trojan.dropper.bcminer :/

[Comminuo]

Picked one up a couple days ago, got a usb, and this is the log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Micah at 22:12:14 on 2012-07-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.1707 [GMT -6:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Users\Micah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Razer\Lycosa\razerhid.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe

C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.88\deploy\LoLLauncher.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.175\deploy\LolClient.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [AdobeBridge]

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [<NO NAME>]

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9

TCP: Interfaces\{28120EA2-1571-41F7-9E5F-7A5A50040511} : DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File

TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

mRun-x64: [(Default)]

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

.

FF - user.js: extensions.autoDisableScopes - 14

.

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-13 8704]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-28 2337144]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-9 2533400]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\system32\DRIVERS\evolve.sys --> C:\Windows\system32\DRIVERS\evolve.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

RUnknown SASKUTIL;SASKUTIL; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-7 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2012-7-5 1511448]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-7 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-28 113120]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-22 20:29:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-07-22 18:42:03 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-22 18:33:55 -------- d-----w- C:\Windows\pss

2012-07-22 18:09:52 -------- d-----w- C:\Users\Micah\AppData\Local\ElevatedDiagnostics

2012-07-20 23:29:23 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-18 23:08:43 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A86D56EB-92DB-4A3D-88D1-54FE114411FB}\offreg.dll

2012-07-17 19:51:26 -------- d-----w- C:\ProgramData\Age of Empires 3

2012-07-17 16:49:48 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A86D56EB-92DB-4A3D-88D1-54FE114411FB}\mpengine.dll

2012-07-17 00:38:46 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive

2012-07-17 00:36:40 -------- d-----w- C:\Users\Micah\AppData\Local\ArmA 2

2012-07-17 00:29:50 -------- d-----w- C:\Users\Micah\AppData\Local\ArmA 2 OA

2012-07-17 00:21:45 -------- d-----w- C:\Users\Micah\AppData\Roaming\six-updater

2012-07-17 00:21:44 -------- d-----w- C:\Users\Micah\AppData\Roaming\six-zsync

2012-07-17 00:21:09 -------- d-----w- C:\Program Files (x86)\SIX Projects

2012-07-17 00:20:18 -------- d-----w- C:\Users\Micah\AppData\Local\Downloaded Installations

2012-07-11 09:02:59 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 01:00:32 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs

2012-07-06 00:19:49 21656 ----a-w- C:\Windows\System32\drivers\evolve.sys

2012-07-06 00:19:12 -------- d-----w- C:\Program Files\Echobit

2012-07-06 00:18:25 -------- d-----w- C:\ProgramData\Echobit

2012-07-06 00:18:10 -------- d-----w- C:\Users\Micah\AppData\Local\Echobit

2012-07-05 22:31:18 -------- d-----w- C:\Users\Micah\AppData\Local\My Games

2012-07-05 22:31:00 -------- d-----w- C:\ProgramData\REVOLT

2012-07-05 22:17:07 -------- d-----w- C:\Program Files (x86)\Games

2012-07-01 17:21:15 -------- d-----w- C:\Users\Micah\AppData\Roaming\Carbon

2012-07-01 00:12:00 -------- d-----w- C:\Users\Micah\AppData\Local\Harvest

2012-06-30 20:26:11 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys

2012-06-30 20:26:11 -------- d-----w- C:\Program Files\CPUID

2012-06-28 20:25:11 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

.

==================== Find3M ====================

.

2012-07-04 04:35:18 6656 ----a-w- C:\Windows\System32\lpcio.dll

2012-07-03 19:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-15 20:05:48 627600 ----a-w- C:\Windows\System32\deployJava1.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 18:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 22:12:25.78 ===============

Thanks for any help, im actually really worried about this one.

[Maniac]

Hello Comminuo! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[Comminuo]

Extras:

OTL Extras logfile created on: 7/24/2012 5:11:23 PM - Run 1

OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Micah\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 72.48% Memory free

7.87 Gb Paging File | 6.60 Gb Available in Paging File | 83.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 78.49 Gb Free Space | 16.86% Space Free | Partition Type: NTFS

Computer Name: MICAH-PC | User Name: Micah | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java 7 (64-bit)

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{670B1B49-9FD3-4827-9B41-471EFF580AA8}" = Evolve

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"CPUID HWMonitorPro_is1" = CPUID HWMonitor Pro 1.13

"MAXON8C02D5E0" = CINEMA 4D 12.016

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"PROSetDX" = Intel® Network Connections 15.3.68.0

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar

"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater

"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend

"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service

"{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant

"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer

"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries

"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6B76A0FE-4D7F-4BCE-8BD1-D61CAB936D40}_is1" = Beat Hazard 1.3s

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76A232AF-B7D6-41A4-B795-6B355E6D32B1}" = Tom Clancy's H.A.W.X. 2

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding

"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common

"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser

"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood

"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection

"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static

"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa

"{E3F2803C-B6FA-4D36-8CFE-A8AE92683E92}" = XSplit

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.04.8007

"Adobe AIR" = Adobe AIR

"BattlEye for OA" = BattlEye for OA Uninstall

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Cheat Engine 6.1_is1" = Cheat Engine 6.1

"Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings

"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story

"com.adobe.dmp.contentviewer" = Adobe Content Viewer

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser

"com.amazon.music.uploader" = Amazon MP3 Uploader

"DAEMON Tools Lite" = DAEMON Tools Lite

"Diablo III" = Diablo III

"Fallout New Vegas_is1" = Fallout New Vegas

"GOM Encoder" = GOM Encoder

"GOM Player" = GOM Player

"Google Chrome" = Google Chrome

"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"Intel AppUp(SM) center 13747" = Intel AppUp(SM) center

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"mIRC" = mIRC

"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Notepad++" = Notepad++

"PowerISO" = PowerISO

"PunkBusterSvc" = PunkBuster Services

"StarCraft II" = StarCraft II

"Steam App 105450" = Age of Empires® III: Complete Collection

"Steam App 12900" = Audiosurf

"Steam App 15400" = Harvest: Massive Encounter

"Steam App 17510" = Age of Chivalry

"Steam App 204340" = Serious Sam 2

"Steam App 204350" = Serious Sam 2 Editor

"Steam App 206500" = AirMech

"Steam App 240" = Counter-Strike: Source

"Steam App 24790" = Command and Conquer 3: Tiberium Wars

"Steam App 29720" = Guild Wars

"Steam App 33900" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Steam App 4000" = Garry's Mod

