Malwarebytes crashes PC on Full scan

twist409 · July 5, 2012

Hi - directed to post here from general forum. When I run Malwarebytes on full scan it crashes (bluescreen/memory dump) my PC. This is close to the end of the scan when it reaches winsxs folder. Quick scan is fine and full can in safe mode is fine also. Windows 7 is OS - nothing comes up when I run spybot and microsoft essentials. I have recently uninstalled Lavasoft and moved to Microsoft Essentials as Lavasot software also crashed my PC on full scan which I thought at the time was related to a recent upgrade.

dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Zach at 23:26:24 on 2012-07-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8172.6281 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Protector Suite\upeksvr.exe

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Chicony\GameKeys\MODPS2KEY.EXE

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Protector Suite\psqltray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\Hotkey\Hotkey.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\Tarantula\razerhid.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Chicony\GameKeys\Driver\ZGKY.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\servicing\TrustedInstaller.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Page_URL = hxxp://www.pcspecialist.co.uk/

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [browserChoice] "C:\Windows\System32\browserchoice.exe" /run

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe

mRun: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{DB56DA0A-ABEE-4917-9EA4-703ED7C2D158} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{DB56DA0A-ABEE-4917-9EA4-703ED7C2D158}\3456E64756270516273637 : DhcpNameServer = 4.2.2.1

TCP: Interfaces\{DB56DA0A-ABEE-4917-9EA4-703ED7C2D158}\6796277696E6D65646961653234383039313 : DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

BHO-X64: BitTorrentBar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe

mRun-x64: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]

R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-6-26 468848]

R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-6-20 384880]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-17 1262400]

R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-2-15 33792]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-11 2656280]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-17 136176]

S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-17 136176]

S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TarFltr;Razer Tarantula USB Keyboard;C:\Windows\system32\drivers\UsbFltr.sys --> C:\Windows\system32\drivers\UsbFltr.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-07-05 22:10:25 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-05 15:18:34 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72766A6F-F649-40D4-9092-4D1FBF0D97C1}\gapaengine.dll

2012-07-05 15:18:34 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-07-05 15:18:33 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B06C734-8466-4110-840F-8C7F598E3A8E}\mpengine.dll

2012-07-05 15:08:28 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-05 14:41:47 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-05 01:13:23 388096 ----a-r- C:\Users\Zach\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-05 01:13:23 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-04 21:58:58 -------- d-----w- C:\ProgramData\GFI Software

2012-07-04 19:45:56 -------- d-----w- C:\Users\Zach\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

2012-07-04 19:42:41 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus

2012-07-04 19:39:44 -------- d-----w- C:\Users\Zach\AppData\Roaming\Ad-Aware Antivirus

2012-06-21 19:02:48 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 19:02:47 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 19:02:46 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 19:02:46 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-15 11:38:10 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-11 21:15:00 -------- d--h--w- C:\ProgramData\Common Files

2012-06-11 21:05:28 -------- d-----w- C:\Users\Zach\AppData\Roaming\OpenCandy

2012-06-11 20:57:17 -------- d-----w- C:\Users\Zach\AppData\Roaming\AnvSoft

2012-06-11 20:48:19 -------- d-----w- C:\Users\Zach\AppData\Roaming\AVS4YOU

2012-06-11 20:47:58 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-06-11 20:47:58 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2012-06-11 20:47:58 -------- d-----w- C:\ProgramData\AVS4YOU

2012-06-11 20:47:58 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia

2012-06-07 18:07:13 49664 ----a-w- C:\Windows\System32\drivers\UsbFltr.sys

2012-06-07 18:07:13 19200 ----a-w- C:\Windows\System32\drivers\usbicp.sys

2012-06-07 18:07:13 14592 ----a-w- C:\Windows\SysWow64\drivers\Usbicp.sys

2012-06-07 18:07:12 77312 ----a-w- C:\Windows\SysWow64\Tarantula.cpl

.

==================== Find3M ====================

.

2012-06-16 18:04:33 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-16 18:04:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-17 00:45:14 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-05-17 00:45:14 839112 ----a-w- C:\Windows\System32\deployJava1.dll

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-15 01:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-04-11 15:40:28 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

.

============= FINISH: 23:26:35.49 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/01/2012 15:15:14

System Uptime: 05/07/2012 23:21:11 (0 hours ago)

.

Motherboard: CLEVO | | P180HMx

Processor: Intel® Core i7-2860QM CPU @ 2.50GHz | SOCKET 0 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 27.381 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 466 GiB total, 242.49 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SBRE

Device ID: ROOT\LEGACY_SBRE\0000

Manufacturer:

Name: SBRE

PNP Device ID: ROOT\LEGACY_SBRE\0000

Service: SBRE

.

==== System Restore Points ===================

.

RP135: 05/07/2012 03:07:25 - Scheduled Checkpoint

RP136: 05/07/2012 16:07:22 - Restore Operation

RP137: 05/07/2012 23:10:19 - Windows Update

.

==== Installed Programs ======================

.

Ad-Aware Browsing Protection

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Any Video Converter 3.3.9

Apple Application Support

Apple Software Update

Assassin's Creed II

Batman Arkham City version 1.0

Batman: Arkham Asylum

BBC iPlayer Desktop

BioShock 2

BisonCam

BitTorrent

BitTorrentBar Toolbar

Call of Duty Modern Warfare 2

Call of Duty: Black Ops

D3DX10

DAEMON Tools Lite

Dead Space™

Dead Space™ 2

Diablo III

Gaming Keyboard Driver

Google Toolbar for Internet Explorer

Google Update Helper

HiJackThis

Hotkey 3.3040

Hotspot Shield 2.55

Intel PROSet Wireless

Intel® Management Engine Components

JMicron Flash Media Controller Driver

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

Mass Effect 2

Medieval II Total War

Mesh Runtime

Messenger Companion

Microsoft Age of Empires Gold

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Morrowind

MSVCRT

MSVCRT_amd64

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Oblivion

Origin

Razer Diamondback 3G

Razer Tarantula

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.5

Spybot - Search & Destroy

Star Wars: The Old Republic

StarCraft II

Steam

TES Construction Set

The Elder Scrolls V: Skyrim

The Witcher 2

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VLC media player 2.0.0

WebCam Installer

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

05/07/2012 23:21:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

05/07/2012 21:32:46, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000a870, 0xffffffffc0000185, 0x00000000080fa860, 0xfffff8800150e2b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7675-01.

