Jump to content

Backdoor Trojan Infection


Recommended Posts

Hello, recently I've been having an issue with an infection that got to my computer. My anti-virus detects it as a backdoor.trojan and despite my numerous efforts with malwarebytes anti-malware, I just can't get rid of it. It pops up in the temp folder as "temp.00004bcd" as an example and multiplies without me even touching anything. It's made my computer run slow, but luckily I'm able to run everything in safe mode still. I've tried everything I know how to do, and would love any help on getting rid of this infection as soon as possible. Thank you!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31

Run by Owner at 23:36:14 on 2012-06-07

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.6135.4713 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Bell Internet Security Services Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}

SP: Bell Internet Security Services Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bell Internet Security Services Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k bdx

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.facemoods.com/?a=ddrnw

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4840&r=17360710a506p0445v145k4551r304

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: KMPlayer Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB: KMPlayer Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

uRun: [EPSON Stylus CX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAA.EXE /FU "C:\Windows\TEMP\E_S7BED.tmp" /EF "HKCU"

uRun: [EPSON Stylus CX4400 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAA.EXE /FU "C:\Windows\TEMP\E_S6429.tmp" /EF "HKCU"

uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Octoshape Streaming Services] "C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

uRun: [AdobeBridge]

uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"

uRun: [s60 PC Suite Tray] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [bISA.exe] "C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe" /AUTORUN

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

dRun: [samsung.PCSync] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{3B58D56A-F583-4312-BC68-90B499C0C274} : DhcpNameServer = 192.168.2.1 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB-X64: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [bISA.exe] "C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe" /AUTORUN

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9etak9dm.default\

FF - prefs.js: browser.search.selectedEngine - Facemoods Search

FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll

FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll

FF - plugin: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll

FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

R2 Radialpoint Security Services;Bell Internet Security Services;C:\Program Files (x86)\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe [2010-7-30 166944]

R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [2011-3-29 689464]

R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys --> C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2010-9-15 95568]

S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]

S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]

S2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-1-14 624856]

S2 RadialpointIDSAgent;RadialpointIDSAgent;C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [2010-7-30 5832712]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

S2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]

S2 VaultClientSRV;Personal Vault Backup Manager Service;C:\Program Files (x86)\Personal Vault Backup Manager\VaultClientSRV.exe [2010-1-17 1051728]

S2 VaultClientUpgrade;Personal Vault Backup Manager Upgrade Service;C:\Program Files (x86)\Personal Vault Backup Manager\VaultClientUpgrade.exe [2010-1-17 56400]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-14 257696]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-9-15 18120]

S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\system32\drivers\Mkd2Bthf.sys --> C:\Windows\system32\drivers\Mkd2Bthf.sys [?]

S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\system32\drivers\Mkd2Nadr.sys --> C:\Windows\system32\drivers\Mkd2Nadr.sys [?]

S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\system32\drivers\Mkd3kfNt.sys --> C:\Windows\system32\drivers\Mkd3kfNt.sys [?]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

S3 RadialpointIDSDriver;RadialpointIDSDriver;C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2010-7-30 132616]

S3 RadialpointIDSFilter;RadialpointIDSFilter;C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [2010-7-30 35848]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-11-1 16392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-08 03:23:24 -------- d-----w- C:\Nexon

2012-06-07 18:32:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1A70281-D06E-4F8A-8763-FC4ECB8F72C3}\offreg.dll

2012-06-07 18:05:38 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1A70281-D06E-4F8A-8763-FC4ECB8F72C3}\mpengine.dll

2012-06-05 22:42:14 -------- d-----w- C:\_OTL

2012-06-05 22:14:42 537850 ----a-w- C:\HaxFix.exe

2012-06-05 19:13:26 -------- d-----w- C:\Users\Owner\AppData\Local\Akamai

2012-06-05 19:13:24 -------- d-----w- C:\AeriaGames

2012-05-30 02:52:30 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-25 01:20:34 88576 ---ha-w- C:\Users\Owner\AppData\Roaming\rbap550.dll

2012-05-25 01:20:34 30208 ---ha-w- C:\Users\Owner\AppData\Roaming\RBMD5550.dll

2012-05-25 01:20:24 74240 ---ha-w- C:\Users\Owner\AppData\Roaming\rbqt550.DLL

2012-05-20 20:39:13 -------- d-----w- C:\Users\Owner\New Folder

.

==================== Find3M ====================

.

2012-05-04 20:27:32 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 20:27:32 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-04 20:27:19 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-04-06 02:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-04-06 02:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-04-06 02:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-04-06 02:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-04-06 02:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-04-06 02:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-04-06 02:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll

2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe

2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll

2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll

2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll

2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll

2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-13 13:12:11 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-03-13 13:12:10 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

.

============= FINISH: 23:37:40.44 ===============

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello Rivalee and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

If you want to proceed we should use Normal mode instead of Safe mode.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. You have AhnLab Online Security and Bell Internet Security ([Bell Internet Security Services and Bell Internet Service Advisor 3.7.44). Choose one of them and uninstall the other one. We have an additional problem because you have active remnants of Microsoft Security Essentials.

Also uninstall and:

Ask Toolbar - Bundled with many third party applications - also see this note.

BitTorrentBar Toolbar - A Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.

BitTorrent and Vuze, because they are against our policy. Take a look here.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 4

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt
  • aswMBR log

Link to post
Share on other sites

Hello and I apologize! I have removed Vuze and Bittorrent from my computer through my control panel. I tried removing the Bittorrent toolbar, however whenever I tried it came up as "Couldn't find INSTALL.LOG" so I couldn't remove it.. I attempted to remove the Ask Toolbar but I had difficulties removing it as it didn't come up in my programs list and I couldn't find an uninstall.exe or option in IE.. I also removed Microsoft Security Essentials as well as Ahn Lab Online Security! While I was running the scan on MBAM, I recieved notif upon notif from Bell Internet Security that "A virus was detected and quarantined" it was identified as Backdoor.Generic.485497 and it keeps multiplying in the c://windows/temp location.. And then Bell Internet Security Encountered an Error and needed to restart but never re-opened..

The logs are attached!

mbam-log-2012-06-08 (09-46-27).txt

OTL.Txt

aswMBR.txt

Link to post
Share on other sites

Please take a look at my instructions again:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Copy&Paste the entire report in your next reply.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
In your next reply, post the following log files:
Link to post
Share on other sites

Oh, I'm sorry about that..