"Steam App 40100" = Supreme Commander 2

"Steam App 440" = Team Fortress 2

"Steam App 47700" = Command and Conquer 4: Tiberian Twilight

"Steam App 92200" = Gundemonium Recollection

"Steam App 92210" = Hitogata Happa

"Steam App 92220" = GundeadliGne

"TeamViewer 6" = TeamViewer 6

"Tibia_is1" = Tibia

"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar

"VLC media player" = VideoLAN VLC media player 0.8.6f

"Windows Searchqu Toolbar" = Windows iLivid Toolbar

"World of Warcraft" = World of Warcraft

"World of Warcraft Public Test" = World of Warcraft Public Test

"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"blinkx beat" = blinkx beat

"Guild Wars" = Guild Wars

"Spotify" = Spotify

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/22/2012 2:38:52 PM | Computer Name = Micah-PC | Source = Windows Search Service | ID = 3058

Description =

Error - 7/22/2012 2:38:52 PM | Computer Name = Micah-PC | Source = Windows Search Service | ID = 7010

Description =

Error - 7/22/2012 4:29:38 PM | Computer Name = Micah-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SUPERAntiSpyware.exe, version: 5.5.0.1012,

time stamp: 0x4fd23bae Faulting module name: SUPERAntiSpyware.exe, version: 5.5.0.1012,

time stamp: 0x4fd23bae Exception code: 0xc0000005 Fault offset: 0x00078cd8 Faulting

process id: 0x1224 Faulting application start time: 0x01cd6848b06fe6c8 Faulting application

path: C:\Users\Micah\Downloads\SUPERAntiSpyware.exe Faulting module path: C:\Users\Micah\Downloads\SUPERAntiSpyware.exe

Report

Id: f4a74fe3-d43b-11e1-a515-00270e08434d

Error - 7/22/2012 5:14:03 PM | Computer Name = Micah-PC | Source = Application Hang | ID = 1002

Description = The program spotify.exe version 0.8.4.93 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 830 Start

Time: 01cd684ea96b3ff3 Termination Time: 0 Application Path: C:\Users\Micah\AppData\Roaming\Spotify\spotify.exe

Report

Id:

Error - 7/22/2012 5:31:27 PM | Computer Name = Micah-PC | Source = Application Hang | ID = 1002

Description = The program EvolveClient.exe version 0.9.49.0 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: ab4 Start

Time: 01cd685105d00b4e Termination Time: 16 Application Path: C:\Program Files\Echobit\Evolve\EvolveClient.exe

Report

Id:

Error - 7/22/2012 5:31:29 PM | Computer Name = Micah-PC | Source = Application Hang | ID = 1002

Description = The program spotify.exe version 0.8.4.93 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 960 Start

Time: 01cd685102f0821a Termination Time: 0 Application Path: C:\Users\Micah\AppData\Roaming\Spotify\spotify.exe

Report

Id:

Error - 7/23/2012 3:31:28 AM | Computer Name = Micah-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\Cultures\XSplitBroadcasterSrc.exe".

Dependent

Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not

be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/23/2012 3:31:51 AM | Computer Name = Micah-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 7/24/2012 1:58:17 AM | Computer Name = Micah-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,

time stamp: 0x4d672ee4 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514,

time stamp: 0x4ce7c9ab Exception code: 0xc0000005 Fault offset: 0x0000000000011c66

Faulting

process id: 0x63c Faulting application start time: 0x01cd6850fcff72cb Faulting application

path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHLWAPI.dll

Report

Id: 8feed8ef-d554-11e1-a2dd-00270e08434d

Error - 7/24/2012 1:59:29 AM | Computer Name = Micah-PC | Source = Application Error | ID = 1000

Description = Faulting application name: services.exe, version: 6.1.7600.16385,

time stamp: 0x4a5bc10e Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4

Faulting

process id: 0x294 Faulting application start time: 0x01cd6850fa5b6bfd Faulting application

path: C:\Windows\system32\services.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: bac21994-d554-11e1-a2dd-00270e08434d

[ Media Center Events ]

Error - 1/10/2012 5:14:49 PM | Computer Name = Micah-PC | Source = MCUpdate | ID = 0

Description = 2:14:47 PM - Error connecting to the internet. 2:14:47 PM - Unable

to contact server..

Error - 1/18/2012 10:17:27 PM | Computer Name = Micah-PC | Source = MCUpdate | ID = 0

Description = 7:17:27 PM - Error connecting to the internet. 7:17:27 PM - Unable

to contact server..

Error - 1/18/2012 10:17:43 PM | Computer Name = Micah-PC | Source = MCUpdate | ID = 0

Description = 7:17:33 PM - Error connecting to the internet. 7:17:33 PM - Unable

to contact server..

[ System Events ]

Error - 7/22/2012 5:28:59 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 7/22/2012 5:28:59 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 7/22/2012 5:28:59 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 7/24/2012 2:01:27 AM | Computer Name = Micah-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 11:58:56 PM on ?7/?23/?2012 was unexpected.

Error - 7/24/2012 2:01:34 AM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 7/24/2012 2:01:34 AM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 7/24/2012 2:01:34 AM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 7/24/2012 7:08:54 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 7/24/2012 7:08:57 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 7/24/2012 7:08:57 PM | Computer Name = Micah-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

< End of report >

[Comminuo]

OTL:

OTL logfile created on: 7/24/2012 5:11:23 PM - Run 1

OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Micah\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 72.48% Memory free

7.87 Gb Paging File | 6.60 Gb Available in Paging File | 83.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 78.49 Gb Free Space | 16.86% Space Free | Partition Type: NTFS

Computer Name: MICAH-PC | User Name: Micah | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 17:11:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Micah\Downloads\OTL.exe

PRC - [2012/07/09 22:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2011/11/20 19:25:50 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2010/04/15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/04/15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2008/10/16 18:07:40 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/09 22:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll

MOD - [2012/07/09 22:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll

MOD - [2012/07/09 22:07:39 | 000,554,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libglesv2.dll

MOD - [2012/07/09 22:07:37 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libegl.dll

MOD - [2012/07/09 22:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avutil-51.dll

MOD - [2012/07/09 22:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avformat-54.dll

MOD - [2012/07/09 22:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll

MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/05 18:19:46 | 001,511,448 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- C:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc)