05/07/2012 21:20:50, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40006f78, 0xffffffffc0000185, 0x00000000b6499860, 0xfffff88000def93c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7285-01.

05/07/2012 21:00:53, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

05/07/2012 20:54:31, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

05/07/2012 20:54:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

05/07/2012 20:54:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

05/07/2012 20:54:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

05/07/2012 20:54:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

05/07/2012 20:54:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

05/07/2012 20:54:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

05/07/2012 20:54:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SBRE spldr tdx vwififlt Wanarpv6 WfpLwf

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

05/07/2012 20:54:16, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

05/07/2012 20:54:12, Error: sptd [4] - Driver detected an internal error in its data structures for .

05/07/2012 20:44:05, Error: NetBT [4300] - The driver could not be created.

05/07/2012 20:44:04, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

05/07/2012 18:14:43, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc400060f0, 0xffffffffc0000185, 0x00000001c8b1d860, 0xfffff88000c1e93c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-10327-01.

05/07/2012 16:08:28, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.974.0;1.129.974.0 Engine version: 1.1.8502.0

05/07/2012 16:06:54, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

05/07/2012 16:03:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000aa48, 0xffffffffc0000185, 0x00000000c85a8860, 0xfffff880015492b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7456-01.

05/07/2012 02:37:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40006ef0, 0xffffffffc0000185, 0x0000000070f15860, 0xfffff88000dde93c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-9984-01.

05/07/2012 02:37:19, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

05/07/2012 02:07:36, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000a8b0, 0xffffffffc0000185, 0x00000001b0057860, 0xfffff88001516c08). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7534-01.

05/07/2012 01:41:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000a808, 0xffffffffc0000185, 0x000000021e60b860, 0xfffff880015012b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-8252-01.

05/07/2012 00:51:15, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000a798, 0xffffffffc0000185, 0x0000000126f97860, 0xfffff880014f3c08). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-7363-01.

04/07/2012 22:57:28, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40006e80, 0xffffffffc0000185, 0x0000000032e28860, 0xfffff88000dd093c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070412-8049-01.

04/07/2012 21:52:53, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40009a58, 0xffffffffc0000185, 0x0000000085869860, 0xfffff8800134bc08). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070412-8595-01.

04/07/2012 10:49:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc400074e8, 0xffffffffc0000185, 0x0000000061f54860, 0xfffff88000e9d93c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070412-10467-01.

04/07/2012 00:04:56, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

03/07/2012 09:17:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.804.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

.

==== End Of File ===========================

Maniac · July 6, 2012

Hello twist409! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

Ad-Aware Browsing Protection

BitTorrent

BitTorrentBar Toolbar

Step 2

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

OTL log with Extras.txt
aswMBR log

twist409 · July 6, 2012

Hi Maniac - thanks for helping

I can't for the life of me find the ad-aware files. Its not on my program list and I cant find it even when i search my files. The other 2 are now uninstalled. I can only guess the ad-aware is something left over from when I uninstalled this program previously.

OTL.txt

OTL logfile created on: 7/6/2012 9:15:11 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Zach\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 73.08% Memory free

15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111.79 Gb Total Space | 27.14 Gb Free Space | 24.28% Space Free | Partition Type: NTFS

Drive D: | 7.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 465.66 Gb Total Space | 242.49 Gb Free Space | 52.07% Space Free | Partition Type: NTFS

Computer Name: LAPTOP-PC | User Name: Zach | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 21:14:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe

PRC - [2012/06/26 01:46:12 | 000,468,848 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

PRC - [2012/06/20 03:24:24 | 000,384,880 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

PRC - [2012/06/16 19:04:33 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

PRC - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/04/27 14:55:15 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012/01/11 16:48:09 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe

PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/15 19:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

PRC - [2011/08/02 10:54:14 | 003,079,680 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe

PRC - [2011/03/30 15:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2011/03/30 15:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2011/03/30 15:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2011/03/30 15:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

PRC - [2011/02/15 18:16:46 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

PRC - [2011/02/01 08:24:42 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 08:24:40 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/17 04:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2008/12/23 04:19:08 | 000,053,248 | ---- | M] (Chicony) -- C:\Program Files (x86)\Chicony\GameKeys\ModPS2Key.exe

PRC - [2008/12/23 04:19:08 | 000,040,960 | ---- | M] (Chicony) -- C:\Program Files (x86)\Chicony\GameKeys\Driver\ZGKY.exe

PRC - [2007/08/01 15:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe

PRC - [2007/05/07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe

PRC - [2007/02/14 12:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/15 22:37:22 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll

MOD - [2012/06/15 22:36:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/15 22:36:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/15 19:34:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012/05/11 18:16:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll

MOD - [2012/05/11 18:16:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/11 18:16:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/04/27 14:55:15 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/04/27 14:55:15 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/04/27 14:55:15 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/04/27 14:55:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/04/27 14:55:15 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/02 10:54:14 | 003,079,680 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe

MOD - [2009/06/06 15:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll

MOD - [2007/08/01 15:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe

MOD - [2006/12/11 03:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/05/02 23:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2011/05/02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/05/02 23:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/26 01:46:12 | 000,468,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)

