Jump to content

Savings sidekick wont die!


mls274

Recommended Posts

I have the saving-sidekick on my computer and I cant get rid of it. please help its annoying as all hell.

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2

Run by SteinwertM at 2:57:47 on 2012-11-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2203 [GMT -8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Users\SteinwertM\AppData\Local\Akamai\netsession_win.exe

C:\Users\SteinwertM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\SteinwertM\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe

C:\Users\SteinwertM\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe

C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe

C:\Users\SteinwertM\program\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Brownie\BrStsW64.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\V0250Mon.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\D-Link\DWA-525 revA\AirNCFG.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\D-Link\DWA-525 revA\WZCSLDR2.exe

C:\Prgrams\Itunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\SteinwertM\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Brownie\brpjp04a.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.claro-search.com/?affID=114508&tt=4212_5&babsrc=HP_clro&mntrId=04459479000000000000f07d685e0db7

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779

uProxyOverride = 192.168.*.*;*.local;127.0.0.1:9421;<local>

uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

mWinlogon: Userinit = userinit.exe,

BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll

BHO: Savings Sidekick: {11111111-1111-1111-1111-110011501160} -

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\SteinwertM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

TB: D-Link Toolbar: {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

uRun: [EPSON Stylus CX4400 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATICAA.EXE /FU "C:\Windows\TEMP\E_S9361.tmp" /EF "HKCU"

uRun: [0C72CEEF7D99E3EDE9C462D5CAF1809AFBAA2958._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service

uRun: [Akamai NetSession Interface] "C:\Users\SteinwertM\AppData\Local\Akamai\netsession_win.exe"

uRun: [spotify Web Helper] "C:\Users\SteinwertM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\SteinwertM\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [PWRISOVM.EXE] C:\Users\SteinwertM\program\PowerISO\PWRISOVM.EXE

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [V0250Mon.exe] C:\Windows\V0250Mon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [D-Link D-Link DWA-525] C:\Program Files (x86)\D-Link\DWA-525 revA\AirNCFG.exe

mRun: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-525 revA\WZCSLDR2.exe

mRun: [iTunesHelper] "C:\Prgrams\Itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

StartupFolder: C:\Users\STEINW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\SteinwertM\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\STEINW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{96D28906-A425-45B5-8B35-40C9E7EE03D0} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{96D28906-A425-45B5-8B35-40C9E7EE03D0}\74F624561627370313 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B05DF728-6929-4C74-8552-DEC8E685E1DE} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B05DF728-6929-4C74-8552-DEC8E685E1DE}\74F624561627370313 : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-dlink-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-dlink-ab-en-us&query=

FF - plugin: C:\Prgrams\Itunes\Mozilla Plugins\npitunes.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\SteinwertM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Users\SteinwertM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\SteinwertM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-09-10 13:51; playbryte@playbryte.com; C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\playbryte@playbryte.com

FF - ExtSQL: 2012-09-10 13:52; addon@defaulttab.com; C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\addon@defaulttab.com.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779&q=

FF - user.js: extensions.funmoods.id - F07D685E0DB79479

FF - user.js: extensions.funmoods.instlDay - 15593

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:50:51

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - adknlg

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - adknlg

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.autoDisableScopes - 14);//Playbryte-fa-bndluser_pref(extensions.claro.tlbrSrchUrl,

FF - user.js: extensions.claro.id - 04459479000000000000f07d685e0db7

FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}

FF - user.js: extensions.claro.instlDay - 15633

FF - user.js: extensions.claro.vrsn - 1.8.3.10

FF - user.js: extensions.claro.vrsni - 1.8.3.10

FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.102:50:05

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - claro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-3-23 25312]

R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2010-10-20 15872]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-27 600920]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-5-26 288088]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-5 235520]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-5-26 22360]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-5-26 64856]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-7-23 42184]

R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2012-11-3 2400800]

R2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe [2012-3-6 40960]

R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\SteinwertM\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-9-10 107520]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-31 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-31 676936]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]

R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-9-6 80472]

R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2012-3-23 285152]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-4 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-12 25928]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-12 325152]

R3 wovad_micarray;WO Mic Device;C:\Windows\System32\drivers\womic.sys [2012-7-26 59344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 D_Link_DWA-525;D_Link_DWA-525 Service;C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWZCSdS.exe [2012-3-6 126976]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2012-3-23 838136]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-1-11 25832]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504]

S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-5-12 11776]

S3 netr28x;D-Link 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\Dnetr28x.sys [2010-10-20 787968]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 V0250Dev;Live! Cam Notebook Pro;C:\Windows\System32\drivers\V0250Dev.sys [2011-7-11 201632]

S3 V0250Vfx;V0250Vfx;C:\Windows\System32\drivers\V0250Vfx.sys [2011-7-11 10752]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-26 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\iexplore.exe="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 [userChoice]

.

=============== Created Last 30 ================

.

2012-11-07 10:36:58 -------- d-----w- C:\Users\SteinwertM\AppData\Roaming\QuickScan

2012-11-06 09:56:51 -------- d-----w- C:\Users\SteinwertM\DoctorWeb

2012-11-06 08:58:21 -------- d-----w- C:\Program Files (x86)\ESET

2012-11-03 11:42:05 -------- d-----w- C:\Users\SteinwertM\AppData\Local\IsolatedStorage

2012-11-03 11:41:27 -------- d-----w- C:\Users\SteinwertM\AppData\Local\NuGet

2012-11-03 11:18:07 -------- d-----w- C:\Program Files (x86)\Microsoft WebMatrix

2012-11-03 11:09:25 -------- d-----w- C:\Windows\SysWow64\1033

2012-11-03 11:09:25 -------- d-----w- C:\Windows\System32\1033

2012-11-03 11:06:50 -------- d-----w- C:\Program Files (x86)\MySQL

2012-11-03 11:06:27 -------- d-----w- C:\Program Files\IIS

2012-11-03 11:06:27 -------- d-----w- C:\Program Files (x86)\IIS

2012-11-03 11:04:03 -------- d-----w- C:\Program Files (x86)\IIS Express

2012-11-02 23:11:53 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2012-11-02 23:11:51 -------- d-----w- C:\Program Files\Microsoft SQL Server

2012-11-02 23:10:51 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-11-02 23:10:09 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET

2012-11-02 23:09:59 -------- d-----w- C:\ProgramData\Package Cache

2012-11-02 22:55:19 -------- d-----w- C:\Program Files\Microsoft

2012-10-23 07:18:01 -------- d-----w- C:\Users\SteinwertM\AppData\Local\Line

2012-10-23 07:17:55 -------- d-----w- C:\Program Files (x86)\Naver

2012-10-20 09:50:07 -------- d-----w- C:\Program Files (x86)\Claro LTD

2012-10-20 09:49:36 -------- d-----w- C:\Users\SteinwertM\AppData\Roaming\Babylon

2012-10-20 09:49:36 -------- d-----w- C:\ProgramData\Babylon

2012-10-20 09:49:28 -------- d-----w- C:\Users\SteinwertM\AppData\Local\Savings Sidekick

2012-10-20 09:49:19 -------- d-----w- C:\ProgramData\Browser Manager

2012-10-20 09:49:17 -------- d-----w- C:\Program Files (x86)\Noel Danjou

2012-10-10 10:47:46 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-10 09:57:06 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-10-08 20:10:07 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2012-10-08 20:10:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-08 20:10:13 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-24 06:55:20 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-24 06:55:13 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-24 06:55:13 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-14 23:55:40 101680 ----a-w- C:\Windows\System32\stkMonitor.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-23 20:43:15 1409 ----a-w- C:\Windows\SysWow64\tmpD21AF.FOT

2012-08-23 20:43:15 1409 ----a-w- C:\Windows\SysWow64\tmpB71AF.FOT

2012-08-23 20:43:14 1409 ----a-w- C:\Windows\SysWow64\tmpFF0AF.FOT

2012-08-23 20:43:14 1409 ----a-w- C:\Windows\SysWow64\tmp500AF.FOT

2012-08-23 20:43:14 1409 ----a-w- C:\Windows\SysWow64\tmp430AF.FOT

2012-08-23 20:43:14 1409 ----a-w- C:\Windows\SysWow64\tmp270AF.FOT

2012-08-23 20:43:14 1409 ----a-w- C:\Windows\SysWow64\tmp1A0AF.FOT

2012-08-23 20:43:14 1409 ----a-w- C:\Windows\SysWow64\tmp0D0AF.FOT

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-21 20:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

.