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.08.04

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Owner :: OWNER-PC [administrator]

08/06/2012 9:46:27 AM

mbam-log-2012-06-08 (09-46-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 220437

Time elapsed: 33 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

OTL logfile created on: 08/06/2012 10:21:21 AM - Run 2

OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Owner\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.26 Gb Available Physical Memory | 54.37% Memory free

11.98 Gb Paging File | 9.34 Gb Available in Paging File | 77.99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 911.41 Gb Total Space | 90.25 Gb Free Space | 9.90% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/08 10:21:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe

PRC - [2012/05/08 00:31:24 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/03/13 09:12:10 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/02/29 16:29:41 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe

PRC - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe

PRC - [2011/01/06 15:56:46 | 004,318,520 | ---- | M] (Bell) -- C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe

PRC - [2011/01/06 15:56:46 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\BISAComHandler.exe

PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/07/30 16:30:41 | 000,382,208 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Bell\Bell Internet Security Services\Fws.exe

PRC - [2010/03/25 22:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

PRC - [2010/03/06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2010/01/17 19:08:58 | 000,056,400 | ---- | M] (Bell Canada) -- C:\Program Files (x86)\Personal Vault Backup Manager\VaultClientUpgrade.exe

PRC - [2010/01/17 19:08:54 | 001,051,728 | ---- | M] (Bell Canada) -- C:\Program Files (x86)\Personal Vault Backup Manager\VaultClientSRV.exe

PRC - [2009/12/09 05:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe

PRC - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

PRC - [2009/11/17 18:18:16 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

PRC - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe

PRC - [2009/11/02 15:26:48 | 000,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe

PRC - [2009/10/13 14:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

PRC - [2009/07/20 17:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe

PRC - [2009/07/13 21:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

PRC - [2008/06/03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/22 21:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

MOD - [2012/05/22 21:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

MOD - [2012/05/22 21:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll

MOD - [2012/05/22 21:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll

MOD - [2012/05/22 21:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll

MOD - [2012/05/22 21:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll

MOD - [2012/05/22 21:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll

MOD - [2012/02/29 16:24:17 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll

MOD - [2011/06/16 03:46:19 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\933baa29f5feba3093ba81c5b9b82b1c\System.Windows.Forms.ni.dll

MOD - [2011/06/16 03:46:14 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e979f76558e7e1f7127a5244fb5a0347\System.Drawing.ni.dll

MOD - [2011/06/16 03:45:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\682572c507ea7552c3db1842c21bf9c8\System.Xml.ni.dll

MOD - [2011/06/16 03:45:52 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f7048e198c963fa189cff3aea17dfee3\System.ni.dll

MOD - [2011/06/16 03:45:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8add38eb4f9c07790b5be549c5f0dae\System.Configuration.ni.dll

MOD - [2011/06/16 03:45:23 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll

MOD - [2011/01/06 15:47:38 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Bell\Internet Service Advisor\Windows7Features.dll

MOD - [2010/09/01 02:39:28 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/03/25 22:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

MOD - [2010/03/25 22:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll

MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2010/01/18 16:11:50 | 001,530,688 | ---- | M] () -- C:\Program Files (x86)\Bell\Bell Internet Security Services\toolsosxR.dll

MOD - [2010/01/17 18:58:42 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Personal Vault Backup Manager\libexpat.dll

MOD - [2009/11/17 18:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll

MOD - [2009/11/02 15:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll

MOD - [2009/11/02 15:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll

MOD - [2009/06/12 19:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll

MOD - [2009/06/12 19:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll

MOD - [2009/05/16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll

MOD - [2008/12/06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PhoneBrowser.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/09/15 04:42:12 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)

SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/08 12:32:58 | 001,481,992 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)

SRV:64bit: - [2009/06/08 12:32:56 | 001,487,624 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)

SRV - [2012/05/23 12:02:31 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/05/04 16:28:32 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/03/13 09:12:10 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)

SRV - [2010/09/15 04:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)

SRV - [2010/09/04 14:03:45 | 000,395,264 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Running] -- C:\Program Files (x86)\Bell\Bell Internet Security Services\BitDefender\scan.dll -- (scan)

SRV - [2010/07/30 16:30:42 | 000,166,944 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe -- (Radialpoint Security Services)

SRV - [2010/07/30 16:30:41 | 000,382,208 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files (x86)\Bell\Bell Internet Security Services\Fws.exe -- (RP_FWS)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/01/17 19:08:58 | 000,056,400 | ---- | M] (Bell Canada) [Auto | Running] -- C:\Program Files (x86)\Personal Vault Backup Manager\VaultClientUpgrade.exe -- (VaultClientUpgrade)

SRV - [2010/01/17 19:08:54 | 001,051,728 | ---- | M] (Bell Canada) [Auto | Running] -- C:\Program Files (x86)\Personal Vault Backup Manager\VaultClientSRV.exe -- (VaultClientSRV)

SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/12/09 05:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)

SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)

SRV - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/10/09 22:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/08/30 01:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV:64bit: - [2011/06/20 07:36:12 | 000,196,704 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)

DRV:64bit: - [2011/05/24 19:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/28 02:46:47 | 000,508,472 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/09/15 04:42:12 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)

DRV:64bit: - [2010/09/15 04:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)

DRV:64bit: - [2010/08/19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2010/07/30 13:10:16 | 000,071,456 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rp_skt64.sys -- (RPSKT) Security Services Driver (x64)

DRV:64bit: - [2010/07/30 13:10:13 | 000,059,136 | ---- | M] (Radialpoint, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rp_pkt64.sys -- (RPPKT) Radialpoint Filter (x64)

DRV:64bit: - [2010/05/25 03:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2010/05/25 03:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2010/05/25 03:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2010/05/20 16:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/03/07 22:37:00 | 000,097,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2BthF.sys -- (Mkd2Bthf)

DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/10/23 13:26:10 | 000,340,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)

DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/10/11 18:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2009/09/29 21:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/08/18 02:20:00 | 000,180,280 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/08 10:00:58 | 000,100,880 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009/03/12 01:37:00 | 000,106,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)

DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2007/08/31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)

DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)

DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)

DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)

DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

DRV - [2010/09/15 04:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)

DRV - [2010/09/15 04:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

DRV - [2009/11/02 15:27:00 | 000,132,616 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)

DRV - [2009/11/02 15:27:00 | 000,035,848 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...45v145k4551r304

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...45v145k4551r304

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...45v145k4551r304

IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw

IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found

IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4

IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"

FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/05 17:37:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/08 09:36:39 | 000,000,000 | ---D | M]

[2010/07/30 14:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions

[2012/06/05 17:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\9etak9dm.default\extensions

[2011/01/20 03:33:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\9etak9dm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/08/04 20:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\9etak9dm.default\extensions\DivXWebPlayer@divx.com-trash

[2012/03/09 04:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/05/31 14:33:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/05/17 18:43:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2012/03/09 04:43:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012/03/09 04:43:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2011/11/12 21:17:23 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/11/12 21:17:23 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/11/12 21:17:23 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/08/08 07:39:08 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2011/11/12 21:17:23 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll

CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll

CHR - plugin: AhnLab Online Security Anti-KeyLogger SP (Enabled) = C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll

CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

CHR - plugin: Bell Internet Service Advisor (Enabled) = C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.5_0\

CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Stylish = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\

CHR - Extension: Block Plurk Users = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imflmljjaacoomhfoodmaagocbipffnf\1.0_0\

CHR - Extension: LJ Account Juggler = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfnihbghaikdicpdiciecbbdoegcfhc\3.1.2_0\

CHR - Extension: Lazarus: Form Recovery = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\

CHR - Extension: Tumblr Savior = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.3.9_0\

CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [bISA.exe] C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe (Bell)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)

O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()

O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\.DEFAULT..\Run: [samsung.PCSync] C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)

O4 - HKU\S-1-5-18..\Run: [samsung.PCSync] C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe (Nokia)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [EPSON Stylus CX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAA.EXE /FU "C:\Windows\TEMP\E_S7BED.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [EPSON Stylus CX4400 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAA.EXE /FU "C:\Windows\TEMP\E_S6429.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [Octoshape Streaming Services] C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [s60 PC Suite Tray] C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe ()

O4 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = File not found

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Reg Error: Key error.)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B58D56A-F583-4312-BC68-90B499C0C274}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall - No CLSID value found

O18 - Protocol\Handler\msnim - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{59e33733-d186-11e0-84e0-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{59e33733-d186-11e0-84e0-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\Autorun.exe

O33 - MountPoints2\{59e33743-d186-11e0-84e0-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{59e33743-d186-11e0-84e0-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\Autorun.exe

O33 - MountPoints2\{811d4cba-d3b0-11e0-8e56-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{811d4cba-d3b0-11e0-8e56-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\Autorun.exe

O33 - MountPoints2\{811d4cc3-d3b0-11e0-8e56-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{811d4cc3-d3b0-11e0-8e56-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\Autorun.exe

O33 - MountPoints2\{811d4ccc-d3b0-11e0-8e56-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{811d4ccc-d3b0-11e0-8e56-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\Autorun.exe

O33 - MountPoints2\{811d4cd5-d3b0-11e0-8e56-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{811d4cd5-d3b0-11e0-8e56-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\Autorun.exe

O33 - MountPoints2\{811d4cee-d3b0-11e0-8e56-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{811d4cee-d3b0-11e0-8e56-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\Autorun.exe

O33 - MountPoints2\{9c04129c-d76e-11e0-8401-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{9c04129c-d76e-11e0-8401-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\steambackup2.EXE

O33 - MountPoints2\{9c0412a4-d76e-11e0-8401-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{9c0412a4-d76e-11e0-8401-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\steambackup2.EXE

O33 - MountPoints2\{eb939b19-dd61-11e0-ae61-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{eb939b19-dd61-11e0-ae61-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\steambackup2.EXE

O33 - MountPoints2\{eb939d3d-dd61-11e0-ae61-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{eb939d3d-dd61-11e0-ae61-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\autorun.exe

O33 - MountPoints2\{eb939e63-dd61-11e0-ae61-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{eb939e63-dd61-11e0-ae61-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\Autorun.exe

O33 - MountPoints2\{eb93a911-dd61-11e0-ae61-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{eb93a911-dd61-11e0-ae61-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\autorun.exe

O33 - MountPoints2\{eb93a943-dd61-11e0-ae61-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{eb93a943-dd61-11e0-ae61-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\autorun.exe

O33 - MountPoints2\{eb93a945-dd61-11e0-ae61-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{eb93a945-dd61-11e0-ae61-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\autorun.exe

O33 - MountPoints2\{eb93a947-dd61-11e0-ae61-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{eb93a947-dd61-11e0-ae61-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\autorun.exe

O33 - MountPoints2\{eb93a954-dd61-11e0-ae61-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{eb93a954-dd61-11e0-ae61-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\autorun.exe

O33 - MountPoints2\{eb93aa92-dd61-11e0-ae61-4487fc95d7bf}\Shell - "" = AutoRun

O33 - MountPoints2\{eb93aa92-dd61-11e0-ae61-4487fc95d7bf}\Shell\AutoRun\command - "" = K:\autorun.exe -auto

O34 - HKLM BootExecute: (PDBoot.exe)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 09:37:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/06/08 09:29:35 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\70452495.sys

[2012/06/08 09:28:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/06/08 00:20:09 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe

[2012/06/07 23:23:24 | 000,000,000 | ---D | C] -- C:\Nexon

[2012/06/07 17:12:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Mabinogi

[2012/06/05 18:42:14 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/06/05 15:13:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Akamai

[2012/06/05 15:13:24 | 000,000,000 | ---D | C] -- C:\AeriaGames

[2012/05/20 16:39:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\New Folder

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/08 10:27:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/08 10:10:37 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2825192112-3555101730-1711509953-1000UA.job

[2012/06/08 09:37:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/06/08 09:37:48 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/08 09:37:48 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/08 09:29:35 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\70452495.sys

[2012/06/08 09:10:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2825192112-3555101730-1711509953-1000Core.job

[2012/06/08 09:02:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/08 09:02:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/08 08:50:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/08 08:50:47 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/07 17:12:49 | 2700,498,469 | ---- | M] () -- C:\Users\Owner\Desktop\MabinogiSetup101R.exe

[2012/06/07 13:54:44 | 000,000,909 | ---- | M] () -- C:\Windows\wininit.ini

[2012/06/05 17:24:43 | 000,010,264 | ---- | M] () -- C:\Users\Owner\Documents\cc_20120605_172441.reg

[2012/06/05 00:50:35 | 000,016,544 | ---- | M] () -- C:\Users\Owner\Desktop\1.png

[2012/05/27 04:31:31 | 000,039,732 | ---- | M] () -- C:\Users\Owner\Desktop\poop.png

[2012/05/24 21:20:34 | 000,088,576 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\rbap550.dll

[2012/05/24 21:20:34 | 000,030,208 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\RBMD5550.dll

[2012/05/24 21:20:24 | 000,074,240 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\rbqt550.DLL

[2012/05/24 19:55:08 | 000,000,132 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe

[2012/05/19 18:03:25 | 004,682,895 | ---- | M] () -- C:\Users\Owner\Desktop\psd3.psd

[2012/05/09 15:03:31 | 009,296,912 | ---- | M] () -- C:\Users\Owner\Desktop\psd.psd

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 15:02:51 | 2700,498,469 | ---- | C] () -- C:\Users\Owner\Desktop\MabinogiSetup101R.exe

[2012/06/05 18:14:42 | 000,537,850 | ---- | C] () -- C:\HaxFix.exe

[2012/06/05 17:24:42 | 000,010,264 | ---- | C] () -- C:\Users\Owner\Documents\cc_20120605_172441.reg

[2012/05/27 04:33:34 | 000,039,732 | ---- | C] () -- C:\Users\Owner\Desktop\poop.png

[2012/05/24 21:20:34 | 000,088,576 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\rbap550.dll

[2012/05/24 21:20:34 | 000,030,208 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\RBMD5550.dll

