum! Saints Row: The Third Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shared C Run-time for x64 Sims 3 - Nude Censor Remover Sins of a Solar Empire Demo Skype Toolbars Skype™ 5.10 Space Rangers 2 Complete SpaceChem Spelling Dictionaries Support For Adobe Reader 9 Star Ruler Steam Sword of the Stars II Sword of the Stars: Ultimate Collection Team Fortress 2 Terraria TextPad 5 The Settlers 7 - Paths to a Kingdom DEMO The Sims™ 3 The Sims™ 3 Ambitions The Sims™ 3 Generations The Sims™ 3 High-End Loft Stuff The Sims™ 3 World Adventures The Witcher: Enhanced Edition Trine 2 Tyrian 2000 Ubisoft Game Launcher Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Victoria II Vista Codec Package Volume Panel Windows Live ID Sign-in Assistant Windows Sound Schemes WinRAR archiver X² All In One Bonus Package 1.04 X3 Bonus Package 3.1.07 XCOM: Enemy Unknown Xfire (remove only) YNAB 3 YNAB Pro version 2.9.6.0 . ==== End Of File ===========================
  9. Wyndwraith
    Hello! Last night, Google searches in Internet Explorer started randomly being redirected to other search engines, usually Livesearchnow.com. Searches in Chrome seem to be unaffected for now. When I ran Malwarebytes, it found one file (Trojan.Happili) that I deleted. I've attached the log from that scan too. That didn't solve the problem, however. I've since done a full Malwarebytes and full McAfee scan that both came back clean, but the problem persists. attach.txt dds.txt mbam-log-2013-01-04 (23-34-47).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.