SRV:64bit: - [2010/07/06 19:50:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/06/28 17:59:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/06/24 12:42:01 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2012/06/21 20:05:18 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/11/20 19:25:50 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2010/04/15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/04/15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 18:19:48 | 000,021,656 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\evolve.sys -- (EvolveVirtualAdapter)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2011/06/15 02:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2011/05/18 21:35:26 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/07/06 19:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/04/06 00:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)

DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111111040608623&tb_oid=11-11-2011&tb_mrud=11-11-2011

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=UT2V5&o=15150&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=UF&apn_dtid=YYYYYYYYUS&apn_uid=2E4CA80E-38C4-4FD7-83B7-CCA03A42326F&apn_sauid=293B1D0E-F345-48D2-8AEB-7940076A3213

IE - HKCU\..\SearchScopes\{574001d0-46db-44fa-be94-a5ab296994c6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111111040608623&tb_oid=11-11-2011&tb_mrud=11-11-2011

IE - HKCU\..\SearchScopes\{9001ECE5-27F9-7260-292B-CF945347FC97}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111222&iesrc={referrer:source}

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb59/?search={searchTerms}&loc=search_box&u=92823324915422168

IE - HKCU\..\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}: "URL" = http://dm.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z055&partner_id=195&product_id=611&affiliate_id=&channel=dm6&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110628&user_guid=2D10838BC3964C0F9867120F8EC5750C&machine_id=da9196787082f2de2f19d63dbb776686&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "AOL Search"

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.order.2: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: contact@drpepper.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.7.3

FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9

FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/05/23 21:10:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/28 16:08:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/28 17:59:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 12:31:44 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/28 17:59:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 12:31:44 | 000,000,000 | ---D | M]

[2011/11/13 19:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micah\AppData\Roaming\Mozilla\Extensions

[2012/07/22 12:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions

[2010/08/10 13:04:17 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}

[2012/07/17 16:02:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

[2011/11/13 19:03:21 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011/03/13 12:44:05 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}

[2011/03/30 09:40:02 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\battlefieldplay4free@ea.com

[2012/07/13 00:00:16 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\btpersonas@brandthunder.com

[2011/03/06 11:29:33 | 000,000,000 | ---D | M] (Nothing Like It! for Facebook) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\contact@drpepper.com

[2011/11/13 22:56:41 | 000,002,342 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\aol-search.xml

[2011/06/10 14:50:04 | 000,002,397 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\askcom.xml

[2011/12/21 20:35:00 | 000,001,945 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\bing-zugo.xml

[2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\conduit.xml

[2011/05/18 21:35:08 | 000,002,055 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\daemon-search.xml

[2011/11/13 19:05:50 | 000,002,207 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\MyStart Search.xml

[2011/11/13 19:03:19 | 000,002,519 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\Search_Results.xml

[2012/03/11 19:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/28 17:59:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/27 10:06:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/05/17 23:00:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

[2011/11/13 19:03:19 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012/05/17 23:00:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28120EA2-1571-41F7-9E5F-7A5A50040511}: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{98a1b17e-bc5e-11e0-a4d1-00270e08434d}\Shell - "" = AutoRun

O33 - MountPoints2\{98a1b17e-bc5e-11e0-a4d1-00270e08434d}\Shell\AutoRun\command - "" = G:\setup.exe

O33 - MountPoints2\{e7451973-be19-11e0-b39b-00270e08434d}\Shell - "" = AutoRun

O33 - MountPoints2\{e7451973-be19-11e0-b39b-00270e08434d}\Shell\AutoRun\command - "" = H:\autorun.exe

O33 - MountPoints2\{fc892deb-b7b9-11e0-9aaf-00270e08434d}\Shell - "" = AutoRun

O33 - MountPoints2\{fc892deb-b7b9-11e0-9aaf-00270e08434d}\Shell\AutoRun\command - "" = F:\steambackup2.EXE

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\steambackup2.EXE

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 22:07:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/07/23 20:33:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Micah\Desktop\dds.com

[2012/07/22 14:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/07/22 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/07/22 12:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/07/22 12:33:55 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/07/22 12:09:52 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\ElevatedDiagnostics

[2012/07/20 17:29:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/20 17:22:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/07/17 13:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3

[2012/07/16 18:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive

[2012/07/16 18:36:40 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\ArmA 2

[2012/07/16 18:36:37 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012/07/16 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012/07/16 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\ArmA 2 OA

[2012/07/16 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Micah\Documents\ArmA 2

[2012/07/16 18:21:45 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\six-updater

[2012/07/16 18:21:44 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\six-zsync

[2012/07/16 18:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects

[2012/07/16 18:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects

[2012/07/16 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\Downloaded Installations

[2012/07/10 19:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit

[2012/07/10 19:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs

[2012/07/09 17:54:43 | 000,000,000 | ---D | C] -- C:\Users\Micah\Desktop\AGE OF EMPIRES III + SERIAL

[2012/07/05 18:19:49 | 000,021,656 | ---- | C] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys

[2012/07/05 18:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Echobit

[2012/07/05 18:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Echobit

[2012/07/05 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\Echobit

[2012/07/05 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\My Games

[2012/07/05 16:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT

[2012/07/05 16:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Civilization.V.GOTY.incl.Gods.and.Kings

[2012/07/05 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games

[2012/07/03 15:36:54 | 000,000,000 | ---D | C] -- C:\Users\Micah\Desktop\c.v.gods.and.kings

[2012/07/02 00:38:06 | 000,000,000 | ---D | C] -- C:\Users\Micah\Desktop\Folders

[2012/07/01 11:21:15 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\Carbon

[2012/06/30 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\Harvest

[2012/06/30 14:26:11 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys

[2012/06/30 14:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

[2012/06/30 14:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

[2012/06/28 14:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2012/06/28 14:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 17:16:16 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/24 17:16:16 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/24 17:16:01 | 000,792,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/24 17:16:01 | 000,669,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/24 17:16:01 | 000,125,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/24 17:08:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/24 17:08:36 | 3168,821,248 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/23 22:07:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/07/23 22:07:45 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/07/23 20:33:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Micah\Desktop\dds.com

[2012/07/22 12:56:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/22 12:37:52 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/22 12:37:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/22 12:31:16 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl

[2012/07/22 11:49:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/07/18 19:50:45 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk

[2012/07/18 19:50:45 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk

[2012/07/17 15:56:27 | 002,666,499 | ---- | M] () -- C:\Users\Micah\Desktop\GLHF.JPG

[2012/07/17 14:29:51 | 000,000,222 | ---- | M] () -- C:\Users\Micah\Desktop\Age of Empires III Complete Collection.url