[2012/05/24 21:20:24 | 000,074,240 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\rbqt550.DLL

[2012/05/19 18:04:36 | 004,682,895 | ---- | C] () -- C:\Users\Owner\Desktop\psd3.psd

[2012/03/13 09:12:09 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/01/22 09:47:21 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/01/22 09:47:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/01/14 23:22:34 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/09/10 14:03:24 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2011/07/06 13:36:28 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/07/02 06:23:02 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/03/21 20:40:31 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe

[2011/01/28 11:33:50 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/01/13 20:26:27 | 000,000,272 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

[2010/09/15 04:41:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2010/09/15 04:41:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2010/09/15 04:41:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2010/09/15 04:41:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2010/08/31 18:20:08 | 004,874,240 | ---- | C] () -- C:\Windows\SysWow64\DSE2_DFT.dll

[2010/07/30 14:02:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/07/30 13:50:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/07/30 13:18:37 | 000,000,909 | ---- | C] () -- C:\Windows\wininit.ini

[2010/07/29 16:11:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== LOP Check ==========

[2010/11/02 07:30:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore

[2011/12/26 20:29:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity

[2011/12/08 07:31:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus

[2010/07/30 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Bell

[2012/06/08 00:02:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent

[2011/05/10 02:27:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\cacaoweb

[2011/10/02 04:03:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/11/12 04:37:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.acrobat.createpdf.CreatePDFDesktop

[2010/07/30 15:20:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Downloaded Installations

[2012/06/08 08:52:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox

[2011/09/15 15:40:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft

[2011/06/08 09:13:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers

[2011/08/19 02:52:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\fltk.org

[2010/11/21 18:32:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo

[2011/03/13 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HandBrake

[2011/10/09 12:33:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\JAM Software

[2010/11/01 19:19:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Jaran Nilsen

[2012/04/29 07:45:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LS

[2010/10/05 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MascotAzusa

[2010/10/05 11:33:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MascotMio

[2010/10/05 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MascotRitsu

[2010/10/05 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MascotTable

[2010/10/05 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MascotTsumugi

[2010/10/05 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MascotYui

[2012/01/22 02:05:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MotioninJoy

[2011/05/10 16:31:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Octoshape

[2010/07/29 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OEM

[2011/05/17 19:00:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org

[2011/03/25 03:51:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera

[2010/11/01 13:52:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Suite

[2010/07/31 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers

[2011/06/29 16:48:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PunkBuster

[2011/04/09 13:24:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RenPy

[2010/11/01 14:05:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung

[2010/08/13 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Soldat

[2011/06/08 08:29:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony

[2011/06/02 12:57:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony Creative Software Inc

[2011/01/19 08:37:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SYSTEMAX Software Development

[2011/10/17 00:32:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab

[2011/01/13 20:26:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

[2012/01/27 20:45:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Trillian

[2011/07/01 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft

[2011/08/16 18:56:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent

[2012/06/07 13:51:14 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2011/08/02 11:24:32 | 000,000,000 | ---D | C](C:\Users\Owner\Documents\???????DECO27) -- C:\Users\Owner\Documents\「ライトラグ」DECO27

[2011/07/27 21:20:22 | 000,000,000 | ---D | M](C:\Users\Owner\Documents\???????DECO27) -- C:\Users\Owner\Documents\「ライトラグ」DECO27

[2011/05/29 18:24:06 | 000,001,186 | ---- | M] ()(C:\Windows\SysNative\?????????????????????????????????????????.00#8&35ccda1&0&2006041309210????O?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.lnk) -- C:\Windows\SysNative\㩃啜敳獲作湷牥䑜睯汮慯獤䉜物祤琠敨䴠杩瑨⁹敄潣敤ㄠ☠㈠⬠传䅖⁳䐨慵⵬畁楤⥯䉜物祤吠.00#8&35ccda1&0&2006041309210야嵈쑊耀ŌȘ쀰Ș섀Ș뽠Ș뺐Ș뷀Ș볰Ș밠Ș뭐Ș몀Ș린Ș룠Ș렐Ș띀Ș뙰Ș떠Ș듐Ș됀Ș놐Ș댰Ș뉠Ș냀Ș꿰Ș꼠Ș깐Ș궀ȘꢠȘ결ȘꯠȘ꬐ȘꩀȘꥰȘꟐȘ꜀Ș꘰ȘꕠȘ꒐ȘꏀȘꋰȘꈠȘꅐȘꂀȘ鸐Ș龰Ș黠Ș鱰Ș鵀Ș鮠Ș髐Ș餰Ș騀Ș顠Ș鞐Ș雀Ș闰Ș锠Ș鑐Ș鎀Ș銰Ș釠Ș鄐Ș遀Ș轰Ș.lnk

[2011/05/29 18:24:06 | 000,001,186 | ---- | C] ()(C:\Windows\SysNative\?????????????????????????????????????????.00#8&35ccda1&0&2006041309210????O?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.lnk) -- C:\Windows\SysNative\㩃啜敳獲作湷牥䑜睯汮慯獤䉜物祤琠敨䴠杩瑨⁹敄潣敤ㄠ☠㈠⬠传䅖⁳䐨慵⵬畁楤⥯䉜物祤吠.00#8&35ccda1&0&2006041309210야嵈쑊耀ŌȘ쀰Ș섀Ș뽠Ș뺐Ș뷀Ș볰Ș밠Ș뭐Ș몀Ș린Ș룠Ș렐Ș띀Ș뙰Ș떠Ș듐Ș됀Ș놐Ș댰Ș뉠Ș냀Ș꿰Ș꼠Ș깐Ș궀ȘꢠȘ결ȘꯠȘ꬐ȘꩀȘꥰȘꟐȘ꜀Ș꘰ȘꕠȘ꒐ȘꏀȘꋰȘꈠȘꅐȘꂀȘ鸐Ș龰Ș黠Ș鱰Ș鵀Ș鮠Ș髐Ș餰Ș騀Ș顠Ș鞐Ș雀Ș闰Ș锠Ș鑐Ș鎀Ș銰Ș釠Ș鄐Ș遀Ș轰Ș.lnk

< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-08 10:29:19

-----------------------------

10:29:19.733 OS Version: Windows x64 6.1.7600

10:29:19.733 Number of processors: 4 586 0x2502

10:29:19.733 ComputerName: OWNER-PC UserName: Owner

10:29:23.454 Initialize success

10:30:25.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

10:30:25.476 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3

10:30:25.476 Disk 0 MBR read successfully

10:30:25.492 Disk 0 MBR scan

10:30:25.492 Disk 0 Windows 7 default MBR code

10:30:25.492 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048

10:30:25.507 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088

10:30:25.523 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 933287 MB offset 42149888

10:30:25.585 Disk 0 scanning C:\Windows\system32\drivers

10:30:30.458 Service scanning

10:30:30.879 Service 33807490 C:\Windows\system32\drivers\70452495.sys **HIDDEN**