SRV - [2012/06/20 03:24:24 | 000,384,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)

SRV - [2012/06/20 02:26:02 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)

SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/04/27 14:55:15 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/01/15 20:21:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/11/15 19:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)

SRV - [2011/03/30 15:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2011/03/30 15:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2011/03/30 15:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2011/02/15 18:16:46 | 000,033,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)

SRV - [2011/02/01 08:24:42 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2011/02/01 08:24:40 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012/04/11 16:40:28 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)

DRV:64bit: - [2012/04/06 19:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/02 13:20:40 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2012/03/02 11:57:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/06/22 15:26:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2011/05/01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2011/03/22 19:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/08 15:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2011/03/08 15:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2011/02/10 09:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/02/10 09:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 11:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/09/23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/02/25 04:26:58 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)

DRV:64bit: - [2009/12/09 02:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2007/04/11 16:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)

DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbicp.sys -- (uisp)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005/12/21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbicp.sys -- (uisp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcspecialist.co.uk/

IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...&q={searchTerms}

IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-11 22:15:08&v=11.1.0.7&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2012/02/23 18:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions

[2012/02/23 18:39:02 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.

O3 - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe (CHICOY)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (Authentec Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()

O4 - HKLM..\Run: [LchGKey] C:\Program Files (x86)\Chicony\GameKeys\LchGKey.exe (CHICOY)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1160048876-3471134622-995861280-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1160048876-3471134622-995861280-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-1160048876-3471134622-995861280-1001..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found

O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found

O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found

O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-1160048876-3471134622-995861280-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB56DA0A-ABEE-4917-9EA4-703ED7C2D158}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/10/26 17:45:39 | 000,779,496 | R--- | M] (BioWare) - D:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2009/10/26 22:21:41 | 000,000,054 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{302306c0-6462-11e1-abd8-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{302306c0-6462-11e1-abd8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe

O33 - MountPoints2\{4abec948-3bf1-11e1-aabc-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4abec948-3bf1-11e1-aabc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2009/10/26 17:45:39 | 000,779,496 | R--- | M] (BioWare)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 21:14:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe

[2012/07/06 21:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/07/06 21:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/07/06 21:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/07/06 21:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/07/06 17:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2012/07/05 23:23:54 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Zach\Desktop\dds.com

[2012/07/05 23:23:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Zach\Desktop\dds.scr

[2012/07/05 15:41:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/05 02:13:24 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/07/05 02:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/07/04 22:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software

[2012/07/04 20:45:56 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2012/07/04 10:49:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/07/04 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\Zach\Desktop\Photos to be sorted 04072012

[2012/06/11 22:15:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/06/11 22:05:48 | 000,000,000 | ---D | C] -- C:\Users\Zach\Documents\Any Video Converter

[2012/06/11 22:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft

[2012/06/11 22:05:28 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\OpenCandy

[2012/06/11 21:57:23 | 000,000,000 | ---D | C] -- C:\Users\Zach\Documents\Any Video Converter Ultimate

[2012/06/11 21:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/06/11 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\AnvSoft

[2012/06/11 21:48:19 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\AVS4YOU

[2012/06/11 21:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia

[2012/06/11 21:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2012/06/09 15:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA

[2012/06/07 19:07:13 | 000,049,664 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysNative\drivers\UsbFltr.sys

[2012/06/07 19:07:13 | 000,019,200 | ---- | C] (Motorola) -- C:\Windows\SysNative\drivers\usbicp.sys

[2012/06/07 19:07:13 | 000,014,592 | ---- | C] (Motorola) -- C:\Windows\SysWow64\drivers\Usbicp.sys

[2012/06/07 19:07:12 | 000,077,312 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\Tarantula.cpl

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/06 21:14:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe

[2012/07/06 21:01:36 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/06 21:01:36 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/06 20:58:44 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/06 20:58:44 | 000,666,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/06 20:58:44 | 000,126,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/06 20:54:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/06 20:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/06 20:54:27 | 2131,419,135 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/06 17:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/05 23:23:54 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Zach\Desktop\dds.com

[2012/07/05 23:23:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Zach\Desktop\dds.scr

[2012/07/05 21:32:44 | 952,582,531 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/05 02:13:24 | 000,002,971 | ---- | M] () -- C:\Users\Zach\Desktop\HiJackThis.lnk

[2012/07/04 21:25:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat

[2012/07/04 20:45:54 | 000,000,596 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk

[2012/07/04 10:49:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat

[2012/07/01 22:25:15 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat

[2012/07/01 22:25:15 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat

[2012/06/15 22:36:32 | 000,277,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/11 22:05:31 | 000,000,627 | ---- | M] () -- C:\Users\Zach\Desktop\Any Video Converter.lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 02:13:24 | 000,002,971 | ---- | C] () -- C:\Users\Zach\Desktop\HiJackThis.lnk

[2012/07/04 21:25:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat

[2012/07/04 20:45:54 | 000,000,596 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk

[2012/07/04 20:45:54 | 000,000,596 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Desktop.lnk

[2012/07/04 10:49:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat

[2012/07/04 10:49:12 | 952,582,531 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/06/11 22:05:31 | 000,000,627 | ---- | C] () -- C:\Users\Zach\Desktop\Any Video Converter.lnk

[2012/06/07 19:07:13 | 000,010,275 | ---- | C] () -- C:\Windows\SysWow64\drivers\usbicp.cat

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/01/23 00:21:10 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/01/15 20:21:55 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini

[2012/01/15 20:21:55 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini

[2012/01/15 20:21:55 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

[2012/01/15 20:20:36 | 000,000,101 | R--- | C] () -- C:\Windows\OEM.ini

[2012/01/15 20:20:36 | 000,000,020 | R--- | C] () -- C:\Windows\Bison.ini

[2012/01/13 23:21:55 | 000,007,609 | ---- | C] () -- C:\Users\Zach\AppData\Local\Resmon.ResmonCfg