============= FINISH: 2:58:01.87 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/26/2010 2:09:27 AM

System Uptime: 11/6/2012 11:12:41 AM (15 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M4A785T-M

Processor: AMD Athlon™ II X2 255 Processor | AM3 | 3100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 82.682 GiB free.

D: is CDROM (UDF)

E: is FIXED (FAT32) - 596 GiB total, 313.38 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: D-Link DWA-525 Wireless N 150 Desktop Adapter

Device ID: PCI\VEN_1814&DEV_3060&SUBSYS_3C041186&REV_00\4&2966AB86&0&30A4

Manufacturer: D-Link Corporation

Name: D-Link DWA-525 Wireless N 150 Desktop Adapter

PNP Device ID: PCI\VEN_1814&DEV_3060&SUBSYS_3C041186&REV_00\4&2966AB86&0&30A4

Service: netr28x

.

==== System Restore Points ===================

.

RP329: 10/24/2012 2:47:21 AM - Removed Microsoft LifeCam

RP330: 11/1/2012 12:00:01 AM - Scheduled Checkpoint

RP331: 11/2/2012 3:54:50 PM - Installed Microsoft Web Platform Installer 4.0

RP332: 11/3/2012 3:58:54 AM - Windows Update

RP333: 11/4/2012 2:00:11 AM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Reader X (10.1.4)

Akamai NetSession Interface

Akamai NetSession Interface Service

Amazon Send to Kindle

AMCap

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assassin's Creed Revelations

ASUS E-Green Uninstall

ATI Catalyst Registration

avast! Free Antivirus

Bejeweled 3

Best Buy pc app

Bonjour

Brother HL-5370DW

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CDisplay 1.8

Claro LTD toolbar

Creative Live! Cam Center

Creative Live! Cam Notebook Pro Driver (1.04.02.0000)

D-Link DWA-525

D-Link Toolbar

Data Lifeguard Diagnostic for Windows

Debugging Tools for Windows (x86)

DefaultTab

DefaultTab Chrome

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Diablo III

Divinity II - DKS

Dragon Age: Origins

Dropbox

Dungeons and Dragons Daggerdale

E-Hammer

EPSON Printer Software

EPSON Scan

ERUNT 1.1j

ESET Online Scanner v3

Fallout: New Vegas

ffdshow [rev 2527] [2008-12-19]

Google Chrome

Google Talk Plugin

Google Update Helper

Hunted The Demons Forge

IBM SPSS Statistics - Essentials for Python 19 64bit

IBM SPSS Statistics 19

IIS 7.5 Express

iPad/iPhone/iPod to Computer Transfer 7.7.7

iTunes

Java 7 Update 7

Java Auto Updater

Java™ 6 Update 22

Java™ 6 Update 25 (64-bit)

Java™ 7 Update 1 (64-bit)

Java™ SE Development Kit 7 Update 1 (64-bit)

Kingdoms of Amalur Reckoning

LINE

LogMeIn Hamachi

Lord of the Rings - War in the North

Magic The Gathering - Duels of the Planeswalkers 2013

Magic: The Gathering - Duels of the Planeswalkers 2013 Demo

Malwarebytes Anti-Malware version 1.65.1.1000

MD5 Calculator

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft ASP.NET Web Pages 2

Microsoft ASP.NET Web Pages 2 Runtime

Microsoft Corporation

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2012 Data-Tier App Framework

Microsoft SQL Server 2012 Management Objects

Microsoft SQL Server 2012 Native Client

Microsoft SQL Server 2012 Transact-SQL ScriptDom

Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1

Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1

Microsoft SQL Server Compact 4.0 Web Tools ENU

Microsoft SQL Server System CLR Types

Microsoft System CLR Types for SQL Server 2012

Microsoft System CLR Types for SQL Server 2012 (x64)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Web Deploy 3.0

Microsoft Web Platform Installer 4.0

Microsoft WebMatrix 2

Microsoft WSE 3.0 Runtime

Minecraft Cracked

MotoHelper 2.0.51 Driver 5.1.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.2.0

Mount&Blade Warband

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MySQL Connector Net 6.5.4

NETGEAR WNA3100 wireless USB 2.0 adapter

NirSoft BlueScreenView

NVIDIA PhysX

Origin

PASW Statistics-Python Integration Plugin18-64bit

PASW Statistics 18

PDFCreator

PowerISO

Prototype™

PunkBuster Services

Python 2.5.4 (64 bit)

Python 2.6.4 (64-bit)

QuickTime

R for Windows 2.15.0

RIFT

RSDLite

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Toolbars

Skype™ 5.10

Spotify

StarCraft II

Steam

System Requirements Lab CYRI

Team Fortress 2

TeamSpeak 3 Client

The Elder Scrolls V: Skyrim

The KMPlayer 3.0.0.1441R2

The Lord of the Rings FREE Trial

The Rosetta Stone

The Sims™ 3

The Sims™ 3 Ambitions

The Sims™ 3 Fast Lane Stuff

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Late Night

The Sims™ 3 Outdoor Living Stuff

The Sims™ 3 World Adventures

The Witcher Enhanced Edition

Transformers Fall of Cybertron

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Winamp

WinRAR archiver

WO Mic Client

.

==== Event Viewer Messages From Past Week ========

.

11/7/2012 2:58:00 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

11/6/2012 12:45:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

11/6/2012 12:45:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

11/6/2012 12:39:02 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/6/2012 12:39:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/6/2012 12:39:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/6/2012 12:38:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/6/2012 12:38:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/6/2012 12:38:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache SCDEmu spldr Wanarpv6

11/6/2012 12:38:47 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/6/2012 12:36:45 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.

11/6/2012 11:14:39 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

11/6/2012 11:13:53 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

11/6/2012 11:13:30 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

11/3/2012 4:44:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

11/3/2012 4:43:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

11/3/2012 4:43:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

11/3/2012 4:43:31 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/3/2012 4:43:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

11/3/2012 4:42:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

11/3/2012 4:11:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).

11/3/2012 4:06:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351).

11/3/2012 4:06:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523).

11/3/2012 4:05:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217).

11/3/2012 3:55:11 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

11/1/2012 9:23:38 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------

Link to post
Share on other sites

ok here are the logs first one is the aswMBR followed by the AdwCleaner.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-11-07 22:49:07

-----------------------------

22:49:07.992 OS Version: Windows x64 6.1.7601 Service Pack 1

22:49:07.993 Number of processors: 2 586 0x602

22:49:07.993 ComputerName: STEINWERTM-PC UserName: SteinwertM

22:49:09.234 Initialize success

22:49:09.319 AVAST engine defs: 12110701

22:49:14.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

22:49:14.293 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3

22:49:14.304 Disk 0 MBR read successfully

22:49:14.306 Disk 0 MBR scan

22:49:14.310 Disk 0 Windows 7 default MBR code

22:49:14.317 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476838 MB offset 206848

22:49:14.348 Disk 0 scanning C:\Windows\system32\drivers

22:49:23.043 Service scanning

22:49:42.274 Modules scanning

22:49:42.283 Disk 0 trace - called modules:

22:49:42.302 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

22:49:42.305 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800488d060]

22:49:42.309 3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> [0xfffffa8004881280]

22:49:42.312 5 ACPI.sys[fffff88000e4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004886060]

22:49:43.530 AVAST engine scan C:\Windows

22:49:46.439 AVAST engine scan C:\Windows\system32

22:52:16.568 AVAST engine scan C:\Windows\system32\drivers

22:52:26.785 AVAST engine scan C:\Users\SteinwertM

22:53:11.734 Disk 0 MBR has been saved successfully to "C:\Users\SteinwertM\Desktop\kill the addon\MBR.dat"

22:53:11.749 The log file has been saved successfully to "C:\Users\SteinwertM\Desktop\kill the addon\aswMBR.txt"

--------------------------------------------------------------------------

# AdwCleaner v2.007 - Logfile created 11/07/2012 at 22:54:15

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : SteinwertM - STEINWERTM-PC

# Boot Mode : Normal

# Running from : C:\Users\SteinwertM\Desktop\kill the addon\AdwCleaner.exe

# Option [search]

***** [services] *****

Found : Browser Manager

Found : DefaultTabUpdate

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\Users\SteinwertM\AppData\Local\funmoods-speeddial.crx