[2012/07/14 20:34:34 | 000,227,563 | ---- | M] () -- C:\Users\Micah\Desktop\1342311091803.gif

[2012/07/14 20:06:59 | 000,094,755 | ---- | M] () -- C:\Users\Micah\Desktop\Capture.JPG

[2012/07/14 18:23:30 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\ARMA 2.url

[2012/07/14 18:23:30 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\ARMA 2 Operation Arrowhead.url

[2012/07/12 14:14:15 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/07/11 16:18:31 | 001,019,155 | ---- | M] () -- C:\Users\Micah\Desktop\Capture.PNG

[2012/07/11 03:20:26 | 004,831,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/05 18:19:55 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Evolve.lnk

[2012/07/05 18:19:48 | 000,021,656 | ---- | M] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys

[2012/07/05 16:23:05 | 000,001,334 | ---- | M] () -- C:\Users\Micah\Desktop\Civilization.V.GOTY.incl.Gods.and.Kings.lnk

[2012/07/04 19:28:50 | 000,044,547 | ---- | M] () -- C:\Users\Micah\Desktop\Bitchtitsleaving.PNG

[2012/07/03 22:42:50 | 000,305,443 | ---- | M] () -- C:\Users\Micah\Desktop\background.PNG

[2012/07/03 22:35:18 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\lpcio.dll

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/06/30 17:52:45 | 000,000,189 | ---- | M] () -- C:\Users\Micah\Desktop\AirMech.url

[2012/06/30 17:52:22 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\Hitogata Happa.url

[2012/06/30 17:52:22 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\Gundemonium Recollection.url

[2012/06/30 17:52:22 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\GundeadliGne.url

[2012/06/30 17:51:04 | 000,000,222 | ---- | M] () -- C:\Users\Micah\Desktop\Serious Sam 2.url

[2012/06/30 17:51:04 | 000,000,202 | ---- | M] () -- C:\Users\Micah\Desktop\Serious Sam 2 Editor.url

[2012/06/30 17:50:21 | 000,000,221 | ---- | M] () -- C:\Users\Micah\Desktop\Harvest Massive Encounter.url

[2012/06/30 14:26:11 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitorPro.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/24 00:02:27 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@

[2012/07/22 15:13:11 | 000,232,960 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@

[2012/07/22 15:13:10 | 000,092,160 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@

[2012/07/22 15:13:10 | 000,080,896 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@

[2012/07/22 15:13:10 | 000,000,804 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@

[2012/07/22 15:13:09 | 000,016,896 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@

[2012/07/22 15:13:09 | 000,002,048 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@

[2012/07/22 15:13:09 | 000,001,632 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@

[2012/07/22 12:56:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/22 12:31:16 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl

[2012/07/20 17:23:36 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@

[2012/07/20 17:23:36 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@

[2012/07/20 17:23:22 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@

[2012/07/20 17:23:21 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@

[2012/07/20 17:23:08 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@

[2012/07/20 17:23:07 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@

[2012/07/17 15:58:02 | 002,666,499 | ---- | C] () -- C:\Users\Micah\Desktop\GLHF.JPG

[2012/07/16 20:33:09 | 000,000,222 | ---- | C] () -- C:\Users\Micah\Desktop\Age of Empires III Complete Collection.url

[2012/07/16 18:21:14 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk

[2012/07/16 18:21:14 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk

[2012/07/14 20:34:40 | 000,227,563 | ---- | C] () -- C:\Users\Micah\Desktop\1342311091803.gif

[2012/07/14 20:06:59 | 000,094,755 | ---- | C] () -- C:\Users\Micah\Desktop\Capture.JPG

[2012/07/14 18:23:30 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\ARMA 2.url

[2012/07/14 18:23:30 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\ARMA 2 Operation Arrowhead.url

[2012/07/11 16:18:21 | 001,019,155 | ---- | C] () -- C:\Users\Micah\Desktop\Capture.PNG

[2012/07/05 18:19:55 | 000,002,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk

[2012/07/05 18:19:55 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Evolve.lnk

[2012/07/05 16:23:05 | 000,001,334 | ---- | C] () -- C:\Users\Micah\Desktop\Civilization.V.GOTY.incl.Gods.and.Kings.lnk

[2012/07/04 19:28:50 | 000,044,547 | ---- | C] () -- C:\Users\Micah\Desktop\Bitchtitsleaving.PNG

[2012/07/03 22:42:50 | 000,305,443 | ---- | C] () -- C:\Users\Micah\Desktop\background.PNG

[2012/06/30 17:52:45 | 000,000,189 | ---- | C] () -- C:\Users\Micah\Desktop\AirMech.url

[2012/06/30 17:52:22 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\Hitogata Happa.url

[2012/06/30 17:52:22 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\Gundemonium Recollection.url

[2012/06/30 17:52:22 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\GundeadliGne.url

[2012/06/30 17:51:04 | 000,000,222 | ---- | C] () -- C:\Users\Micah\Desktop\Serious Sam 2.url

[2012/06/30 17:51:04 | 000,000,202 | ---- | C] () -- C:\Users\Micah\Desktop\Serious Sam 2 Editor.url

[2012/06/30 17:50:21 | 000,000,221 | ---- | C] () -- C:\Users\Micah\Desktop\Harvest Massive Encounter.url

[2012/06/30 14:26:11 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitorPro.lnk

[2012/06/14 23:46:49 | 000,483,013 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak

[2012/03/20 16:37:11 | 000,033,633 | ---- | C] () -- C:\Users\Micah\AppData\Roaming\UserTile.png

[2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@

[2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@

[2011/12/21 19:14:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/08/06 22:38:35 | 000,000,000 | ---- | C] () -- C:\Users\Micah\AppData\Local\{D3F5262B-4CB4-435D-9D14-3E2A813D677E}

[2011/06/28 00:01:37 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/06/28 00:01:37 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/06/07 19:29:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/05/07 17:04:26 | 000,007,597 | ---- | C] () -- C:\Users\Micah\AppData\Local\Resmon.ResmonCfg

[2011/03/30 10:03:07 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/03/30 10:03:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/11/05 21:04:36 | 000,000,093 | ---- | C] () -- C:\Users\Micah\AppData\Local\fusioncache.dat

[2010/11/05 21:01:25 | 000,786,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/08/16 18:07:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/06/21 22:08:27 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\.minecraft

[2012/07/01 11:21:15 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Carbon

[2011/05/23 21:28:46 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.adobe.dmp.contentviewer