[2012/01/11 16:35:34 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2012/01/11 16:35:34 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2012/01/11 16:19:47 | 000,005,967 | ---- | C] () -- C:\Users\Zach\AppData\Local\backup.vtp

[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2012/06/11 22:05:47 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\AnvSoft

[2012/07/04 20:45:56 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2012/01/20 19:33:38 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Bioshock2

[2012/01/27 22:35:40 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\DAEMON Tools Lite

[2012/06/11 22:05:28 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\OpenCandy

[2012/01/14 20:25:15 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Origin

[2012/01/11 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Protector Suite

[2012/01/27 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Zach\AppData\Roaming\Ubisoft

[2012/05/28 11:18:23 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

twist409 · July 6, 2012

Extras.txt

OTL Extras logfile created on: 7/6/2012 9:15:11 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Zach\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 73.08% Memory free

15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111.79 Gb Total Space | 27.14 Gb Free Space | 24.28% Space Free | Partition Type: NTFS

Drive D: | 7.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 465.66 Gb Total Space | 242.49 Gb Free Space | 52.07% Space Free | Partition Type: NTFS

Computer Name: LAPTOP-PC | User Name: Zach | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{28DFB131-4FEB-4B70-89A0-22234CF5A15A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{A46FA147-556D-4551-AF1D-107547EC6EBF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02DB8B35-6E3B-4287-BB0C-E7CC45A0E470}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{035E3C76-CA8F-4C41-BAB4-DDB993908E6B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{0E4278EF-86D7-4E14-A12D-7EDB1D75240F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{1312D691-9962-42DD-A073-C102D993D9E0}" = protocol=17 | dir=in | app=e:\games\assasinscreed2\uplaybrowser.exe |

"{1335AA09-CF45-4C2B-8844-6B920B92F58C}" = protocol=6 | dir=in | app=e:\games\assasinscreed2\assassinscreediigame.exe |

"{17026CBF-A40D-485A-8FAD-BBE6201801D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1D71B73E-5BE4-4979-A6D2-07C07FDC866A}" = protocol=6 | dir=in | app=e:\games\assasinscreed2\assassinscreedii.exe |

"{222815C6-E784-43A9-AC7E-C8C025FE5FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{299BA8B8-9FAA-46E2-A58E-CFE77EEB0A4B}" = protocol=17 | dir=in | app=e:\games\star wars-the old republic\launcher.exe |

"{2CC64335-032D-4215-9C1A-E759A39A1E39}" = protocol=17 | dir=in | app=e:\games\assasinscreed2\assassinscreediigame.exe |

"{2F4CFE4F-1224-4F3F-A03B-2F5E7A813EF1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{373469FE-5FAE-4FFE-8B19-72EE708FB978}" = protocol=6 | dir=in | app=e:\games\star wars-the old republic\launcher.exe |

"{37A7B0D4-C86A-4B5B-85CC-F81394E60822}" = protocol=17 | dir=in | app=e:\games\diablo iii\diablo iii.exe |

"{392187D8-2790-4C22-8DEE-DBD85C800751}" = protocol=17 | dir=in | app=e:\games\star wars-the old republic\swtor\retailclient\swtor.exe |

"{3AA496F7-D4A1-4D36-954F-6F854B80A0D2}" = protocol=17 | dir=in | app=e:\games\bioshock2\sp\builds\binaries\bioshock2.exe |

"{488E8582-6BFE-4EF4-BEA8-4B2F5D398BB7}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe |

"{490398E5-C8B5-4C3C-8F6B-8560C8C01AD1}" = protocol=17 | dir=in | app=e:\games\star wars-the old republic\launcher.exe |

"{520B9233-3126-4D69-809B-8AC00E5A8878}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |

"{5510F7ED-5861-4A1B-8BDD-E23550F631E5}" = protocol=6 | dir=in | app=e:\games\bioshock2\mp\builds\binaries\bioshock2.exe |

"{56FD4ED8-86B1-4D63-8169-13F439567913}" = protocol=17 | dir=in | app=e:\games\mass effect 2\binaries\masseffect2.exe |

"{5A7F3D5C-1AE9-49AD-9C57-4B980E568443}" = protocol=6 | dir=in | app=e:\games\star wars-the old republic\swtor\retailclient\swtor.exe |

"{5D23D8A9-FF8F-498F-9A41-4A1F6DE29B83}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{62225109-08A4-42E8-9C74-2A1723CCDDDE}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe |

"{67ECD339-2331-4DC1-8453-8D74DB35CBFD}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe |

"{6F34DDA5-26BB-4DAC-BE0E-5C438F0B86B0}" = protocol=17 | dir=in | app=e:\games\assasinscreed2\assassinscreedii.exe |

"{6F8B6718-99A6-4E36-915D-2783EBF8636E}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |

"{72FEA028-E379-4195-A850-A7B8A56F27DC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |

"{7483044E-8671-44B7-A77C-93373C2D1B5B}" = protocol=6 | dir=in | app=e:\games\star wars-the old republic\swtor\retailclient\swtor.exe |

"{7CA1C108-A535-44E4-9546-D9D642150EEE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{85711BC7-AF81-436C-B8FB-7A781CFAFFC1}" = protocol=6 | dir=in | app=e:\games\star wars-the old republic\launcher.exe |

"{97E687EF-5B16-4F5E-954A-602832270245}" = protocol=6 | dir=in | app=e:\games\bioshock2\sp\builds\binaries\bioshock2.exe |