File Found : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\addon@defaulttab.com.xpi

File Found : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\searchplugins\search.xml

File Found : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\searchplugins\search-here.xml

Folder Found : C:\Program Files (x86)\Claro LTD

Folder Found : C:\Program Files (x86)\DefaultTab

Folder Found : C:\Program Files (x86)\Funmoods

Folder Found : C:\Program Files (x86)\Playbryte

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\Browser Manager

Folder Found : C:\ProgramData\Trymedia

Folder Found : C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Folder Found : C:\Users\SteinwertM\AppData\Local\Savings Sidekick

Folder Found : C:\Users\SteinwertM\AppData\LocalLow\Playbryte

Folder Found : C:\Users\SteinwertM\AppData\Roaming\Babylon

Folder Found : C:\Users\SteinwertM\AppData\Roaming\DefaultTab

Folder Found : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\playbryte@playbryte.com

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab

Key Found : HKCU\Software\AppDataLow\Software\Savings Sidekick

Key Found : HKCU\Software\Claro LTD

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Default Tab

Key Found : HKCU\Software\DefaultTab

Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\Claro LTD

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504460}

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Default Tab

Key Found : HKLM\Software\DefaultTab

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}

Key Found : HKLM\Software\Playbryte

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055505560}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506660}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome

Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}

Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}

Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Found : HKU\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4212_5&babsrc=HP_clro&mntrId=04459479000000000000f07d685e0db7

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4212_5&babsrc=HP_clro&mntrId=04459479000000000000f07d685e0db7

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\prefs.js

Found : user_pref("aol_toolbar.surf.date", "9");

Found : user_pref("aol_toolbar.surf.lastDate", "16");

Found : user_pref("aol_toolbar.surf.lastMonth", "8");

Found : user_pref("aol_toolbar.surf.lastYear", "2012");

Found : user_pref("aol_toolbar.surf.month", "408");

Found : user_pref("aol_toolbar.surf.prevMonth", "931");

Found : user_pref("aol_toolbar.surf.total", "3785");

Found : user_pref("aol_toolbar.surf.week", "9");

Found : user_pref("aol_toolbar.surf.year", "3710");

Found : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114508&tt=4212_5&babsrc=[...]

Found : user_pref("avg.install.userSPSettings", "Claro Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?query={searchTerms}&invo[...]

Found : user_pref("dlink_toolbar.default.search.url", "hxxp://search.aol.com/search/search?query={searchTerm[...]

Found : user_pref("extensions.claro.admin", false);

Found : user_pref("extensions.claro.aflt", "babsst");

Found : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");

Found : user_pref("extensions.claro.dfltLng", "en");

Found : user_pref("extensions.claro.excTlbr", false);

Found : user_pref("extensions.claro.id", "04459479000000000000f07d685e0db7");

Found : user_pref("extensions.claro.instlDay", "15633");

Found : user_pref("extensions.claro.instlRef", "sst");

Found : user_pref("extensions.claro.prdct", "claro");

Found : user_pref("extensions.claro.prtnrId", "claro");

Found : user_pref("extensions.claro.tlbrId", "claro");

Found : user_pref("extensions.claro.vrsn", "1.8.3.10");

Found : user_pref("extensions.claro.vrsni", "1.8.3.10");

Found : user_pref("extensions.claro_i.smplGrp", "none");

Found : user_pref("extensions.claro_i.vrsnTs", "1.8.3.102:50:05");

Found : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true);

Found : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1350726566);

Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...]

Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false);

Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false);

Found : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false);

Found : user_pref("extensions.crossriderapp5060.5060.active", true);

Found : user_pref("extensions.crossriderapp5060.5060.addressbar", "");

Found : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]

Found : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);

Found : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);

Found : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");

Found : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);

Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1350726566");

Found : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1350726566");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Wed Nov 07 2012 22:[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Fri Nov 09 2012 [...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22US%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1352356947");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2245989%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1351304243489");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221265%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2295912%22");

Found : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1351304184941");

Found : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]

Found : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.value", "%7B%22path%22%3A%22/%22%2C%[...]

Found : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");

Found : user_pref("extensions.crossriderapp5060.5060.domain", "");

Found : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);

Found : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");

Found : user_pref("extensions.crossriderapp5060.5060.group", 0);

Found : user_pref("extensions.crossriderapp5060.5060.homepage", "");

Found : user_pref("extensions.crossriderapp5060.5060.iframe", false);

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Thu Nov 08[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]

Found : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]

Found : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]

Found : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");

Found : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");

Found : user_pref("extensions.crossriderapp5060.5060.newtab", "");

Found : user_pref("extensions.crossriderapp5060.5060.opensearch", "");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");

Found : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);

Found : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015");

Found : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]

Found : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Found : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15);

Found : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");

Found : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);

Found : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);

Found : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");

Found : user_pref("extensions.crossriderapp5060.5060.thankyou", "");

Found : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);

Found : user_pref("extensions.crossriderapp5060.5060.ver", 37);

Found : user_pref("extensions.crossriderapp5060.adsOldValue", 14);

Found : user_pref("extensions.crossriderapp5060.apps", "5060");

Found : user_pref("extensions.crossriderapp5060.bic", "13aa0016a853d82a9f5ada13edb60e58");

Found : user_pref("extensions.crossriderapp5060.cid", 5060);

Found : user_pref("extensions.crossriderapp5060.firstrun", false);

Found : user_pref("extensions.crossriderapp5060.hadappinstalled", true);

Found : user_pref("extensions.crossriderapp5060.installationdate", 1351304178);

Found : user_pref("extensions.crossriderapp5060.lastcheck", 22539282);

Found : user_pref("extensions.crossriderapp5060.lastcheckitem", 22539283);

Found : user_pref("extensions.crossriderapp5060.modetype", "production");

Found : user_pref("extensions.crossriderapp5060.reportInstall", true);

Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]

Found : user_pref("extensions.enabledAddons", "{DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15,crossriderapp50[...]

Found : user_pref("extensions.funmoods.aflt", "adknlg");

Found : user_pref("extensions.funmoods.autoRvrt", false);

Found : user_pref("extensions.funmoods.cntry", "US");

Found : user_pref("extensions.funmoods.cv", "cv5");

Found : user_pref("extensions.funmoods.dfltLng", "");

Found : user_pref("extensions.funmoods.dfltSrch", true);

Found : user_pref("extensions.funmoods.dnsErr", true);

Found : user_pref("extensions.funmoods.envrmnt", "production");

Found : user_pref("extensions.funmoods.excTlbr", false);

Found : user_pref("extensions.funmoods.hdrMd5", "294B20353880D099CDA18131E97D69E3");

Found : user_pref("extensions.funmoods.hmpg", true);

Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]

Found : user_pref("extensions.funmoods.id", "F07D685E0DB79479");

Found : user_pref("extensions.funmoods.instlDay", "15593");

Found : user_pref("extensions.funmoods.instlRef", "adknlg");

Found : user_pref("extensions.funmoods.isdcmntcmplt", true);

Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2213:50:51");

Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Found : user_pref("extensions.funmoods.newTab", true);

Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]

Found : user_pref("extensions.funmoods.prdct", "funmoods");

Found : user_pref("extensions.funmoods.prtnrId", "funmoods");

Found : user_pref("extensions.funmoods.sg", "none");

Found : user_pref("extensions.funmoods.smplGrp", "none");

Found : user_pref("extensions.funmoods.srchPrvdr", "Search");

Found : user_pref("extensions.funmoods.tlbrId", "base");

Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]

Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2213:50:51");

Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Found : user_pref("extensions.funmoods_i.newTab", true);

Found : user_pref("extensions.funmoods_i.smplGrp", "none");

Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2213:50:51");

Found : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocatio[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.13] : homepage = "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779",

Found [l.1641] : homepage = "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779",

*************************

AdwCleaner[R1].txt - [27713 octets] - [07/11/2012 22:54:15]

########## EOF - C:\AdwCleaner[R1].txt - [27774 octets] ##########

Link to post
Share on other sites

Hi,

AdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

----------

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/09/2012 at 01:42:25

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : SteinwertM - STEINWERTM-PC

# Boot Mode : Normal

# Running from : C:\Users\SteinwertM\Desktop\kill the addon\AdwCleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Browser Manager

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Users\SteinwertM\AppData\Local\funmoods-speeddial.crx

File Deleted : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\addon@defaulttab.com.xpi

File Deleted : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\searchplugins\search.xml