[2011/05/18 21:13:40 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/12/25 14:08:24 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.amazon.music.uploader

[2011/02/26 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Command & Conquer 3 Tiberium Wars

[2011/02/26 21:55:03 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Command and Conquer 4

[2012/07/22 11:51:42 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\DAEMON Tools Lite

[2010/09/03 23:14:32 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\FinalTorrent

[2011/05/05 18:11:54 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\GetRightToGo

[2011/09/01 19:38:06 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LolClient

[2012/05/27 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LolClient2

[2012/03/10 14:15:25 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LOVE

[2011/08/01 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\MAXON

[2011/07/03 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Notepad++

[2011/01/31 18:53:24 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\PC Cleaner

[2011/11/20 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\PunkBuster

[2012/07/16 18:22:27 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\six-updater

[2012/07/16 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\six-zsync

[2012/02/01 18:42:37 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SplitMediaLabs

[2011/08/05 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SPORE

[2012/07/22 22:50:11 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Spotify

[2011/08/14 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SystemRequirementsLab

[2011/08/01 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\TeamViewer

[2011/08/17 12:19:05 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Tibia

[2012/07/22 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\TS3Client

[2012/07/23 22:10:48 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\uTorrent

[2011/07/13 23:07:23 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E41EAF13

< End of report >

[Comminuo]

Also, any Utorrent files or the like should be ignored, i uninstalled the program a while ago, but those particular files must have stayed i suppose.

[Maniac]

Step 1

Please uninstall the following applications:

uTorrentControl2 Toolbar

Windows iLivid Toolbar

Step 2

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
  IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
  IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
  IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
  IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
  IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=UT2V5&o=15150&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=UF&apn_dtid=YYYYYYYYUS&apn_uid=2E4CA80E-38C4-4FD7-83B7-CCA03A42326F&apn_sauid=293B1D0E-F345-48D2-8AEB-7940076A3213
  IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
  IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
  IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
  IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb59/?search={searchTerms}&loc=search_box&u=92823324915422168
  IE - HKCU\..\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}: "URL" = http://dm.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z055&partner_id=195&product_id=611&affiliate_id=&channel=dm6&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110628&user_guid=2D10838BC3964C0F9867120F8EC5750C&machine_id=da9196787082f2de2f19d63dbb776686&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
  FF - prefs.js..browser.search.defaultengine: "Ask.com"
  FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
  FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
  FF - prefs.js..browser.search.order.1: "Search Results"
  FF - prefs.js..browser.search.order.2: ""
  FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
  [2012/07/17 16:02:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
  [2011/11/13 19:03:21 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
  [2011/06/10 14:50:04 | 000,002,397 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\askcom.xml
  [2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\conduit.xml
  [2011/05/18 21:35:08 | 000,002,055 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\daemon-search.xml
  [2011/11/13 19:05:50 | 000,002,207 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\MyStart Search.xml
  [2011/11/13 19:03:19 | 000,002,519 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\Search_Results.xml
  [2011/11/13 19:03:19 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
  O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
  O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
  O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
  O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
  O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
  [2012/07/24 00:02:27 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@
  [2012/07/22 15:13:11 | 000,232,960 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@
  [2012/07/22 15:13:10 | 000,092,160 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@
  [2012/07/22 15:13:10 | 000,080,896 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@
  [2012/07/22 15:13:10 | 000,000,804 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@
  [2012/07/22 15:13:09 | 000,016,896 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@
  [2012/07/22 15:13:09 | 000,002,048 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@
  [2012/07/22 15:13:09 | 000,001,632 | ---- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@
  [2012/07/20 17:23:36 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@
  [2012/07/20 17:23:36 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@
  [2012/07/20 17:23:22 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@
  [2012/07/20 17:23:21 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@
  [2012/07/20 17:23:08 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@
  [2012/07/20 17:23:07 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@
  [2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@
  [2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@
  [2010/09/03 23:14:32 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\FinalTorrent
  @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E41EAF13
  
  :files
  C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}
  C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}
  C:\Program Files (x86)\Windows iLivid Toolbar
  ipconfig /flushdns /c
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[Comminuo]

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{03402f96-3dc7-4285-bc50-9e81fefafe43} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}\ not found.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "Search Results" removed from browser.search.order.1

Prefs.js: "" removed from browser.search.order.2

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.

Folder C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\askcom.xml moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\conduit.xml moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\daemon-search.xml moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\MyStart Search.xml moved successfully.

C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\Search_Results.xml moved successfully.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@ moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@ moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@ moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@ moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ moved successfully.

C:\Users\Micah\AppData\Roaming\FinalTorrent folder moved successfully.

ADS C:\ProgramData\TEMP:E41EAF13 deleted successfully.

========== FILES ==========

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} scheduled to be moved on reboot.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L folder moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc} folder moved successfully.

File\Folder C:\Program Files (x86)\Windows iLivid Toolbar not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Micah\Downloads\cmd.bat deleted successfully.

C:\Users\Micah\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mcx1-MICAH-PC

->Temp folder emptied: 516 bytes

->Temporary Internet Files folder emptied: 1344569 bytes

->Flash cache emptied: 56502 bytes

User: Micah

->Temp folder emptied: 1864495 bytes

->Temporary Internet Files folder emptied: 49023139 bytes

->Java cache emptied: 16661476 bytes

->FireFox cache emptied: 66942184 bytes

->Google Chrome cache emptied: 322717638 bytes

->Flash cache emptied: 3174152 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10304207 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 450.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.1 log created on 07252012_174243

Files\Folders moved on Reboot...

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} folder moved successfully.

C:\Users\Micah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} not found!

File C:\Users\Micah\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

[Maniac]

Good!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Comminuo]

ComboFix 12-07-27.02 - Micah 07/26/2012 20:33:22.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2331 [GMT -6:00]

Running from: c:\users\Micah\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\Blinkx

c:\program files (x86)\Blinkx\blinkx.ico

c:\program files (x86)\Blinkx\blinkxss.exe

c:\program files (x86)\Blinkx\blinkxstop.exe

c:\program files (x86)\Blinkx\lang.dll

c:\program files (x86)\Blinkx\templates\beat.ico

c:\program files (x86)\Blinkx\templates\index.html

c:\program files (x86)\Blinkx\templates\noflash.html

c:\program files (x86)\Blinkx\templates\offline.html

c:\program files (x86)\Blinkx\templates\offline.swf

c:\program files (x86)\Blinkx\templates\uninstall.exe

c:\users\Micah\AppData\Roaming\Love

c:\users\Micah\AppData\Roaming\Love\mari0\options.txt

c:\users\Micah\AppData\Roaming\mIRC\logs\status.log

c:\users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\bing-zugo.xml

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))

.