"{9C54774C-9B14-4A1C-9B89-AD723012D5CB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{A0263B69-99D1-44B8-BB6E-BC6D27C155CD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{A05A093A-3CD7-4D79-BE03-E9C0F955474F}" = protocol=17 | dir=in | app=e:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"{A0716A11-0F7F-408D-8272-CC8A58DA51FA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{A0CD120C-25DD-40BF-A57D-317F6E63D550}" = protocol=6 | dir=in | app=e:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"{ACA07BA7-347F-474A-8016-07FD28E633CD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{ACC0334B-4C47-44F5-AF93-18D915DFEC45}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{ADC22346-4758-4587-ACEB-9C010897157F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{B2FF70CB-7A94-4948-8DB9-1E833917422A}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |

"{B557B218-3418-4F5E-8E5B-1112A0E30CC7}" = protocol=6 | dir=in | app=e:\games\mass effect 2\masseffect2launcher.exe |

"{B789C6D9-F2B8-4F2F-A368-E260BEC21663}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{BBAB8DCA-D381-4B62-9003-1819A9A15101}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |

"{BD3FFFA9-8AAD-408E-A6D6-AF8782EAD654}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{BD9B7AC0-CD42-44B7-BF13-5CC2FEAB8AB2}" = protocol=6 | dir=in | app=e:\games\assasinscreed2\uplaybrowser.exe |

"{C4B10BB5-21C1-42B3-A160-67D88AF4A003}" = protocol=17 | dir=in | app=e:\games\star wars-the old republic\swtor\retailclient\swtor.exe |

"{C8720399-E027-457A-B6EF-678966A4FE98}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{CCAD9962-52C0-43BE-A7DB-C72ED249F2E8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{CDB3D4AD-81F5-4525-A986-D6FC3DC9962D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{D2A179A9-917D-4D8A-8D9B-0ED2911DF77A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |

"{E4118CBA-7DC9-43BF-99BC-ED092626FA85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{E4AF60D7-29F0-48F3-AB91-5F211B3D3088}" = protocol=6 | dir=in | app=e:\games\mass effect 2\binaries\masseffect2.exe |

"{E7F7F9C0-B2B2-4620-8263-2F081F8A3806}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{E9245AC5-546C-469A-B379-B627D67C246B}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe |

"{EDC62373-C342-4C74-9BAE-C51DAC0F7CCB}" = protocol=17 | dir=in | app=e:\games\mass effect 2\masseffect2launcher.exe |

"{F0C1A871-8E1E-4B19-845B-9EABC0740BAE}" = protocol=17 | dir=in | app=e:\games\bioshock2\mp\builds\binaries\bioshock2.exe |

"{F3EDF92F-EA94-4967-BD85-01DDF9489802}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F5FBE70A-4ED3-4E2B-BB80-783D962E58AD}" = protocol=6 | dir=in | app=e:\games\diablo iii\diablo iii.exe |

"{F8372608-9C98-4BA1-BA82-8AA58AC29C49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"TCP Query User{0E93BCD9-8322-4A74-A633-20C2BFA76C1B}E:\games\deadspace\dead space.exe" = protocol=6 | dir=in | app=e:\games\deadspace\dead space.exe |

"TCP Query User{1727DE4A-998E-4147-BA11-DD12114BC2C3}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe |

"TCP Query User{1DEBD938-9BD6-432D-9857-20E8A60BC5D5}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{2D7F1664-E111-454C-8BC7-56CD85F6F426}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |

"TCP Query User{361E4CA9-B062-4A40-A4E1-F415A493129D}E:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base21029\sc2.exe |

"TCP Query User{38D0AFE0-DD17-43AD-ABC1-1BDF2482E493}E:\games\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=e:\games\call of duty - black ops\blackops.exe |

"TCP Query User{3CE0C551-B0F0-4C52-9F47-A67366DAE634}C:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |

"TCP Query User{3F142973-0CB4-42B3-9A1A-E92CE8A7E371}C:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"TCP Query User{4002F8F1-B8E5-4EAA-BE8D-8610526456C5}C:\users\zach\downloads\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\zach\downloads\diablo-iii-8370-engb-installer-downloader.exe |

"TCP Query User{57A13F9B-8520-44CD-9F79-D7F2BF066E35}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"TCP Query User{70FC3136-EBF2-484D-AF75-DF446A0E5337}E:\games\assasinscreed2\assassinscreediigame.exe" = protocol=6 | dir=in | app=e:\games\assasinscreed2\assassinscreediigame.exe |

"TCP Query User{73F4B04D-3AB1-4C53-8FD3-61230F9BC6AC}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"TCP Query User{81A31EEC-122B-47C5-B9A1-3448F767F8BE}E:\games\deadspace\dead space.exe" = protocol=6 | dir=in | app=e:\games\deadspace\dead space.exe |

"TCP Query User{8B089917-AB19-4E2B-8967-2374168D5E2F}C:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |

"TCP Query User{984937E7-2A4F-494B-B3CC-4A82D15DCDC7}E:\games\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe |

"TCP Query User{9A177AFC-D580-4482-ACE1-8E176FD5D507}E:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=e:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe |

"TCP Query User{9EA66D90-8E4A-4A19-80EB-9D0AC04D3F3F}E:\games\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=e:\games\call of duty - black ops\blackops.exe |

"TCP Query User{A338C8D8-5918-487B-AF71-1A85F818DACC}C:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"TCP Query User{A7E9F891-5EE3-4B74-95A7-B55E2BA7DCE1}C:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe |

"TCP Query User{AB676029-40F7-4652-8CCC-D429BF19914B}C:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |

"TCP Query User{B3FC7E09-1E59-41CD-B34F-4DA55662E08B}E:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=e:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe |

"TCP Query User{D1F25B78-D1DE-4E4A-9B07-E478CEDF9F16}C:\users\zach\appdata\local\microsoft\windows\temporary internet files\content.ie5\nnm5xnrj\diablo-iii-setup-engb.exe" = protocol=6 | dir=in | app=c:\users\zach\appdata\local\microsoft\windows\temporary internet files\content.ie5\nnm5xnrj\diablo-iii-setup-engb.exe |