File Deleted : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\searchplugins\search-here.xml

Folder Deleted : C:\Program Files (x86)\Claro LTD

Folder Deleted : C:\Program Files (x86)\DefaultTab

Folder Deleted : C:\Program Files (x86)\Funmoods

Folder Deleted : C:\Program Files (x86)\Playbryte

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Folder Deleted : C:\Users\SteinwertM\AppData\Local\Savings Sidekick

Folder Deleted : C:\Users\SteinwertM\AppData\LocalLow\Playbryte

Folder Deleted : C:\Users\SteinwertM\AppData\Roaming\Babylon

Folder Deleted : C:\Users\SteinwertM\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\playbryte@playbryte.com

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab

Key Deleted : HKCU\Software\AppDataLow\Software\Savings Sidekick

Key Deleted : HKCU\Software\Claro LTD

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Claro LTD

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504460}

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\DefaultTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}

Key Deleted : HKLM\Software\Playbryte

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011501160}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055505560}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506660}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKU\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4212_5&babsrc=HP_clro&mntrId=04459479000000000000f07d685e0db7 --> hxxp://www.google.com

Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\prefs.js

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.surf.date", "9");

Deleted : user_pref("aol_toolbar.surf.lastDate", "16");

Deleted : user_pref("aol_toolbar.surf.lastMonth", "8");

Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");

Deleted : user_pref("aol_toolbar.surf.month", "408");

Deleted : user_pref("aol_toolbar.surf.prevMonth", "931");

Deleted : user_pref("aol_toolbar.surf.total", "3785");

Deleted : user_pref("aol_toolbar.surf.week", "9");

Deleted : user_pref("aol_toolbar.surf.year", "3710");

Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114508&tt=4212_5&babsrc=[...]

Deleted : user_pref("avg.install.userSPSettings", "Claro Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?query={searchTerms}&invo[...]

Deleted : user_pref("dlink_toolbar.default.search.url", "hxxp://search.aol.com/search/search?query={searchTerm[...]

Deleted : user_pref("extensions.claro.admin", false);

Deleted : user_pref("extensions.claro.aflt", "babsst");

Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");

Deleted : user_pref("extensions.claro.dfltLng", "en");

Deleted : user_pref("extensions.claro.excTlbr", false);

Deleted : user_pref("extensions.claro.id", "04459479000000000000f07d685e0db7");

Deleted : user_pref("extensions.claro.instlDay", "15633");

Deleted : user_pref("extensions.claro.instlRef", "sst");

Deleted : user_pref("extensions.claro.prdct", "claro");

Deleted : user_pref("extensions.claro.prtnrId", "claro");

Deleted : user_pref("extensions.claro.tlbrId", "claro");

Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");

Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");

Deleted : user_pref("extensions.claro_i.smplGrp", "none");

Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.102:50:05");

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true);

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1350726566);

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.active", true);

Deleted : user_pref("extensions.crossriderapp5060.5060.addressbar", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);

Deleted : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);

Deleted : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1350726566");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1350726566");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Fri Nov 09 2012 01:[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Fri Nov 09 2012 [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22US%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1352452977");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2245989%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1351304243489");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221265%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2295912%22");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1351304184941");

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.value", "%7B%22path%22%3A%22/index.p[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");

Deleted : user_pref("extensions.crossriderapp5060.5060.domain", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.group", 0);

Deleted : user_pref("extensions.crossriderapp5060.5060.homepage", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.iframe", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Fri Nov 09[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");

Deleted : user_pref("extensions.crossriderapp5060.5060.newtab", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.opensearch", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 7);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "17,14,16,47,1000015");

Deleted : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Deleted : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15);

Deleted : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");

Deleted : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);

Deleted : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);

Deleted : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.thankyou", "");

Deleted : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);

Deleted : user_pref("extensions.crossriderapp5060.5060.ver", 37);

Deleted : user_pref("extensions.crossriderapp5060.adsOldValue", 14);

Deleted : user_pref("extensions.crossriderapp5060.apps", "5060");

Deleted : user_pref("extensions.crossriderapp5060.bic", "13aa0016a853d82a9f5ada13edb60e58");

Deleted : user_pref("extensions.crossriderapp5060.cid", 5060);

Deleted : user_pref("extensions.crossriderapp5060.firstrun", false);

Deleted : user_pref("extensions.crossriderapp5060.hadappinstalled", true);

Deleted : user_pref("extensions.crossriderapp5060.installationdate", 1351304178);

Deleted : user_pref("extensions.crossriderapp5060.lastcheck", 22540834);

Deleted : user_pref("extensions.crossriderapp5060.lastcheckitem", 22540899);

Deleted : user_pref("extensions.crossriderapp5060.modetype", "production");

Deleted : user_pref("extensions.crossriderapp5060.reportInstall", true);

Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]

Deleted : user_pref("extensions.enabledAddons", "{DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15,crossriderapp50[...]

Deleted : user_pref("extensions.funmoods.aflt", "adknlg");

Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Deleted : user_pref("extensions.funmoods.cntry", "US");

Deleted : user_pref("extensions.funmoods.cv", "cv5");

Deleted : user_pref("extensions.funmoods.dfltLng", "");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dnsErr", true);

Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hdrMd5", "294B20353880D099CDA18131E97D69E3");

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]

Deleted : user_pref("extensions.funmoods.id", "F07D685E0DB79479");

Deleted : user_pref("extensions.funmoods.instlDay", "15593");

Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");

Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2213:50:51");

Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.funmoods.newTab", true);

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.sg", "none");

Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2213:50:51");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Deleted : user_pref("extensions.funmoods_i.newTab", true);

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2213:50:51");

Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocatio[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779",

Deleted [l.1641] : homepage = "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779",

*************************

AdwCleaner[R1].txt - [27804 octets] - [07/11/2012 22:54:15]

AdwCleaner[s1].txt - [28530 octets] - [09/11/2012 01:42:25]

########## EOF - C:\AdwCleaner[s1].txt - [28591 octets] ##########

Link to post
Share on other sites

ComboFix 12-11-09.01 - SteinwertM 11/09/2012 2:03.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2710 [GMT -8:00]

Running from: c:\users\SteinwertM\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Naver

c:\program files (x86)\Naver\LINE\CommLib.dll

c:\program files (x86)\Naver\LINE\CommModule.dll

c:\program files (x86)\Naver\LINE\DataModule.dll

c:\program files (x86)\Naver\LINE\dbghelp.dll

c:\program files (x86)\Naver\LINE\Line.exe

c:\program files (x86)\Naver\LINE\LineAppMgr.exe

c:\program files (x86)\Naver\LINE\LineUnInst.exe

c:\program files (x86)\Naver\LINE\LineUpgrader.exe

c:\program files (x86)\Naver\LINE\MediaInfo.dll

c:\program files (x86)\Naver\LINE\Microsoft.VC90.CRT.manifest

c:\program files (x86)\Naver\LINE\msvcp90.dll

c:\program files (x86)\Naver\LINE\msvcr90.dll

c:\program files (x86)\Naver\LINE\NELO.dll

c:\program files (x86)\Naver\LINE\NELO_CrashReporter.exe

c:\program files (x86)\Naver\LINE\README.license

c:\program files (x86)\Naver\LINE\res\locale\en-US\buddy.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\chatRoom.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\common.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\group.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\invite.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\login.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\menu.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\msgbox.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\setting.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\sticker.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\talk.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\upgrader.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\upic.xml

c:\program files (x86)\Naver\LINE\res\locale\en-US\voip.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\buddy.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\chatRoom.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\common.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\group.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\invite.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\login.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\menu.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\msgbox.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\setting.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\sticker.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\talk.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\upgrader.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\upic.xml

c:\program files (x86)\Naver\LINE\res\locale\ja-JP\voip.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\buddy.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\chatRoom.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\common.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\group.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\invite.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\login.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\menu.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\msgbox.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\setting.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\sticker.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\talk.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\upgrader.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\upic.xml

c:\program files (x86)\Naver\LINE\res\locale\ko-KR\voip.xml

c:\program files (x86)\Naver\LINE\res\skin\basic\about.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\buddyInfo.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\chatMember.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\chatRoom.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\css\buddyInfo.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\chatMember.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\chatRoom.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\chatRoomMessage.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\common.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\emoji.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\emojiIcon.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\emojiLetter.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\groupMake.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\groupModify.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\invite.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\login.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\loginHelp.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\makeGroup.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\myInfo.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\setting.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\settingBasic.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\settingPrivacy.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\sticker.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\talk.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\talkAddBuddy.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\talkBuddyList.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\talkChatList.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\toast.css