.

2012-07-27 02:41 . 2012-07-27 02:41 -------- d-----w- c:\users\Mcx1-MICAH-PC\AppData\Local\temp

2012-07-27 02:41 . 2012-07-27 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-26 06:11 . 2012-07-26 06:11 -------- d-----w- c:\users\Micah\AppData\Local\SIX_Projects

2012-07-25 23:42 . 2012-07-25 23:42 -------- d-----w- C:\_OTL

2012-07-22 20:29 . 2012-07-24 04:08 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-22 18:42 . 2012-07-22 18:42 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-22 18:09 . 2012-07-22 18:10 -------- d-----w- c:\users\Micah\AppData\Local\ElevatedDiagnostics

2012-07-20 23:29 . 2012-07-20 23:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-20 23:22 . 2012-07-20 23:22 -------- d-----w- c:\windows\Sun

2012-07-18 23:08 . 2012-07-18 23:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A86D56EB-92DB-4A3D-88D1-54FE114411FB}\offreg.dll

2012-07-17 19:51 . 2012-07-17 19:51 -------- d-----w- c:\programdata\Age of Empires 3

2012-07-17 16:49 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A86D56EB-92DB-4A3D-88D1-54FE114411FB}\mpengine.dll

2012-07-17 00:38 . 2012-07-17 00:38 -------- d-----w- c:\program files (x86)\Bohemia Interactive

2012-07-17 00:36 . 2012-07-25 01:20 -------- d-----w- c:\users\Micah\AppData\Local\ArmA 2

2012-07-17 00:29 . 2012-07-26 06:32 -------- d-----w- c:\users\Micah\AppData\Local\ArmA 2 OA

2012-07-17 00:21 . 2012-07-26 06:36 -------- d-----w- c:\users\Micah\AppData\Roaming\six-updater

2012-07-17 00:21 . 2012-07-17 00:21 -------- d-----w- c:\users\Micah\AppData\Roaming\six-zsync

2012-07-17 00:21 . 2012-07-17 00:21 -------- d-----w- c:\program files (x86)\SIX Projects

2012-07-17 00:20 . 2012-07-26 03:22 -------- d-----w- c:\users\Micah\AppData\Local\Downloaded Installations

2012-07-11 09:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 01:00 . 2012-07-11 01:00 -------- d-----w- c:\program files (x86)\SplitMediaLabs

2012-07-06 00:19 . 2012-07-06 00:19 21656 ----a-w- c:\windows\system32\drivers\evolve.sys

2012-07-06 00:19 . 2012-07-06 00:19 -------- d-----w- c:\program files\Echobit

2012-07-06 00:18 . 2012-07-06 00:18 -------- d-----w- c:\programdata\Echobit

2012-07-06 00:18 . 2012-07-06 00:18 -------- d-----w- c:\users\Micah\AppData\Local\Echobit

2012-07-05 22:31 . 2012-07-05 22:31 -------- d-----w- c:\users\Micah\AppData\Local\My Games

2012-07-05 22:31 . 2012-07-05 22:31 -------- d-----w- c:\programdata\REVOLT

2012-07-05 22:17 . 2012-07-05 22:17 -------- d-----w- c:\program files (x86)\Games

2012-07-01 17:21 . 2012-07-01 17:21 -------- d-----w- c:\users\Micah\AppData\Roaming\Carbon

2012-07-01 00:12 . 2012-07-01 00:12 -------- d-----w- c:\users\Micah\AppData\Local\Harvest

2012-06-30 20:26 . 2012-06-30 20:26 -------- d-----w- c:\program files\CPUID

2012-06-30 20:26 . 2011-09-21 16:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys

2012-06-28 20:25 . 2012-06-28 20:25 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 09:01 . 2010-08-09 16:19 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-04 04:35 . 2011-08-13 19:22 6656 ----a-w- c:\windows\system32\lpcio.dll

2012-07-03 19:46 . 2010-11-27 19:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-15 20:05 . 2012-06-15 20:06 627600 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-15 20:05 . 2012-06-15 20:06 252296 ----a-w- c:\windows\system32\javaws.exe

2012-06-15 20:05 . 2012-06-15 20:06 188808 ----a-w- c:\windows\system32\javaw.exe

2012-06-15 20:05 . 2012-06-15 20:06 188808 ----a-w- c:\windows\system32\java.exe

2012-06-02 22:19 . 2012-06-21 17:52 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 17:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 17:53 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 17:53 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 17:52 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 17:53 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 17:52 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-06-21 17:52 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:15 . 2012-06-21 17:52 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 18:25 . 2010-08-09 16:17 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-15 04:01 . 2012-06-12 21:11 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:59 . 2012-06-12 21:11 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:03 . 2012-06-12 21:11 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-04 11:06 . 2012-06-12 21:09 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-12 21:09 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-12 21:09 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-12 21:09 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-12 21:07 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]

"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2008-10-17 147456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]

R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe [2012-07-06 1511448]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-28 113120]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-09 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-19 254528]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 203264]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-04-16 2533400]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]

S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-07-06 21656]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 01:28]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 01:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-08 10810912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\system32\blank.htm

FF - ProfilePath - c:\users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

AddRemove-blinkx beat - c:\program files (x86)\Blinkx\templates\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2932929639-738542622-1971861260-1000\Software\SecuROM\License information*]

"datasecu"=hex:c2,8b,da,76,fe,99,2f,ca,53,92,1b,ee,8c,f2,b3,a0,47,f9,9e,4b,68,

58,09,b6,0d,c1,88,58,3d,81,0e,b6,ea,9e,46,57,8e,26,19,6c,76,21,0a,f9,dc,12,\

"rkeysecu"=hex:fc,02,5e,37,53,b7,52,5d,1d,e7,59,c6,a6,3e,ba,ae

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-07-26 20:47:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-27 02:47

.

Pre-Run: 81,126,363,136 bytes free

Post-Run: 80,988,528,640 bytes free

.