"TCP Query User{D3153725-EB21-4749-8938-DF10896FFF48}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |

"TCP Query User{DEF00530-6252-4DD2-A405-94C9FA3AEEA8}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{E302D978-89F6-4A08-A08C-C86F4FFC19A4}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe |

"TCP Query User{ED9F10CC-F25A-4D72-AAD8-C0A7EE10D52D}E:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=e:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"TCP Query User{F068C3ED-C961-4B81-B560-687B402F4A05}E:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{F676DC9D-E413-4DE0-8BCD-5460B0AB753D}E:\games\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=e:\games\mass effect 2\binaries\masseffect2.exe |

"UDP Query User{06F285CC-A6E5-414D-8D61-CF1A252487D7}C:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe |

"UDP Query User{071EAB71-1F01-43F1-8CAC-0FE2290967D9}E:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=e:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe |

"UDP Query User{0AE2EA98-608E-4B4C-97C2-37748E07BE1C}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe |

"UDP Query User{23C1C6E5-F709-4400-BD2F-2B944995BA65}E:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=e:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"UDP Query User{411EFD5F-C148-480F-B13D-BDDAC698DDC5}E:\games\deadspace\dead space.exe" = protocol=17 | dir=in | app=e:\games\deadspace\dead space.exe |

"UDP Query User{42A4AB4B-1625-4D17-B964-E2A0A7390A1A}E:\games\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=e:\games\mass effect 2\binaries\masseffect2.exe |

"UDP Query User{479945B7-7F98-4AE7-B402-F7C60D579332}C:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"UDP Query User{581754D7-3482-4D34-9882-6066249AA721}E:\games\assasinscreed2\assassinscreediigame.exe" = protocol=17 | dir=in | app=e:\games\assasinscreed2\assassinscreediigame.exe |

"UDP Query User{5BB77663-5A3A-41DA-9E69-4D1672CABCDB}E:\games\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe |

"UDP Query User{65ACE489-A9F2-42F2-86A0-00EEB28D2DFF}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |

"UDP Query User{6F4FE9FE-DB58-4C22-9BC4-0665254A6F2C}E:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=e:\games\batman arkham city\batman arkham city\binaries\win32\batmanac.exe |

"UDP Query User{712556D1-4047-4707-B488-05F26F150E93}C:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |

"UDP Query User{799DC8CA-17D7-4802-A13E-74DA139E0CFE}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"UDP Query User{8065C3C6-38D1-4B96-BD2A-3362529A4768}E:\games\deadspace\dead space.exe" = protocol=17 | dir=in | app=e:\games\deadspace\dead space.exe |

"UDP Query User{863D2DCB-F5B2-45EC-AAD7-5AC0990E1B42}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"UDP Query User{88E05272-C507-4392-BB3B-28AE941D1585}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe |

"UDP Query User{92C0CB86-DF2A-46F7-ABD6-0DD65141F9AB}C:\users\zach\appdata\local\microsoft\windows\temporary internet files\content.ie5\nnm5xnrj\diablo-iii-setup-engb.exe" = protocol=17 | dir=in | app=c:\users\zach\appdata\local\microsoft\windows\temporary internet files\content.ie5\nnm5xnrj\diablo-iii-setup-engb.exe |

"UDP Query User{9AD6C5F6-61E9-4BE1-83E0-5C7F1CFDEEBE}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"UDP Query User{AD6CE561-35D9-4050-8B62-CD17E92AE56B}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{B3A6FF7D-A391-4B7D-9A88-B0D49ADB534A}C:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |

"UDP Query User{C0D0043A-0004-4953-8788-6AF89996F6D0}E:\games\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=e:\games\call of duty - black ops\blackops.exe |

"UDP Query User{C249CCEF-FBF7-4970-9B50-FF62634E6DA8}C:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"UDP Query User{C463387F-4ECA-4CAB-A91A-3281B8174C74}C:\users\zach\downloads\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\zach\downloads\diablo-iii-8370-engb-installer-downloader.exe |

"UDP Query User{CB64CFFF-C29C-4A9A-9992-77833CA4CD20}E:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{CC2BB19E-B954-4760-B5A7-1C2AE8C3AC04}E:\games\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=e:\games\call of duty - black ops\blackops.exe |

"UDP Query User{DA454C23-7975-442D-B408-D75F222E75CA}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |

"UDP Query User{E8A992AC-8A19-4905-BD42-BA255565E92E}C:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |

"UDP Query User{FAE113D4-CFE5-4BC9-AE57-E975CE5764BE}E:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base21029\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF960845-F006-40B0-B3B3-697219EF78B2}" = Protector Suite 2011

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3040

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer

"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™

"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam

"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula

"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B7IL77L-LKS1-AC3-BATAC-18CD6E6334R1}_is1" = Batman Arkham City version 1.0

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E00FBF68-5168-49A3-BBCA-3D8C29E24D20}" = The Witcher 2

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F385F486-C1BC-4350-8837-6F17761134B5}" = Gaming Keyboard Driver

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Age of Empires 2.0" = Microsoft Age of Empires II

"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold

"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion

"Any Video Converter_is1" = Any Video Converter 3.3.9

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2

"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops

"DAEMON Tools Lite" = DAEMON Tools Lite

"Diablo III" = Diablo III

"HotspotShield" = Hotspot Shield 2.55

"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3040

"InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Origin" = Origin

"ProInst" = Intel PROSet Wireless

"StarCraft II" = StarCraft II

"Steam App 72850" = The Elder Scrolls V: Skyrim

"VLC media player" = VLC media player 2.0.0

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/4/2012 9:07:37 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/4/2012 9:11:39 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary

Internet Files\Content.IE5\2CJLCEYQ\SoftonicDownloader_for_hijackthis.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 7/4/2012 9:11:41 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary

Internet Files\Content.IE5\2CJLCEYQ\SoftonicDownloader_for_hijackthis.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 7/4/2012 9:37:26 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/5/2012 10:43:56 AM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/5/2012 11:03:04 AM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/5/2012 11:06:22 AM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/5/2012 11:08:31 AM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/5/2012 12:59:00 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/5/2012 12:59:59 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/5/2012 1:14:47 PM | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 4/9/2012 5:35:48 AM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.123.1294.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 4/10/2012 5:35:21 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage:

%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error

code: 0x80240022 Error description: The program can't check for definition updates.