c:\program files (x86)\Naver\LINE\res\skin\basic\css\voip.css

c:\program files (x86)\Naver\LINE\res\skin\basic\emoji.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\emojiIcon.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\emojiLetter.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\groupMake.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\groupModify.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_audio.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_btn_box.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_buddy_bubble_gray.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_buddy_bubble_gray2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_buddy_image_frame.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_buddy_video.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_call.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_date_bubble.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_img_err.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_layer.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_menu_line.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_more.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_my_bubble_green.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_my_bubble_green2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_my_bubble_light_green.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_my_image_frame.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_my_video.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_new_buddy.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_sep.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_splitter.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_top.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\bg_video.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\br_btm_l.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\br_btm_m.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\br_btm_r.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\br_line.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\br_top_l.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\br_top_r.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_addblock.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_arrow_down.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_canel.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_chat_type1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_close.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_emoji.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_file.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_max.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_menu.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_min.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\btn_room_name.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\check_style1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\check_style2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\check_style3.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\check_style3_x.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\check_style3_xx.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\flag.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\ico_alarm_off.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\ico_error_sticker.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\ico_fail.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\ico_person.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\icon_voip.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\loading.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\loading_small.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\nick_bubble_l.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\nick_bubble_m.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\nick_bubble_r.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\slider_bar.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\slider_thumb.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\chat\thumnail_box.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\bar_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\bar_02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\bg_dlg_title.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\br_btm_l.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\br_btm_r.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\br_line.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\br_top_l.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\br_top_r.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\btn_close_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\btn_close_02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\btn_system.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\btn_type1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\btn_type2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\btn_type3.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\btn_update.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\check_type1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\checkbox_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\ico_close.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\ico_dot01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\ico_return.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\icon_clear.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\input_box.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\layer_btn_close.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\layer_btn_close_all.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\layer_btn_close_click.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\layer_btn_close_over.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\layer_btn_search_1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\Line.ico

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\line_about.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\line_about_btn.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\loading.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\profile_frame.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\spin_down.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\spin_up.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\thumnail_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\thumnail_02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\thumnail_03.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\thumnail_04.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\common\thumnail_05.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\bg_tab.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\btn_icon_bg.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\btn_index.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\btn_latest.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\btn_left.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\btn_letter.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\btn_right.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\btn_sticker_arrow1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\btn_sticker_arrow2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\emoji_bottom.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\emoji_select.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\emoji_top_bg.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\select_emoticon.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\select_kaomoji.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\select_sticker.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\emoji\stiker_btn_bg.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\bg_add_profile_frame.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\bg_teamlayer_top_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_plus_02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_radio_off_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_radio_on_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_teampopup_cancel_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_teampopup_invite_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_teampopup_make_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_teampopup_member_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_teampopup_no_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_teampopup_save_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_teampopup_talk_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_teampopup_write_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\btn_teampopup_yes_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\check_style1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\check_style3.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\group\group_edit_select.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\btn_close.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\btn_login.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\btn_max.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\btn_min.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\btn_qrcode_refresh.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\en-US\01_main.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\en-US\02_email.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\en-US\03_qr01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\en-US\04_qr02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\en-US\btn_login.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\en-US\btn_qrcode.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ico_q.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ico_step01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ico_step02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\01_main.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\02_email.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\03_jp_main.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\04_jp_setting.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\05_app_qr01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\06_app_qr02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\07_wap_qr01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\08_wap_qr02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\btn_login.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ja-JP\btn_qrcode.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ko-KR\01_main.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ko-KR\02_email.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ko-KR\03_naver.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ko-KR\04_qr01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ko-KR\05_qr02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ko-KR\btn_international.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ko-KR\btn_login.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\ko-KR\btn_qrcode.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\line_logo.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\login_bg1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\login_bg2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\login_btm.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\login_bullet.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\login_bullet2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\login_line.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\login\login_qrcode.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_bottom_l.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_bottom_m.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_bottom_r.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_check.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_middle_l.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_middle_r.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_top_l.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_top_m.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_top_r.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\menu\menu_uncheck.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\profile\img_default.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\profile\img_default_big.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\profile\img_default_group.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\profile\img_default_group_big.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\profile\img_default_makegroup.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\profile\list_img_default.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\profile\list_img_default_group.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\profile\list_img_default_makegroup.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\bg_setting.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\bg_setting_btm.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\bg_setting_line.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\bg_setting_top.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\bg_setting_topleft.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\bg_setting_topright.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\btn_block_user.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\btn_select.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\ico_arrow.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\layer_btn_close_all.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\setting\tab_bg.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\bg_badge.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\bg_subpanel.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\bg_tab.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\bg_top.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\btn_add_friend.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\btn_chat.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\btn_close.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\btn_list_option.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\btn_max.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\btn_menu.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\btn_min.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\btn_top_friendtalk_01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\check_addbuddy.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\check_group_show.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\en-US\img_no_data_1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\en-US\img_no_data_2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\en-US\img_no_data_3.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\group_member_count_bg.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\ico_tab01.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\ico_tab02.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\ico_tab03.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\icon_search.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\img_no_data_1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\img_no_data_2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\img_no_data_3.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\input_cursor.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\ja-JP\img_no_data_1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\ja-JP\img_no_data_2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\ja-JP\img_no_data_3.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\ko-KR\img_no_data_1.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\ko-KR\img_no_data_2.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\ko-KR\img_no_data_3.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\list_tab_bar.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\nick_bubble_l.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\nick_bubble_m.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\nick_bubble_r.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\talk\status_bg.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\toast\toast_bg.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\toast\toast_btn_call_accept.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\toast\toast_btn_call_bg.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\toast\toast_btn_call_refuse.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\toast\toast_close.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\toast\toast_icon_call_accept.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\toast\toast_icon_call_refuse.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\tray\line_off.ico

c:\program files (x86)\Naver\LINE\res\skin\basic\images\tray\tray_icon_new.ico

c:\program files (x86)\Naver\LINE\res\skin\basic\images\tray\tray_icon_offline.ico

c:\program files (x86)\Naver\LINE\res\skin\basic\images\tray\tray_icon_online.ico

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_icon_call_accept.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_icon_call_refuse.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_icon_mic.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_icon_mic_dim.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol_dim.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol_gray.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol_green.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_win_btn.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_win_thumnail_110.png

c:\program files (x86)\Naver\LINE\res\skin\basic\images\voip\voip_win_thumnail_bg.png

c:\program files (x86)\Naver\LINE\res\skin\basic\invite.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\login.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\loginHelp.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\loginKickout.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\macUpgradeNotice.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\myInfo.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\notice.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\picturePopup.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\QRCodeHelp.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\setting.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\settingBasic.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\settingPrivacy.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\skinMsgBox.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\sticker.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\talk.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\talkAddBuddy.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\talkBuddyList.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\talkChatList.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\test.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\toast.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\uploadPicture.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\voip.nxul

c:\program files (x86)\Naver\LINE\res\skin\basic\windowPositionHelperTester.nxul

c:\program files (x86)\Naver\LINE\res\skin\emoji\emoji_facemark.csv

c:\program files (x86)\Naver\LINE\res\skin\emoji\emoji_icon.csv

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoji_w_001.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoji_w_002.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoji_w_003.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoji_w_004.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoji_w_005.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoji_w_006.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoji_w_007.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoji_w_008.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoji_w_009.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_01s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_02s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_03s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_04s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_05s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_06s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_07s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_08s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_09s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_10s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_11s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_12s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_13s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_14s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_15s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_16s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_17s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_18s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_19s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_20s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_02_21s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_01s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_02s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_03s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_04s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_05s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_06s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_07s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_08s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_09s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_10s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_11s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_03_12s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_01s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_02s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_03s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_04s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_05s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_06s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_07s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_08s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_09s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_10s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_11s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_12s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_04_13s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_01s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_02s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_03s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_04s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_05s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_06s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_07s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_08s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_09s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_10s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_11s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_12s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_13s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_14s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_05_15s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_01s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_02s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_03s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_04s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_05s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_06s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_07s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_08s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_09s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_10s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_11s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_12s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_13s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_14s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_15s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_16s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_17s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_18s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_19s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_20s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_06_21s.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_01.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_02.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_03.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_04.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_05.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_06.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_07.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_08.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_09.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_10.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_11.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_12.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_13.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_14.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_15.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_16.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_17.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_18.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_19.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_20.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_21.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_01.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_02.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_03.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_04.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_05.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_06.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_07.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_08.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_09.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_10.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_11.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_12.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_13.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_14.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_15.png