- - End Of File - - A5BC925C9D6F826A05BE275CFDB5F19E

[Maniac]

Good!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[Comminuo]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5bc4185c2844c843a7522ceec5bd51f8

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-29 03:35:09

# local_time=2012-07-28 09:35:09 (-0700, Mountain Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 458567 458567 0 0

# compatibility_mode=5893 16776574 100 94 62102 95070940 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=358310

# found=16

# cleaned=16

# scan_time=5418

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Micah\Downloads\ActivePcOptimizer.exe a variant of Win32/Adware.RegistryMum application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Micah\Downloads\cnet2_PowerISO48_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Micah\Downloads\FinalTorrent2010Setup.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Micah\Downloads\pc-cleaner.exe a variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Micah\Downloads\tinyword.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Micah\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07252012_174243\C_Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07252012_174243\C_Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07252012_174243\C_Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07252012_174243\C_Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07252012_174243\C_Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07252012_174243\C_Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07252012_174243\C_Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[Maniac]

Good!

How are things now?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[Maurice Naggar]

Topic is re-opened, per request.

[Comminuo]

Okay, thanks again Maniac, sorry to bother you with this, but yet again, im showing signs of the same problem as before, if you need a new log, im more than happy to give that to you, thanks again for your time.

[Maniac]

If you follow my instructions to the end and take some preventions, you shouldn't be here. Please stay with me this time!

Please generate a new fresh OTL log files.

[Comminuo]

OTL logfile created on: 8/18/2012 9:11:53 PM - Run 2

OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Micah\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 3.14 Gb Available Physical Memory | 79.68% Memory free

7.87 Gb Paging File | 6.44 Gb Available in Paging File | 81.84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 53.17 Gb Free Space | 11.42% Space Free | Partition Type: NTFS

Computer Name: MICAH-PC | User Name: Micah | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 12:02:50 | 001,193,176 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/07/24 17:11:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Micah\Downloads\OTL.exe

PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2011/11/20 19:25:50 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2010/04/15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/04/15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2008/10/16 18:07:40 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/10 12:02:50 | 001,193,176 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/05 18:19:46 | 001,511,448 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- C:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc)

SRV:64bit: - [2010/07/06 19:50:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/07/26 21:05:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/12 13:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/06/21 20:05:18 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/11/20 19:25:50 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2010/04/15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/04/15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 18:19:48 | 000,021,656 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\evolve.sys -- (EvolveVirtualAdapter)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2011/06/15 02:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2011/05/18 21:35:26 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/07/06 19:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/04/06 00:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)

DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111111040608623&tb_oid=11-11-2011&tb_mrud=11-11-2011

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\SearchScopes\{574001d0-46db-44fa-be94-a5ab296994c6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111111040608623&tb_oid=11-11-2011&tb_mrud=11-11-2011

IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\SearchScopes\{9001ECE5-27F9-7260-292B-CF945347FC97}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111222&iesrc={referrer:source}

IE - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: "AOL Search"

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.order.2: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: contact@drpepper.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.7.3

FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9

FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/05/23 21:10:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/28 16:08:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/26 21:05:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 12:31:44 | 000,000,000 | ---D | M]

[2012/07/25 17:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micah\AppData\Roaming\Mozilla\Extensions

[2012/08/10 13:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions

[2010/08/10 13:04:17 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}

[2011/03/13 12:44:05 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}

[2011/03/30 09:40:02 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\battlefieldplay4free@ea.com

[2012/08/10 13:22:02 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\btpersonas@brandthunder.com

[2011/03/06 11:29:33 | 000,000,000 | ---D | M] (Nothing Like It! for Facebook) -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\extensions\contact@drpepper.com

[2011/11/13 22:56:41 | 000,002,342 | ---- | M] () -- C:\Users\Micah\AppData\Roaming\Mozilla\Firefox\Profiles\lwvu7ggk.default\searchplugins\aol-search.xml

[2012/08/04 14:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/08/04 14:01:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/07/26 21:05:36 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/27 10:06:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/05/17 23:00:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

[2012/05/17 23:00:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Micah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Skype Click to Call = C:\Users\Micah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

O1 HOSTS File: ([2012/07/26 20:42:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000..\Run: [spotify Web Helper] C:\Users\Micah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2932929639-738542622-1971861260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28120EA2-1571-41F7-9E5F-7A5A50040511}: DhcpNameServer = 192.168.1.1 216.211.190.3 216.211.191.9

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 00:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2

[2012/08/07 00:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2

[2012/08/07 00:38:52 | 000,000,000 | ---D | C] -- C:\Users\Micah\Documents\Guild Wars 2

[2012/08/03 00:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit

[2012/08/03 00:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs

[2012/07/31 19:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton

[2012/07/31 19:10:54 | 000,000,000 | ---D | C] -- C:\Users\Micah\Documents\Ableton

[2012/07/31 19:10:54 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Roaming\Ableton

[2012/07/31 19:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton

[2012/07/31 19:08:59 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll

[2012/07/31 19:08:59 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll

[2012/07/31 19:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ableton

[2012/07/31 18:12:53 | 000,000,000 | ---D | C] -- C:\Users\Micah\Desktop\Ableton Live 8.2.2 (CRACKED) [theLEAK]

[2012/07/31 18:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent

[2012/07/28 19:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/07/26 20:47:35 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/07/26 20:43:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/07/26 20:30:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/26 20:30:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/26 20:30:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/26 20:30:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/26 20:30:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/26 00:11:11 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\SIX_Projects

[2012/07/25 17:42:43 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/07/23 20:33:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Micah\Desktop\dds.com

[2012/07/22 14:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/07/22 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/07/22 12:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/07/22 12:33:55 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/07/22 12:09:52 | 000,000,000 | ---D | C] -- C:\Users\Micah\AppData\Local\ElevatedDiagnostics

[2012/07/20 17:29:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/20 17:22:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2012/08/18 21:07:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/18 16:47:07 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/18 16:47:07 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/18 16:43:45 | 000,792,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/18 16:43:45 | 000,669,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/18 16:43:45 | 000,125,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/18 16:38:45 | 3168,821,248 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/14 19:42:08 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/08/13 10:49:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/08/07 20:18:11 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk

[2012/08/07 20:18:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/08/07 20:18:11 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Beat Hazard.lnk

[2012/08/07 20:18:10 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

[2012/08/07 20:18:10 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitorPro.lnk

[2012/08/07 20:18:10 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk

[2012/08/07 15:02:34 | 000,104,532 | ---- | M] () -- C:\Users\Micah\Desktop\gragas.JPG