Error - 4/10/2012 5:35:21 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage:

%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error

code: 0x80240022 Error description: The program can't check for definition updates.

Error - 4/10/2012 5:45:48 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 4/11/2012 1:52:24 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 4/11/2012 5:09:18 PM | Computer Name = Laptop-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.123.1375.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 4/27/2012 9:55:17 AM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Steam

Client Service service to connect.

Error - 4/27/2012 9:55:17 AM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000

Description = The Steam Client Service service failed to start due to the following

error: %%1053

Error - 5/1/2012 10:53:15 AM | Computer Name = Laptop-PC | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

Error - 5/6/2012 4:54:46 AM | Computer Name = Laptop-PC | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

< End of report >

ASWMBR

Run date: 2012-07-06 21:26:36

-----------------------------

21:26:36.318 OS Version: Windows x64 6.1.7601 Service Pack 1

21:26:36.318 Number of processors: 8 586 0x2A07

21:26:36.318 ComputerName: LAPTOP-PC UserName: Zach

21:26:36.552 Initialize success

21:28:28.998 AVAST engine defs: 12070601

21:28:53.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:28:53.719 Disk 0 Vendor: INTEL_SSDSC2MH120A2 PPG4 Size: 114473MB BusType: 11

21:28:53.719 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1

21:28:53.719 Disk 1 Vendor: WDC_WD5000BPKT-00PK4T0 01.01A01 Size: 476940MB BusType: 11

21:28:53.719 Disk 0 MBR read successfully

21:28:53.719 Disk 0 MBR scan

21:28:53.766 Disk 0 Windows 7 default MBR code

21:28:53.766 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 114471 MB offset 2048

21:28:53.797 Disk 0 scanning C:\Windows\system32\drivers

21:28:58.919 Service scanning

21:29:11.762 Modules scanning

21:29:11.762 Disk 0 trace - called modules:

21:29:11.762 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069c62c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

21:29:11.762 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007abe790]

21:29:11.778 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007889520]

21:29:11.793 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007852680]

21:29:11.793 \Driver\atapi[0xfffffa800783e690] -> IRP_MJ_CREATE -> 0xfffffa80069c62c0

21:29:12.027 AVAST engine scan C:\Windows

21:29:12.669 AVAST engine scan C:\Windows\system32

21:30:38.871 AVAST engine scan C:\Windows\system32\drivers

21:30:44.621 AVAST engine scan C:\Users\Zach

21:31:20.430 AVAST engine scan C:\ProgramData

21:31:41.089 Scan finished successfully

21:31:50.678 Disk 0 MBR has been saved successfully to "C:\Users\Zach\Desktop\MBR.dat"

21:31:50.725 The log file has been saved successfully to "C:\Users\Zach\Desktop\aswMBR.txt"

Cheers

Maniac · July 7, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2012/02/23 18:39:02 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1160048876-3471134622-995861280-1000\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ad-Aware Browsing Protection" =-

:files
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

twist409 · July 7, 2012

Maniac,

As requested:

All processes killed

========== OTL ==========

C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.

C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.

C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.

C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.

C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.

C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.

C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1160048876-3471134622-995861280-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP deleted successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Ad-Aware Browsing Protection not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Zach\Desktop\cmd.bat deleted successfully.

C:\Users\Zach\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56478 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

User: Zach

->Temp folder emptied: 131263059 bytes

->Temporary Internet Files folder emptied: 138658565 bytes

->Java cache emptied: 490836 bytes

->Flash cache emptied: 15257315 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 401408 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 295139169 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50601 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 554.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07072012_160512

Files\Folders moved on Reboot...

C:\Users\Zach\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\AjaxHistoryFrame[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\RteFrame_16.2.7040.0620[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\xmlProxy[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\adloader[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\default[2].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\InboxLight[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\resourcespreload[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6SG2S2M9\EditMessageLight[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6SG2S2M9\xmlProxy[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\LocalStorage[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\Messenger[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\resourcespreload[1].htm moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

File C:\Users\Zach\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\AjaxHistoryFrame[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\RteFrame_16.2.7040.0620[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGQFGKGC\xmlProxy[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\adloader[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\default[2].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\InboxLight[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4IKV6S3\resourcespreload[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6SG2S2M9\EditMessageLight[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6SG2S2M9\xmlProxy[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\LocalStorage[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\Messenger[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\165R70KA\resourcespreload[1].htm not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

File C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...

Cheers

Maniac · July 8, 2012

Please update your MBAM and perform a full system scan and post the log file in your next reply.

twist409 · July 12, 2012

Hi Maniac = same issue when I run full scan. Kernal data error and blue screen

Maniac · July 12, 2012

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

twist409 · July 13, 2012

Hi Maniac, please see below!

ComboFix 12-07-12.02 - Zach 13/07/2012 3:24.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8172.6306 [GMT 1:00]

Running from: c:\users\Zach\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Roaming

c:\users\Public\sdelevURL.tmp

c:\users\Zach\AppData\Local\Temp\{928D9A8B-E642-4A17-BF4C-B0922036902E}\fpb.tmp

.

((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

.