c:\program files (x86)\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_16.png

c:\program files (x86)\Naver\LINE\res\skin\sticker\gift\gift_1.png

c:\program files (x86)\Naver\LINE\res\skin\sticker\gift\gift_2.png

c:\program files (x86)\Naver\LINE\res\skin\sticker\gift\gift_3.png

c:\program files (x86)\Naver\LINE\res\skin\sticker\gift\gift_4.png

c:\program files (x86)\Naver\LINE\res\skin\sticker\tab\tab00_off.png

c:\program files (x86)\Naver\LINE\res\skin\sticker\tab\tab00_on.png

c:\program files (x86)\Naver\LINE\res\sounds\Bell.wav

c:\program files (x86)\Naver\LINE\res\sounds\VoipEnd.wav

c:\program files (x86)\Naver\LINE\res\sounds\VoipRing.wav

c:\program files (x86)\Naver\LINE\res\sounds\VoipRingback.wav

c:\windows\jestertb.dll

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

E:\autorun.inf

E:\install.exe

E:\Setup.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))

.

.

2012-11-07 10:36 . 2012-11-07 10:39 -------- d-----w- c:\users\SteinwertM\AppData\Roaming\QuickScan

2012-11-06 09:56 . 2012-11-06 10:20 -------- d-----w- c:\users\SteinwertM\DoctorWeb

2012-11-06 08:58 . 2012-11-06 08:58 -------- d-----w- c:\program files (x86)\ESET

2012-11-06 08:52 . 2012-11-06 08:52 -------- d-----w- c:\program files (x86)\ERUNT

2012-11-03 11:42 . 2012-11-03 11:42 -------- d-----w- c:\users\SteinwertM\AppData\Local\IsolatedStorage

2012-11-03 11:41 . 2012-11-03 11:41 -------- d-----w- c:\users\SteinwertM\AppData\Local\NuGet

2012-11-03 11:18 . 2012-11-03 11:18 -------- d-----w- c:\program files (x86)\Microsoft WebMatrix

2012-11-03 11:09 . 2012-11-03 11:10 -------- d-----w- c:\windows\SysWow64\1033

2012-11-03 11:09 . 2012-11-03 11:10 -------- d-----w- c:\windows\system32\1033

2012-11-03 11:06 . 2012-11-03 11:06 -------- d-----w- c:\program files (x86)\MySQL

2012-11-03 11:06 . 2012-11-03 11:06 -------- d-----w- c:\program files\IIS

2012-11-03 11:06 . 2012-11-03 11:06 -------- d-----w- c:\program files (x86)\IIS

2012-11-03 11:04 . 2012-11-03 11:04 -------- d-----w- c:\program files (x86)\IIS Express

2012-11-02 23:11 . 2012-11-03 11:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server

2012-11-02 23:11 . 2012-11-02 23:11 -------- d-----w- c:\program files (x86)\Microsoft SDKs

2012-11-02 23:11 . 2012-11-03 11:09 -------- d-----w- c:\program files\Microsoft SQL Server

2012-11-02 23:10 . 2012-11-03 10:58 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-11-02 23:10 . 2012-11-02 23:10 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET

2012-11-02 23:09 . 2012-11-02 23:10 -------- d-----w- c:\programdata\Package Cache

2012-11-02 22:55 . 2012-11-02 22:55 -------- d-----w- c:\program files\Microsoft

2012-10-23 10:00 . 2012-10-23 10:00 -------- d-----w- c:\users\SteinwertM\AppData\Roaming\Creative

2012-10-23 07:18 . 2012-10-23 07:21 -------- d-----w- c:\users\SteinwertM\AppData\Local\Line

2012-10-20 09:49 . 2012-11-06 08:38 -------- d-----w- c:\programdata\Browser Manager

2012-10-20 09:49 . 2012-10-20 09:49 -------- d-----w- c:\program files (x86)\Noel Danjou

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 10:03 . 2010-05-26 09:49 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 20:10 . 2012-06-11 08:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 20:10 . 2011-05-23 22:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-08 20:10 . 2012-10-08 20:10 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-30 02:54 . 2011-08-13 00:41 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-24 06:55 . 2012-09-24 06:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-24 06:55 . 2012-09-24 06:55 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-24 06:55 . 2011-04-29 04:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-14 23:55 . 2012-09-14 23:46 101680 ----a-w- c:\windows\system32\stkMonitor.dll

2012-08-24 11:15 . 2012-09-23 10:00 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 10:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 10:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 10:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 10:00 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 10:00 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 10:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 10:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 10:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-23 20:43 . 2012-08-23 20:43 1409 ----a-w- c:\windows\SysWow64\tmpD21AF.FOT

2012-08-23 20:43 . 2012-08-23 20:43 1409 ----a-w- c:\windows\SysWow64\tmpB71AF.FOT

2012-08-23 20:43 . 2012-08-23 20:43 1409 ----a-w- c:\windows\SysWow64\tmpFF0AF.FOT

2012-08-23 20:43 . 2012-08-23 20:43 1409 ----a-w- c:\windows\SysWow64\tmp500AF.FOT

2012-08-23 20:43 . 2012-08-23 20:43 1409 ----a-w- c:\windows\SysWow64\tmp430AF.FOT

2012-08-23 20:43 . 2012-08-23 20:43 1409 ----a-w- c:\windows\SysWow64\tmp270AF.FOT

2012-08-23 20:43 . 2012-08-23 20:43 1409 ----a-w- c:\windows\SysWow64\tmp1A0AF.FOT

2012-08-23 20:43 . 2012-08-23 20:43 1409 ----a-w- c:\windows\SysWow64\tmp0D0AF.FOT

2012-08-22 18:12 . 2012-09-12 05:26 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 05:26 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 05:26 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 05:26 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 17:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 20:01 . 2012-09-23 20:47 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 20:01 . 2011-03-18 10:41 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 20:01 . 2011-03-18 10:41 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 17:38 . 2012-10-10 10:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"0C72CEEF7D99E3EDE9C462D5CAF1809AFBAA2958._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]

"Akamai NetSession Interface"="c:\users\SteinwertM\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"Spotify Web Helper"="c:\users\SteinwertM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-19 1193176]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"="c:\users\SteinwertM\program\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-12-08 1159480]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]

"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]

"D-Link D-Link DWA-525"="c:\program files (x86)\D-Link\DWA-525 revA\AirNCFG.exe" [2009-11-25 995328]

"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-525 revA\WZCSLDR2.exe" [2009-11-04 122880]

"iTunesHelper"="c:\prgrams\Itunes\iTunesHelper.exe" [2012-09-10 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]

.

c:\users\SteinwertM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 243072]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-3-23 4577760]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-1-11 9728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files (x86)\D-Link\DWA-525 revA\ANIWZCSdS.exe [2009-11-04 126976]

R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-09-06 80472]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-27 285152]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-05-12 11776]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\DRIVERS\V0250Dev.sys [2007-08-30 201632]

R3 V0250Vfx;V0250Vfx;c:\windows\system32\DRIVERS\V0250Vfx.sys [2006-05-05 10752]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1255736]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-07 15872]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]

S2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe [2009-07-08 40960]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]

S3 netr28x;D-Link 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\Dnetr28x.sys [2009-11-09 787968]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]

S3 wovad_micarray;WO Mic Device;c:\windows\system32\drivers\womic.sys [2012-07-26 59344]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 20:10]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 10:10]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 10:10]

.

2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000Core.job

- c:\users\SteinwertM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-14 10:51]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000UA.job

- c:\users\SteinwertM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-14 10:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 192.168.*.*;*.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

FF - ExtSQL: 2012-10-20 02:49; crossriderapp5060@crossrider.com; c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com

FF - ExtSQL: 2012-10-22 00:42; {9D6218B8-03C7-4b91-AA43-680B305DD35C}; c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi

FF - ExtSQL: 2012-11-07 02:36; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\SteinwertM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

AddRemove-LINE - c:\program files (x86)\Naver\LINE\LineUnInst.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.9"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

c:\program files (x86)\Brownie\brpjp04a.exe

c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2012-11-09 02:28:07 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-09 10:28

.