10:30:39.551 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

10:30:42.796 Modules scanning

10:30:42.796 Disk 0 trace - called modules:

10:30:43.311 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll

10:30:43.326 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006644060]

10:30:43.326 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800635e050]

10:30:43.342 Scan finished successfully

10:30:51.064 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"

10:30:51.064 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Link to post
Share on other sites

OTL Extras logfile created on: 05/06/2012 6:17:23 PM - Run 1

OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Owner\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 78.54% Memory free

11.98 Gb Paging File | 10.71 Gb Available in Paging File | 89.41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 911.41 Gb Total Space | 53.08 Gb Free Space | 5.82% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0BEF0F0B-AF56-4F16-B16E-C4819694150D}" = lport=138 | protocol=17 | dir=in | app=system |

"{158A127C-A48B-4254-A83D-5A7E3B8947C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{2FCDFBDD-0D3A-4627-BBC1-4797D92DD141}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{317AC781-6CB2-45CC-9F16-179A1FBDA3E7}" = rport=445 | protocol=6 | dir=out | app=system |

"{3575864A-98FE-477A-950E-DBC576187C20}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{399E1893-C9F2-4A43-A4B3-5036630CA205}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4533FCB6-F9E2-4D32-8DD3-16B5FA33AA27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4ED6A5AD-D408-420E-98BE-E8F32801CE42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5A1C40D4-DE6F-4485-8CF2-519352167E4A}" = rport=138 | protocol=17 | dir=out | app=system |

"{5FC220F3-98A8-4867-8A1F-C3B74363E3EA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{75DA14CB-6B19-4A42-8CB4-54CB208663C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{779352BD-CF47-412F-8585-1405B6789556}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{806ED992-80C8-4716-82D1-F2A1C8D68107}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{81004347-C8DF-46F2-B9A0-68C1916A07B8}" = rport=137 | protocol=17 | dir=out | app=system |

"{86CEBC9E-9310-4D37-A927-25C120C4D645}" = lport=445 | protocol=6 | dir=in | app=system |

"{8F6BA5CC-E18A-4F43-81F2-099EA75B5077}" = lport=10243 | protocol=6 | dir=in | app=system |

"{ADE89AD0-D3C9-4F0D-8F6C-1E32F7D3DAC0}" = lport=137 | protocol=17 | dir=in | app=system |

"{B1D6E131-5646-4C15-92D8-FD4D66B62390}" = rport=139 | protocol=6 | dir=out | app=system |

"{B65443E1-B43B-4CC9-B4C1-44D8E03BF6A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C15CB7D1-3F20-4713-B392-2B7CE8C3CF49}" = lport=139 | protocol=6 | dir=in | app=system |

"{C49F814B-5595-4D4C-86CE-5FCD2C9C1FD6}" = lport=55303 | protocol=6 | dir=in | name=akamai netsession interface |

"{CA7BF3C5-0F8C-4DAA-9D09-3611074804C5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DBBA5013-2D91-49AE-9524-3059651D8929}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DF1659D3-7D54-4B8E-953F-FF28C16E9B18}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E077035E-A9FC-491E-9432-5B0BBE37E813}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E38CCCEA-7348-41C1-BF6E-54A2A28CC549}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A06915A-D7D1-42D8-A9BF-3E4693657C46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |

"{0CDBABFC-5102-4B3F-8A67-C3065F878929}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\recettear.exe |

"{0D1AFC89-4758-404E-856A-C241B4245E0D}" = protocol=6 | dir=in | app=c:\program files (x86)\bell\internet service advisor\servicepointservice.exe |

"{0EA3B1F6-EFD8-456F-A847-DFE9C49401C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\requiem.exe |

"{0FA1C65D-F4B4-450B-8F07-76290695F681}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |

"{0FA3E4BC-D6C4-43BF-8B4E-9156BF54333A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |

"{14DBBC41-B618-480B-AF5C-6234FC142E16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |

"{15FEC980-CADC-45FA-BBFA-195776F81FBA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{181883AB-E43F-45A7-AAF3-1C4AFBFA4003}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |

"{19597383-3618-4D17-8FD4-7958C851CB2C}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |

"{1FEE6B26-3292-4EFB-BE36-AC972B472CEA}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{2078E860-A733-4DD7-A43B-9782767369FC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{21120637-5D38-48A9-9DF1-957EA3E9F2A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |

"{21B914F8-FFD4-49E2-A3DC-EE10950DA6AE}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{21D0126A-F5F9-4103-B466-7F737B7DF4D4}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |

"{244D7D03-8E96-431E-A2E0-FB4DDD33BC35}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{25CE8E08-D9E3-4D29-A05D-77772E92C9D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{28238ABB-91C3-4C74-8E50-B0DE8AB2DB49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\requiem.exe |

"{2CE97DDB-EEE9-4A78-9D17-7A83CA9CE561}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2 - boots short (english)\smp.exe |

"{2CF4C4E0-F811-4A95-953E-9E7F42076322}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |

"{2E5DB971-C62B-4F1A-A406-C637D433E7DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{2F14E9B1-F5F7-4302-8502-1D4B99F8936F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{2FBCB4C1-4695-4BB7-A6C7-D6FA6AE84E21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra overture\redist\penumbra.exe |

"{3447667C-44E0-4C98-86B1-5CC32E612AF2}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |

"{34D41D52-FF84-41CC-BC22-FE52FFCE4758}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |

"{35645BD8-742A-45C1-B398-9658ADC8C99C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |

"{36C96DAB-0F24-4A2F-BBCC-6441D764254E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{38B0A3CD-B566-4250-937D-9979AC98FF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |

"{3B9F6C5F-988E-4876-94D2-304A6B282984}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{3D130CB7-5C63-4CEC-83A4-8DFF17FFBB5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3EF98805-2DC6-4BC4-AB52-F72F1060A808}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra overture\redist\penumbra.exe |

"{42A7D62E-EA8A-4CEA-AFFF-F73A9E188009}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{44084EFD-562A-49CF-8E75-8B244FD5A923}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |

"{4693382D-475B-48AF-8B9E-00D4B269F810}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |

"{485EC3B1-7741-47E7-B5E4-98B2E303031A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |

"{487237B7-069C-4B86-AF36-D9B0CB57AB49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{490C46EF-B62C-4A26-B7B6-90C0D1E22AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{4C57B534-2A91-46E6-9F1A-44CFBCF589CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{4DC71FD4-4A10-454C-A148-1721FF5FABAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |

"{4DD89054-934F-4A52-94D3-A77B1A247B4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |

"{4FB75110-11DB-43E5-B544-3C48FC74BD70}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{54649FF8-E734-4031-8C55-A63992B2077A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |

"{55A117CB-F1DF-4BB8-83E5-B9D09F8E354B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{55BB57CA-210D-40FC-9558-DCDBCC6E13CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{55BBE9AE-80E6-4A61-AF26-33A100DD8A98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |

"{55E195C9-5AAA-4F85-A575-2254FC370D24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2 - boots short (english)\smp.exe |

"{573FE49D-DE78-42CC-B916-BB04B7C542D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{58DE150B-FF95-4204-B4E6-2CFA86D0A28E}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{5A9E31B7-BDA1-4729-9C9B-3556FFE1F693}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{5AF6DA29-BCFF-4D3A-9E57-EAE4546D779D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{5B47D435-DD9F-43C8-AAF8-BC764C027DBF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{5C51E27A-2BA5-4DFC-80C0-3095A482DA37}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{5DC13929-70D5-45AF-BCD2-5DF856A33BC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |

"{5FE85215-6EF1-464F-A4F3-C8A21443DA71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |

"{6202BE70-D38C-4886-BE28-3FEAAB85CD6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |

"{62258C20-155B-4CBB-950E-2DC9E64718BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe |

"{632F51D6-8745-401E-A7AA-41A5719ADA9B}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |

"{64075DFC-85B5-4FA3-8015-AA5DDF5B96BA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{645FA484-42E3-49E3-8DA2-418D02C9AF84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6546EF55-EA60-42D9-BB7C-C122BFD6B635}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |

"{656CCE68-BF13-445D-885E-4376FC886054}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{6697A6FD-4FBA-4B54-B878-0F6E74B62F33}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{66C8460B-B98F-44C5-B95D-4214164B13B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |

"{66CDAB8D-7F90-4694-BD4A-56BA73138D24}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{6913B6CE-EC25-4A03-A449-633CC04FCCD3}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |

"{6D3CB940-780F-49BB-8286-E5248A93249B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{6DA4567E-6294-4B06-AC7E-6AC49169A102}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe |

"{725589F3-A603-40A7-B562-5C8EEF1F9F50}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |

"{7369F477-12B5-4ED8-96DE-588359940604}" = protocol=58 | dir=in | app=system |

"{76CE753D-036E-4ECC-BC52-DC0495D12CC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{7779AA73-587C-474E-A08D-8C228CB83771}" = protocol=6 | dir=out | app=system |

"{779583FB-647E-432B-AF69-228F318F40DC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{79B9F70A-8EC0-461E-BE17-96A6C4C404B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |

"{7BB6F114-17A9-4BFE-BD6A-AD98C02B644F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |

"{7E6E7B5B-746D-4A7E-AD02-6FDB966AD210}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{7E7ECB5F-8D7E-421E-80F2-75A20C591725}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{7F4D389F-0E6B-4DE8-B7D6-6BD4467A2D88}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{81DE9CA5-0DB2-4507-977B-955BD0F7A083}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |

"{83307C00-08CF-4EC0-A4DC-45CD7446233E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |

"{8459C827-E860-4452-965A-DBBAFB765075}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{850CBBC1-D841-4153-91D8-F6451E753E7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |

"{899EE4E5-2EA4-47D7-8888-9B99E285713D}" = protocol=6 | dir=in | app=j:\sst\remove av\0symnrt\symnrt.exe |

"{89B099D5-5DDC-4477-95CF-712C372F3CD2}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{8A02765A-86CA-4084-8C4E-F4C6C9F2F60E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |

"{8A6BAE27-ABA7-4A8D-89AE-6879BF014C10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra overture\redist\penumbra.exe |

"{8A7157EF-8603-418D-AD55-8C0886C7CC49}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{8B77717D-2D0B-4DDD-807D-9F0BE6CD8C2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |

"{8BF3C66B-2BD0-45F4-9CA3-5A54C225C518}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{8D22A868-9CFF-4527-898F-AF0FE94ADEA5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{90707882-FAD1-408F-B61D-2739F3F52410}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{91A915D6-A82A-4625-96B5-7D32F0FE7839}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |

"{994EF1A2-DF82-493A-940E-EC44D329D45A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |

"{9B58000C-F26A-4028-A0F7-8835D8F0E2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\bell\internet service advisor\servicepointservice.exe |

"{9DB4619D-50C7-4299-ADBB-94CFCF756C64}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{9DF9975F-5260-4C56-9EF4-0EC5A2F19AD8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{9F23E8F9-E715-4D55-A4CD-7695B47EEFEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\custom.exe |

"{A0355E34-0EA9-4601-B569-42C8EB878D51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |

"{A2CA74A5-9307-4447-957C-8C9997FD6815}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe |

"{A3E93FCD-27F5-4487-B14B-9454D9EF35DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |

"{A41B01F6-A5E6-42B7-91C9-029D65F05E65}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{A44F0CDB-28DA-42EA-A45E-F676E2635EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{A49B62D5-F666-490A-8E44-FAC97558823B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{A81D0827-43BF-490F-9824-CCAD9EDBB821}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |

"{A87D19D4-F12E-4F45-BDF8-1EEC84AFFEA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AAD3F656-4B90-4009-8E7A-E630EAB118CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{ABFF44D4-E012-4227-9ED1-70EE635A7289}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{ACE19499-4C5A-4B95-81EC-16E2F491F2A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{ADBF8EF2-AED2-41DA-BB87-1F46C95BC9BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe |

"{AE4A97C2-E39A-4AFC-A605-2BE0311A895F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |

"{B29F77C3-ED76-41B5-8761-2C842F69FED6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{B3642F3B-2681-4C30-8405-F28B94250D92}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{B3B9DEB5-3DBB-4B8F-A8A3-133B9D7DA971}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B4649FA0-3660-49FA-8D0B-1776CEE0365C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |

"{B566061C-B407-43A5-B054-D3D15EB8FDAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{B6A6A243-BB87-4EFB-A8A2-C881A96140B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\requiem.exe |

"{B8A384BE-1F04-4AD4-A3C3-97DDE178079C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra overture\redist\penumbra.exe |

"{BA2EBB11-0812-4A22-80B5-9D42B20BC30E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe |

"{BDD0FCC7-BACE-4465-8E27-7BC04E9E10A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |

"{BE05E6A8-C87E-4CF7-8045-931065E4A16E}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |

"{BEDB67E2-EB6E-4341-BC44-A2223529002F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |

"{C02FD894-3F4D-4B30-80E1-6FB08D3F5E56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |

"{C1EF4070-A8A4-48AF-B98D-A8BCC9CA5D78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |

"{C44A238A-2F08-48B0-8A58-EFB120CF8943}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe |

"{C6B67C24-67B1-4715-945B-4783D00383A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C866366D-BB05-4273-9E68-6221D50AA300}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |

"{CA1CBAAA-C5BA-46E0-B1ED-422009AB25A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |

"{CA8A0BD6-6804-43DC-90A1-96474AB67B2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{CBED77CD-A6B4-4B4E-93D7-86EAE52CDDD9}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{CC7280F4-0257-42F5-9105-19C4DBAAE6BC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{CCA46FC6-0970-44D6-A154-43DB5BF5F089}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |

"{CE06B18C-2B48-439F-B8AF-B478AE52C095}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penumbra black plague\redist\requiem.exe |

"{CEEFFE90-44FC-4234-98C6-6BF906477D4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{D044CEC2-272E-47D8-9910-E0EBE269D4E5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{D24F21E8-D386-42C6-AED1-D649863EF60C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{D25D2967-9DED-4480-A870-8422BE1BD1F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |

"{D2A80787-0289-40AA-A4F6-41E5A9DCEFC4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{D45A708D-A479-4910-A3E5-0BA3ACBD6905}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{D5110E74-D5B7-4020-BE4B-1D8D80CA1959}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |

"{D7C17F88-986B-44DE-A11E-3A49AD9E1462}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe |

"{D839A8C5-03C2-4C2D-BC03-91AEBB652E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{D96F3EEF-66DB-4527-BD8B-7B421A514451}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{DBC5CD1A-B9D7-4D31-827F-35B045D4F74C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe |

"{DD4E9B28-18AC-4A3D-BA79-731E8CD63274}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |

"{DE8C9F73-11C2-49E1-934F-252E5A0E6E15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |

"{E0F3094B-0676-4F96-B6BD-89B8EF693A7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |

"{E18EE857-1EA8-4278-99E2-7CD1F22E414F}" = protocol=17 | dir=in | app=j:\sst\remove av\0symnrt\symnrt.exe |

"{E3CA7639-1EE8-49F6-9EA4-607A42C2557D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |

"{E441C031-C647-482E-9E63-8D8D719C8F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |

"{E784D376-FB05-4A37-84D7-B104F939A767}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |

"{E8693FD3-DE80-4DF8-AC9D-4D78EAE2107B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{E8E93AE0-BEC8-47FD-9E39-D45D6C5CFA45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{E9F3A3EE-59C1-4DED-B06A-87E0F532C35E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\custom.exe |

"{EB1A2CDF-5849-458C-98C2-4EF39FEF2C3D}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{EB77022E-5B18-436F-8C04-0CDFF74500C0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EC1A24E0-84A5-4FC8-A56A-7193CD19438E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F4295F5B-E8C7-4548-A775-96CE9D32F8F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |

"{FAE00557-A7F9-4861-8761-BAA9203C98A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FB0B1F62-A5DB-4B09-8349-6C0DE6CC3A40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\recettear.exe |

"{FCD5FE70-6F1B-4AD9-902F-2E2833AB7963}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FDD30CB6-D61B-4C61-8874-9A1FAE08DB8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |

"{FE7999E9-CC6F-4923-A1F4-B24F4E0EFD6B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{FF182D8B-C3B1-4E73-B591-6BF5800A9824}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes

"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64

"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support

"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders

"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64

"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs

"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour

"{BB801727-A82A-49A0-9618-D40ED712963F}" = RPS RpsCore64

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"EPSON Printer and Utilities" = EPSON Printer Software

"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian

"{1B7DCF2E-774A-11E0-9986-0013D3D69929}" = Vegas Pro 10.0

"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2BA53FA9-0973-425C-8464-4A73E8C70C1D}" = Character Builder Beta

"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish

"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution

"{34699808-5D74-40E4-AD81-2F07F3313ECE}" = RPS RpsCore

"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{48530DE6-19F9-489D-809E-AFAA8AACC6DF}" = SplitMediaLabs VH Screen Capture Driver (x86)

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese

"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2

"{548dc151-a4d7-4059-b48b-596388a35ee5}" = Nero 9 Essentials

"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup

"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2

"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional

"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster

"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74CDC169-D5D9-464E-99F2-CDD4BE7EC713}_is1" = Divinia RO2 GOTW version 1.0.0

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{833D24BE-A4A6-46C6-B75A-372DC788DB74}" = EssenceRO

"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8ED94BDC-D4F3-6BFD-C9DF-4B3D02BF5889}" = Adobe® CreatePDF Desktop

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English

"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{94C4C4F4-56FB-4032-908D-826220CBB97F}_is1" = Dragon Age 2

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{AD9E5D61-0EBB-4472-8DA9-359560FB6988}}_is1" = ƒOƒŠ

Link to post
Share on other sites

Oh, wait.. That was the wrong extras file.. I can't find the one for today.. I'm so sorry about this.. I keep messing up, I'm just in sort of a panic because I'm trying to get this fixed.. Can I run another scan on OTL and post the extras+logfile instead?

Link to post
Share on other sites

It is okay, thanks.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
    IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    IE - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
    FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw"
    [2011/08/08 07:39:08 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2011/12/08 07:31:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
    [2012/06/08 00:02:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent

    :Commands
    [emptytemp]
    [clearallrestorepoints]
    [purity]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Thank you for being patient with me.

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

HKU\S-1-5-21-2825192112-3555101730-1711509953-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

Registry key HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.

Prefs.js: "Facemoods Search" removed from browser.search.selectedEngine

Prefs.js: "http://start.facemoods.com/?a=ddrnw" removed from browser.startup.homepage

C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Owner

->Temp folder emptied: 2865717643 bytes

->Temporary Internet Files folder emptied: 11561184 bytes

->Java cache emptied: 1401797 bytes

->FireFox cache emptied: 85099126 bytes

->Google Chrome cache emptied: 365103634 bytes

->Flash cache emptied: 15223520 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 356352 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5722870890 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes

RecycleBin emptied: 4128492 bytes

Total Files Cleaned = 8,651.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.46.1 log created on 06082012_194622

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Owner\AppData\Local\Temp\ZKT{806A3CAB-203D-4E5D-8B25-E57BAF6B0FB4}.tmp not found!

C:\Windows\temp\ZKT{03878C62-8596-4AC6-8AE7-BB2849F62024}.tmp moved successfully.

File\Folder C:\Windows\temp\ZKT{1A48FBC6-B33E-4627-8ABD-F099DD46D35F}.tmp not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Don't worry, take your time. :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

ComboFix 12-06-09.01 - Owner 09/06/2012 6:50.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.6135.3003 [GMT -4:00]

Running from: c:\users\Owner\Downloads\ComboFix.exe

AV: Bell Internet Security Services Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}

FW: Bell Internet Security Services Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}

SP: Bell Internet Security Services Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\CP.ico

c:\users\Owner\AppData\Roaming\cacaoweb

c:\users\Owner\AppData\Roaming\cacaoweb\adstorage.db

c:\users\Owner\AppData\Roaming\cacaoweb\replicating49D6E692048025E90B2696E4A9508F0A.cacao

c:\users\Owner\AppData\Roaming\cacaoweb\replicating6CF948D7EBE14A7CBFD36D1F3B31E775.cacao

c:\users\Owner\AppData\Roaming\cacaoweb\replicating88D4EBB668675D1DF50F8524BDBE3BC4.cacao

c:\users\Owner\AppData\Roaming\cacaoweb\replicatingBEB7C0664E910C595F9905101C3E60EC.cacao

c:\users\Owner\AppData\Roaming\cacaoweb\replicatingC08BEDB689DA65ED7C963684AD87C3C2.cacao

c:\users\Owner\AppData\Roaming\cacaoweb\replicatingFA9411EAA999A143CCCFA333BA4AAB21.cacao

c:\users\Owner\AppData\Roaming\cacaoweb\storage.db

c:\users\Owner\AppData\Roaming\rbap550.dll

c:\users\Owner\AppData\Roaming\RBMD5550.dll

c:\users\Owner\AppData\Roaming\rbqt550.DLL

c:\windows\SysWow64\muzapp.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))

.