[2012/08/07 00:40:19 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk

[2012/07/31 18:10:09 | 000,000,967 | ---- | M] () -- C:\Users\Micah\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012/07/31 18:10:09 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2012/07/27 21:20:26 | 000,289,215 | ---- | M] () -- C:\Users\Micah\Desktop\Captcha.JPG

[2012/07/26 20:42:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/07/25 21:23:03 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk

[2012/07/25 21:23:03 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk

[2012/07/23 22:07:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/07/23 20:33:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Micah\Desktop\dds.com

[2012/07/22 12:56:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/22 12:37:52 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/22 12:37:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/22 12:31:16 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl

========== Files Created - No Company Name ==========

[2012/08/13 10:50:04 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@

[2012/08/13 10:50:03 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@

[2012/08/13 10:50:01 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@

[2012/08/12 16:58:15 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@

[2012/08/12 16:58:15 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@

[2012/08/12 16:58:14 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@

[2012/08/12 16:58:12 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@

[2012/08/07 15:02:34 | 000,104,532 | ---- | C] () -- C:\Users\Micah\Desktop\gragas.JPG

[2012/08/07 00:40:19 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk

[2012/07/31 18:10:09 | 000,000,967 | ---- | C] () -- C:\Users\Micah\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012/07/31 18:10:09 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2012/07/27 21:20:25 | 000,289,215 | ---- | C] () -- C:\Users\Micah\Desktop\Captcha.JPG

[2012/07/26 20:30:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/26 20:30:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/26 20:30:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/26 20:30:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/26 20:30:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/22 12:56:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/22 12:31:16 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl

[2012/06/14 23:46:49 | 000,483,013 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak

[2012/03/20 16:37:11 | 000,033,633 | ---- | C] () -- C:\Users\Micah\AppData\Roaming\UserTile.png

[2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@

[2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@

[2011/12/21 19:14:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/08/06 22:38:35 | 000,000,000 | ---- | C] () -- C:\Users\Micah\AppData\Local\{D3F5262B-4CB4-435D-9D14-3E2A813D677E}

[2011/06/28 00:01:37 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/06/28 00:01:37 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/06/07 19:29:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/05/07 17:04:26 | 000,007,597 | ---- | C] () -- C:\Users\Micah\AppData\Local\Resmon.ResmonCfg

[2011/03/30 10:03:07 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/03/30 10:03:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/11/05 21:04:36 | 000,000,093 | ---- | C] () -- C:\Users\Micah\AppData\Local\fusioncache.dat

[2010/11/05 21:01:25 | 000,786,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/06/21 22:08:27 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\.minecraft

[2012/07/31 19:10:54 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Ableton

[2012/07/01 11:21:15 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Carbon

[2011/05/23 21:28:46 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.adobe.dmp.contentviewer

[2011/05/18 21:13:40 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/12/25 14:08:24 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\com.amazon.music.uploader

[2011/02/26 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Command & Conquer 3 Tiberium Wars

[2011/02/26 21:55:03 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Command and Conquer 4

[2012/07/22 11:51:42 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\DAEMON Tools Lite

[2011/05/05 18:11:54 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\GetRightToGo

[2011/09/01 19:38:06 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LolClient

[2012/05/27 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\LolClient2

[2011/08/01 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\MAXON

[2011/07/03 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Notepad++

[2011/01/31 18:53:24 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\PC Cleaner

[2011/11/20 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\PunkBuster

[2012/07/26 00:36:59 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\six-updater

[2012/07/16 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\six-zsync

[2012/02/01 18:42:37 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SplitMediaLabs

[2011/08/05 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SPORE

[2012/08/18 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Spotify

[2011/08/14 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\SystemRequirementsLab

[2011/08/01 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\TeamViewer

[2011/08/17 12:19:05 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\Tibia

[2012/07/22 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\TS3Client

[2012/08/18 16:39:44 | 000,000,000 | ---D | M] -- C:\Users\Micah\AppData\Roaming\uTorrent

[2011/07/13 23:07:23 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

[Maniac]

Step 1

Please uninstall: uTorrent

Step 2

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  [2012/08/13 10:50:04 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@
  [2012/08/13 10:50:03 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@
  [2012/08/13 10:50:01 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@
  [2012/08/12 16:58:15 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@
  [2012/08/12 16:58:15 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@
  [2012/08/12 16:58:14 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@
  [2012/08/12 16:58:12 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@
  [2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@
  [2012/01/10 20:43:24 | 000,002,048 | -HS- | C] () -- C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@
  
  :files
  C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}
  C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}
  C:\Users\Micah\AppData\Roaming\uTorrent
  ipconfig /flushdns /c
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[Comminuo]

All processes killed

========== OTL ==========

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000008.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000032.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000064.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L\00000004.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\80000000.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U\00000004.@ moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\@ moved successfully.

========== FILES ==========

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} scheduled to be moved on reboot.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\L folder moved successfully.

C:\Users\Micah\AppData\Local\{b15b4147-47cc-b3b8-7014-b946f5e894fc} folder moved successfully.

C:\Users\Micah\AppData\Roaming\uTorrent\ie folder moved successfully.

C:\Users\Micah\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.

C:\Users\Micah\AppData\Roaming\uTorrent\Cache folder moved successfully.

C:\Users\Micah\AppData\Roaming\uTorrent\apps folder moved successfully.

C:\Users\Micah\AppData\Roaming\uTorrent folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Micah\Downloads\cmd.bat deleted successfully.

C:\Users\Micah\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mcx1-MICAH-PC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Micah

->Temp folder emptied: 68224383 bytes

->Temporary Internet Files folder emptied: 48736615 bytes

->Java cache emptied: 12584 bytes

->FireFox cache emptied: 185711886 bytes

->Google Chrome cache emptied: 373665559 bytes

->Flash cache emptied: 8954 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 66561674 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 41095312 bytes

Total Files Cleaned = 748.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.1 log created on 08192012_180708

Files\Folders moved on Reboot...

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc}\U folder moved successfully.

C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} folder moved successfully.

C:\Users\Micah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\hsperfdata_MICAH-PC$\3596 moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{b15b4147-47cc-b3b8-7014-b946f5e894fc} not found!

File C:\Users\Micah\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Windows\temp\hsperfdata_MICAH-PC$\3596 not found!

Registry entries deleted on Reboot...

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Comminuo]

Every time i run combofix, it crashes my computer, no messages from the program, my computer just crashes and restarts

[Maniac]

Try again in Safe mode with Networking:

http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode

[Maurice Naggar]

@ Communio

Have you resolved your issue? Are you still with us ?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!