Pre-Run: 91,734,986,752 bytes free

Post-Run: 91,327,123,456 bytes free

.

- - End Of File - - 314A1C71C587776B68929415E3E153A0

Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    DDS::
    uStart Page = hxxp://www.claro-search.com/?affID=114508&tt=4212_5&babsrc=HP_clro&mntrId=04459479000000000000f07d685e0db7
    mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779
    uProxyOverride = 192.168.*.*;*.local;127.0.0.1:9421;<local>
    uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
    mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
    BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll
    BHO: Savings Sidekick: {11111111-1111-1111-1111-110011501160} -
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\SteinwertM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
    TB: D-Link Toolbar: {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
    TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
    x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779
    Firefox::
    FF - ProfilePath - C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-dlink-ab-en-us&query=
    FF - ExtSQL: 2012-09-10 13:51; playbryte@playbryte.com; C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\playbryte@playbryte.com
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779&q=
    FF - user.js: extensions.funmoods.id - F07D685E0DB79479
    FF - user.js: extensions.funmoods.instlDay - 15593
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:50:51
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - adknlg
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - adknlg
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    FF - user.js: extensions.autoDisableScopes - 14);//Playbryte-fa-bndluser_pref(extensions.claro.tlbrSrchUrl,
    FF - user.js: extensions.claro.id - 04459479000000000000f07d685e0db7
    FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
    FF - user.js: extensions.claro.instlDay - 15633
    FF - user.js: extensions.claro.vrsn - 1.8.3.10
    FF - user.js: extensions.claro.vrsni - 1.8.3.10
    FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.102:50:05
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef - sst
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    File::
    C:\Windows\SysWow64\tmpD21AF.FOT
    C:\Windows\SysWow64\tmpB71AF.FOT
    C:\Windows\SysWow64\tmpFF0AF.FOT
    C:\Windows\SysWow64\tmp500AF.FOT
    C:\Windows\SysWow64\tmp430AF.FOT
    C:\Windows\SysWow64\tmp270AF.FOT
    C:\Windows\SysWow64\tmp1A0AF.FOT
    C:\Windows\SysWow64\tmp0D0AF.FOT
    Folder::
    C:\Program Files (x86)\Claro LTD
    C:\Users\SteinwertM\AppData\Roaming\Babylon
    C:\ProgramData\Babylon
    C:\Users\SteinwertM\AppData\Local\Savings Sidekick
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Please post the new ComboFix log and let me know how your system is running now. :)

Link to post
Share on other sites

unfortuanatly im still getting the Saving sidekick pop ups from websites.

ComboFix 12-11-09.02 - SteinwertM 11/09/2012 19:46:41.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2444 [GMT -8:00]

Running from: c:\users\SteinwertM\Desktop\ComboFix.exe

Command switches used :: c:\users\SteinwertM\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\tmp0D0AF.FOT"

"c:\windows\SysWow64\tmp1A0AF.FOT"

"c:\windows\SysWow64\tmp270AF.FOT"

"c:\windows\SysWow64\tmp430AF.FOT"

"c:\windows\SysWow64\tmp500AF.FOT"

"c:\windows\SysWow64\tmpB71AF.FOT"

"c:\windows\SysWow64\tmpD21AF.FOT"

"c:\windows\SysWow64\tmpFF0AF.FOT"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\D-Link Toolbar\dlinktb.dll

c:\windows\SysWow64\tmp0D0AF.FOT

c:\windows\SysWow64\tmp1A0AF.FOT

c:\windows\SysWow64\tmp270AF.FOT

c:\windows\SysWow64\tmp430AF.FOT

c:\windows\SysWow64\tmp500AF.FOT

c:\windows\SysWow64\tmpB71AF.FOT

c:\windows\SysWow64\tmpD21AF.FOT

c:\windows\SysWow64\tmpFF0AF.FOT

.

.

((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))

.

.

2012-11-10 03:58 . 2012-11-10 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-10 03:58 . 2012-11-10 03:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-11-10 01:45 . 2012-10-17 09:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD2AA7C6-FEFD-402F-B792-C5C61EC6D44F}\mpengine.dll

2012-11-07 10:36 . 2012-11-07 10:39 -------- d-----w- c:\users\SteinwertM\AppData\Roaming\QuickScan

2012-11-06 09:56 . 2012-11-06 10:20 -------- d-----w- c:\users\SteinwertM\DoctorWeb

2012-11-06 08:58 . 2012-11-06 08:58 -------- d-----w- c:\program files (x86)\ESET

2012-11-06 08:52 . 2012-11-06 08:52 -------- d-----w- c:\program files (x86)\ERUNT

2012-11-03 11:42 . 2012-11-03 11:42 -------- d-----w- c:\users\SteinwertM\AppData\Local\IsolatedStorage

2012-11-03 11:41 . 2012-11-03 11:41 -------- d-----w- c:\users\SteinwertM\AppData\Local\NuGet

2012-11-03 11:18 . 2012-11-03 11:18 -------- d-----w- c:\program files (x86)\Microsoft WebMatrix

2012-11-03 11:09 . 2012-11-03 11:10 -------- d-----w- c:\windows\SysWow64\1033

2012-11-03 11:09 . 2012-11-03 11:10 -------- d-----w- c:\windows\system32\1033

2012-11-03 11:06 . 2012-11-03 11:06 -------- d-----w- c:\program files (x86)\MySQL

2012-11-03 11:06 . 2012-11-03 11:06 -------- d-----w- c:\program files\IIS

2012-11-03 11:06 . 2012-11-03 11:06 -------- d-----w- c:\program files (x86)\IIS

2012-11-03 11:04 . 2012-11-03 11:04 -------- d-----w- c:\program files (x86)\IIS Express

2012-11-02 23:11 . 2012-11-03 11:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server

2012-11-02 23:11 . 2012-11-02 23:11 -------- d-----w- c:\program files (x86)\Microsoft SDKs

2012-11-02 23:11 . 2012-11-03 11:09 -------- d-----w- c:\program files\Microsoft SQL Server

2012-11-02 23:10 . 2012-11-03 10:58 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-11-02 23:10 . 2012-11-02 23:10 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET

2012-11-02 23:09 . 2012-11-02 23:10 -------- d-----w- c:\programdata\Package Cache

2012-11-02 22:55 . 2012-11-02 22:55 -------- d-----w- c:\program files\Microsoft

2012-10-23 10:00 . 2012-10-23 10:00 -------- d-----w- c:\users\SteinwertM\AppData\Roaming\Creative

2012-10-23 07:18 . 2012-10-23 07:21 -------- d-----w- c:\users\SteinwertM\AppData\Local\Line

2012-10-20 09:49 . 2012-11-06 08:38 -------- d-----w- c:\programdata\Browser Manager

2012-10-20 09:49 . 2012-10-20 09:49 -------- d-----w- c:\program files (x86)\Noel Danjou

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 10:03 . 2010-05-26 09:49 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 20:10 . 2012-06-11 08:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 20:10 . 2011-05-23 22:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-08 20:10 . 2012-10-08 20:10 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-30 02:54 . 2011-08-13 00:41 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-24 06:55 . 2012-09-24 06:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-24 06:55 . 2012-09-24 06:55 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-24 06:55 . 2011-04-29 04:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-14 23:55 . 2012-09-14 23:46 101680 ----a-w- c:\windows\system32\stkMonitor.dll

2012-09-14 19:19 . 2012-10-10 10:47 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 10:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 10:47 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 10:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 10:47 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 10:47 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-10 10:47 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 10:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-23 10:00 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 10:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 10:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 10:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 10:00 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 10:00 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 10:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 10:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 10:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 05:26 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 05:26 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 05:26 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 05:26 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 17:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 20:01 . 2012-09-23 20:47 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 20:01 . 2011-03-18 10:41 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 20:01 . 2011-03-18 10:41 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 18:48 . 2012-10-10 10:47 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 10:47 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 10:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 10:47 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 10:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 10:47 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 10:47 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 10:47 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 10:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 10:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 10:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 10:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 10:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 10:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 10:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]

c:\users\SteinwertM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"0C72CEEF7D99E3EDE9C462D5CAF1809AFBAA2958._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]

"Akamai NetSession Interface"="c:\users\SteinwertM\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"Spotify Web Helper"="c:\users\SteinwertM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-19 1193176]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"="c:\users\SteinwertM\program\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-12-08 1159480]

"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]

"D-Link D-Link DWA-525"="c:\program files (x86)\D-Link\DWA-525 revA\AirNCFG.exe" [2009-11-25 995328]

"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-525 revA\WZCSLDR2.exe" [2009-11-04 122880]

"iTunesHelper"="c:\prgrams\Itunes\iTunesHelper.exe" [2012-09-10 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]

.

c:\users\SteinwertM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 243072]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-3-23 4577760]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-1-11 9728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-07 15872]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 20:10]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 10:10]

.