2012-07-12 02:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 22:40 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 22:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-11 22:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-11 22:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-11 22:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 22:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-11 22:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-07-11 22:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 22:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 22:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 22:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 22:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 22:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 22:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-07-10 03:44 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-07 15:05 . 2012-07-07 15:05 -------- d-----w- C:\_OTL

2012-07-06 20:12 . 2012-07-06 20:12 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-06 20:12 . 2012-07-06 20:12 -------- d-----w- c:\program files (x86)\Oracle

2012-07-06 20:12 . 2012-05-04 18:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-06 20:12 . 2012-05-04 18:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-06 20:12 . 2012-07-06 20:12 -------- d-----w- c:\program files (x86)\Java

2012-07-06 16:36 . 2012-07-06 17:09 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-07-05 22:10 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2012-07-05 15:18 . 2012-07-05 15:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72766A6F-F649-40D4-9092-4D1FBF0D97C1}\gapaengine.dll

2012-07-05 15:18 . 2012-01-22 23:26 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-07-05 14:41 . 2012-07-05 14:41 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-05 01:13 . 2012-07-05 01:13 388096 ----a-r- c:\users\Zach\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-05 01:13 . 2012-07-05 01:13 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-04 21:58 . 2012-07-04 21:58 -------- d-----w- c:\programdata\GFI Software

2012-07-04 19:45 . 2012-07-04 19:45 -------- d-----w- c:\users\Zach\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

2012-06-21 19:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 19:02 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 19:02 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 19:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 19:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 19:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 19:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 19:02 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 19:02 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-16 18:04 . 2012-05-27 13:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-16 18:04 . 2012-01-17 18:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-17 00:45 . 2012-05-17 00:45 955848 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-17 00:45 . 2012-05-17 00:45 839112 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-15 10:48 . 2012-05-27 13:59 8139072 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:48 . 2012-05-27 13:59 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-05-15 10:48 . 2012-05-27 13:59 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:48 . 2012-05-27 13:59 2681664 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:48 . 2012-05-27 13:59 25743168 ----a-w- c:\windows\system32\nvoglv64.dll

2012-05-15 10:48 . 2012-05-27 13:59 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-05-15 10:48 . 2012-05-27 13:59 25248064 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:48 . 2012-05-27 13:59 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-05-15 10:48 . 2012-05-27 13:59 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-05-15 10:48 . 2012-05-27 13:59 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2012-05-27 13:59 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-05-15 10:48 . 2012-05-27 13:59 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 10:48 . 2012-05-17 00:55 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-05-15 10:48 . 2012-05-17 00:55 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-05-17 00:55 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2012-05-17 00:55 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2012-05-17 00:55 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 10:48 . 2012-05-17 00:55 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2012-05-17 00:55 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 10:48 . 2012-01-11 04:05 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2012-01-11 04:05 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 09:29 . 2011-06-24 05:21 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-06-24 05:21 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-06-24 05:21 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2011-06-24 05:21 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2011-06-24 05:20 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-06-24 05:20 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-04-18 17:08 . 2012-05-27 13:59 31040 ----a-w- c:\windows\system32\nvhdap64.dll

2012-04-18 17:08 . 2012-05-27 13:59 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-04-18 17:08 . 2012-05-17 00:55 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-11 1242448]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]

"LchGKey"="c:\program files (x86)\Chicony\GameKeys\LchGKey.exe" [2009-03-24 385024]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"Tarantula"="c:\program files (x86)\Razer\Tarantula\razerhid.exe" [2007-05-07 159744]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-8-2 3079680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 136176]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 136176]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2007-04-11 49664]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-02 283200]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]

S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-06-26 468848]

S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-06-20 384880]

S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-06-22 174680]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 18:13]

.

2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 18:13]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2011-04-08 08:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2011-04-08 08:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2011-04-08 85320]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"LchGKey"="c:\program files (x86)\Chicony\GameKeys\LchGKey.exe" [2009-03-24 385024]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-08 11860072]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 24.92.226.11 24.92.226.12

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Origin - e:\origin\OriginUninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1160048876-3471134622-995861280-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:2b,9a,37,65,ce,4a,28,37,ee,b8,6d,37,66,27,c8,9f,16,3d,f7,dd,ca,25,ae,

dc,a2,74,a3,86,9f,96,a0,da,c1,26,55,40,62,47,16,8f,82,4f,a4,f9,d2,4b,1d,83,\

"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

.

[HKEY_USERS\S-1-5-21-1160048876-3471134622-995861280-1000\Software\SecuROM\License information*]

"datasecu"=hex:fb,8a,30,26,3d,90,95,b1,1a,fa,f4,a8,4d,e2,69,1e,e6,00,9f,2d,cf,

97,f0,04,11,ca,33,0d,64,15,c4,d2,b5,72,9f,bd,ba,85,bd,92,bb,39,f0,05,88,64,\

"rkeysecu"=hex:ba,e2,11,3e,77,c1,74,58,a4,0d,57,96,74,3d,2a,3a

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

c:\program files (x86)\Chicony\GameKeys\MODPS2KEY.EXE

.

**************************************************************************

.

Completion time: 2012-07-13 03:28:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-13 02:28

.

Pre-Run: 25,309,462,528 bytes free

Post-Run: 25,124,352,000 bytes free

.

- - End Of File - - 9BDE9E932161FF8CFAA5AF9DA4956622

Maniac · July 13, 2012

Please try again with Malwarebytes and let me know.

twist409 · July 14, 2012

Same thing again Maniac.

Would it help if I try and record the last file scanned before the blue screen?

Maniac · July 14, 2012

Let's try. Check it and let me know.

Maurice Naggar · July 19, 2012

@twist409

Please advise if you are still with us ? Provide status update.

Maurice Naggar · July 20, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Malwarebytes crashes PC on Full scan

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information