.

2012-06-09 11:01 . 2012-06-09 11:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-08 13:57 . 2012-05-15 05:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9A83639-F858-4A67-8C44-8F4A38ACD5D3}\mpengine.dll

2012-06-08 13:28 . 2012-06-08 17:09 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-08 03:23 . 2012-06-08 03:23 -------- d-----w- C:\Nexon

2012-06-05 22:42 . 2012-06-05 22:42 -------- d-----w- C:\_OTL

2012-06-05 22:14 . 2011-04-23 23:51 537850 ----a-w- C:\HaxFix.exe

2012-06-05 19:13 . 2012-06-05 19:14 -------- d-----w- c:\users\Owner\AppData\Local\Akamai

2012-06-05 19:13 . 2012-06-05 19:13 -------- d-----w- C:\AeriaGames

2012-05-30 02:52 . 2012-05-30 02:52 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-20 20:39 . 2012-05-20 20:39 -------- d-----w- c:\users\Owner\New Folder

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-04 20:27 . 2012-04-14 23:28 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-04 20:27 . 2011-12-03 20:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 20:27 . 2012-04-15 00:27 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-04-06 02:21 . 2010-09-27 20:11 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-04-06 02:20 . 2011-09-08 17:32 1067520 ----a-w- c:\windows\system32\aticfx64.dll

2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe

2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe

2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll

2012-04-06 02:00 . 2010-04-12 18:33 64000 ----a-w- c:\windows\system32\coinst.dll

2012-04-06 01:54 . 2011-09-08 17:16 7479296 ----a-w- c:\windows\system32\atidxx64.dll

2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll

2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll

2012-04-06 01:34 . 2010-04-12 18:33 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll

2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll

2012-04-06 01:22 . 2010-04-12 18:33 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-04-06 01:09 . 2010-04-12 18:33 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll

2012-04-06 01:09 . 2010-04-12 18:33 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-04-04 19:56 . 2010-10-21 06:28 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-13 13:12 . 2012-01-22 13:47 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-03-13 13:12 . 2012-01-22 13:47 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]

@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"

[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]

2010-01-17 23:08 503808 ----a-w- c:\program files (x86)\Personal Vault Backup Manager\VaultClientMenu.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-06 1242448]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-02-29 4321112]

"Octoshape Streaming Services"="c:\users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2010-11-11 570688]

"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]

"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]

"S60 PC Suite Tray"="c:\program files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" [2008-12-06 699392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-11-17 244480]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]

"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"BISA.exe"="c:\program files (x86)\Bell\Internet Service Advisor\BISA.exe" [2011-01-06 4318520]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Samsung.PCSync"="c:\program files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]

CurseClientStartup.ccip [2010-7-31 0]

Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bdfsfltr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\scan]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [x]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]

R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va001;X6va001;c:\users\Owner\AppData\Local\Temp\001458C.tmp [x]

S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\SysWOW64\drivers\AVGIDSEH.sys [2009-11-02 27144]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-15 119632]

S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]

S2 Radialpoint Security Services;Bell Internet Security Services;c:\program files (x86)\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe [2010-07-30 166944]

S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]

S2 ServicepointService;ServicepointService;c:\program files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [2011-01-06 689464]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]

S2 VaultClientSRV;Personal Vault Backup Manager Service;c:\program files (x86)\Personal Vault Backup Manager\VaultClientSRV.exe [2010-01-17 1051728]

S2 VaultClientUpgrade;Personal Vault Backup Manager Upgrade Service;c:\program files (x86)\Personal Vault Backup Manager\VaultClientUpgrade.exe [2010-01-17 56400]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-15 20552]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 132616]

S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 35848]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 20:28]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2825192112-3555101730-1711509953-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 03:28]

.

2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2825192112-3555101730-1711509953-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 03:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page =

uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9etak9dm.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

SafeBoot-33807490.sys

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-BitTorrentBar Toolbar - c:\progra~2\BITTOR~2\UNWISE.EXE

AddRemove-Mabinogi - c:\nexon\Mabinogi\Mabinogi.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{74CDC169-D5D9-464E-99F2-CDD4BE7EC713}_is1 - c:\program files (x86)\DivRO2-GOTW\unins000.exe

AddRemove-Winamp Detect - c:\program files (x86)\Winamp Detect\UninstWaDetect.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]

"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\001458C.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*3*0*9*2*1*0*Q™i\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*3*0*9*2*1*0*õV™i\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*3*0*9*2*1*0*òx*E\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*3*0*9*2*1*0*z*E\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*JT1\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*ŒT1\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*«T1\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*ÎT1\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*’ \OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*E’ \OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0*#*8*&*3*5*c*c*d*a*1*&*0*&*2*0*0*6*0*4*1*b’ \OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2825192112-3555101730-1711509953-1000\Software\SecuROM\License information*]

"datasecu"=hex:71,e0,5a,8a,49,11,65,33,46,eb,2c,39,92,d7,f9,15,14,b3,7e,b7,49,

51,bc,c9,e0,1d,51,c7,92,da,60,f6,89,b6,c0,fd,f0,12,6d,36,23,93,be,c7,cb,85,\

"rkeysecu"=hex:96,26,f1,0d,71,88,29,83,f0,aa,2a,92,d1,1d,c9,06

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0a\00\10\08)2\\"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Bell\Bell Internet Security Services\Fws.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe

c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Completion time: 2012-06-09 07:12:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-09 11:12

.

Pre-Run: 102,690,488,320 bytes free

Post-Run: 102,166,982,656 bytes free

.

- - End Of File - - 6122EBADB180FF299F1948740E45D8EB

Link to post
Share on other sites

Windows Defender is integrated into Windows 7. Why you want to ger rid of it?

All you need to do for him is to turn it on or off, depending on whether you have an active antivirus program or not.

http://windows.microsoft.com/en-US/windows-vista/Turn-Windows-Defender-on-or-off

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

<p>Oh, that's right.. My mistake!</p>

<p> </p>

<p> </p>

<div>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

<div>esets_scanner_update returned -1 esets_gle=53251</div>

</div>

<div> </div>

<div> </div>

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.