2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 10:10]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000Core.job

- c:\users\SteinwertM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-14 10:51]

.

2012-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000UA.job

- c:\users\SteinwertM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-14 10:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 192.168.*.*;*.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

FF - ExtSQL: 2012-10-20 02:49; crossriderapp5060@crossrider.com; c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com

FF - ExtSQL: 2012-10-22 00:42; {9D6218B8-03C7-4b91-AA43-680B305DD35C}; c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi

FF - ExtSQL: 2012-11-07 02:36; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe

AddRemove-LINE - c:\program files (x86)\Naver\LINE\LineUnInst.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.9"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-09 20:03:16

ComboFix-quarantined-files.txt 2012-11-10 04:03

ComboFix2.txt 2012-11-09 10:28

.

Pre-Run: 91,135,426,560 bytes free

Post-Run: 90,762,616,832 bytes free

.

- - End Of File - - C226433525A2568FCCD0E37F262FB8B8

Link to post
Share on other sites

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

here is the OTL.txt

OTL logfile created on: 11/11/2012 2:25:42 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SteinwertM\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 63.97% Memory free

8.00 Gb Paging File | 6.32 Gb Available in Paging File | 79.05% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 84.64 Gb Free Space | 18.18% Space Free | Partition Type: NTFS

Drive D: | 450.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 596.02 Gb Total Space | 313.38 Gb Free Space | 52.58% Space Free | Partition Type: FAT32

Computer Name: STEINWERTM-PC | User Name: SteinwertM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Users\SteinwertM\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

PRC - C:\Users\SteinwertM\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

PRC - C:\Users\SteinwertM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Users\SteinwertM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()

PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()

PRC - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()

PRC - C:\Users\SteinwertM\program\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\Program Files (x86)\D-Link\DWA-525 revA\AirNCFG.exe (D-Link Corp.)

PRC - C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWZCSdS.exe (Wireless Service)

PRC - C:\Program Files (x86)\D-Link\DWA-525 revA\WZCSLDR2.exe (Wireless Service)

PRC - C:\Program Files (x86)\Brownie\brpjp04a.exe (brother)

PRC - C:\Windows\V0250Mon.exe (Creative Technology Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Users\SteinwertM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

MOD - C:\Program Files (x86)\D-Link\DWA-525 revA\ANPDApi.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()

MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()

MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll ()

MOD - C:\Program Files (x86)\D-Link\DWA-525 revA\wlanapp.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation)

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll ()

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()

SRV - (WSWNA3100) -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (D_Link_DWA-525) -- C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWZCSdS.exe (Wireless Service)

SRV - (DAUpdaterSvc) -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (D_Link_DWA-525_WPS) -- C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe ()

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (wovad_micarray) -- C:\Windows\SysNative\drivers\womic.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)

DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)

DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)

DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()

DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()

DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\Dnetr28x.sys (Ralink Technology, Corp.)

DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (motandroidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)

DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (anodlwf) -- C:\Windows\SysNative\drivers\anodlwfx.sys ()

DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)

DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)

DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)

DRV:64bit: - (V0250Dev) -- C:\Windows\SysNative\drivers\V0250Dev.sys (Creative Technology Ltd.)

DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)

DRV:64bit: - (BrPar) -- C:\Windows\SysNative\drivers\brpar64a.sys (Brother Industries Ltd.)

DRV:64bit: - (V0250Vfx) -- C:\Windows\SysNative\drivers\V0250Vfx.sys (EyePower Games Pte. Ltd.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - SOFTWARE\Classes\CLSID\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d}\InprocServer32 File not found

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779

IE - HKLM\..\SearchScopes\{7E3E9319-47C4-60BC-518B-0F526EC707F6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 55 70 26 E9 E7 CC 01 [binary data]

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - SOFTWARE\Classes\CLSID\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d}\InprocServer32 File not found

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0FtDyB0DyCzzyD0EtD0D0ByBzyyEyBzytN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=71805779

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes\{12135F16-80E8-4323-ACF4-5D4D7D483407}: "URL" = http://www.mysearchresults.com/search?&c=4200&t=11&q={searchTerms}

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes\{7E3E9319-47C4-60BC-518B-0F526EC707F6}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "AOL Search"

FF - prefs.js..backup.old.browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"

FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15

FF - prefs.js..extensions.enabledAddons: crossriderapp5060@crossrider.com:0.85.36

FF - prefs.js..extensions.enabledAddons: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:3.3

FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0

FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8

FF - prefs.js..extensions.enabledItems: {926a10d2-4ce7-4331-b96f-ca4e22590fac}:5.45.3.3629

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Prgrams\Itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\SteinwertM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\SteinwertM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SteinwertM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SteinwertM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:16:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 07:38:38 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension

[2010/05/26 01:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Extensions

[2012/11/09 01:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions

[2012/05/20 01:59:51 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}

[2012/10/21 23:42:43 | 000,000,000 | ---D | M] (Procon Latte Content Filter) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}

[2012/11/07 02:36:53 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2012/10/20 01:49:28 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com

[2012/10/20 01:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode

[2012/10/21 23:42:43 | 000,052,184 | ---- | M] () (No name found) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi

[2012/09/14 15:55:04 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

[2012/05/20 01:59:59 | 000,002,269 | ---- | M] () -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\searchplugins\aol-search.xml

[2012/10/13 07:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/13 07:38:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/10/26 18:16:09 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/09/09 01:41:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/13 07:38:40 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: iTunes Application Detector (Enabled) = C:\Prgrams\Itunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - Extension: YouTube = C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Star Legends = C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\Default\Extensions\chcaflnbhnoegjedbjaamecefhglfamc\1.1.1.2_0\

CHR - Extension: Google Search = C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\SteinwertM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/09 19:59:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\SteinwertM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll File not found

O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)

O4 - HKLM..\Run: [D-Link D-Link DWA-525] C:\Program Files (x86)\D-Link\DWA-525 revA\AirNCFG.exe (D-Link Corp.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Users\SteinwertM\program\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-525 revA\WZCSLDR2.exe (Wireless Service)

O4 - HKU\S-1-5-21-3009903324-944403242-2419885812-1000..\Run: [0C72CEEF7D99E3EDE9C462D5CAF1809AFBAA2958._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\S-1-5-21-3009903324-944403242-2419885812-1000..\Run: [Akamai NetSession Interface] C:\Users\SteinwertM\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-3009903324-944403242-2419885812-1000..\Run: [spotify Web Helper] C:\Users\SteinwertM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\SteinwertM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\SteinwertM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\SteinwertM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96D28906-A425-45B5-8B35-40C9E7EE03D0}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B05DF728-6929-4C74-8552-DEC8E685E1DE}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/19 22:58:38 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/11 14:23:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SteinwertM\Desktop\OTL.exe

[2012/11/09 20:06:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/09 20:03:18 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/09 19:45:27 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/11/09 02:01:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/09 02:01:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/09 02:01:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/09 01:52:12 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/09 01:40:46 | 004,998,937 | R--- | C] (Swearware) -- C:\Users\SteinwertM\Desktop\ComboFix.exe

[2012/11/07 02:51:26 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\Desktop\kill the addon

[2012/11/07 02:36:58 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\AppData\Roaming\QuickScan

[2012/11/06 01:56:51 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\DoctorWeb

[2012/11/06 00:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/11/06 00:53:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/11/06 00:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/11/06 00:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/11/03 03:42:05 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\AppData\Local\IsolatedStorage

[2012/11/03 03:41:27 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\AppData\Local\NuGet

[2012/11/03 03:19:43 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\Documents\My Web Sites

[2012/11/03 03:19:43 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\Documents\IISExpress

[2012/11/03 03:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix

[2012/11/03 03:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WebMatrix

[2012/11/03 03:09:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033

[2012/11/03 03:09:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033

[2012/11/03 03:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL

[2012/11/03 03:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySQL

[2012/11/03 03:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\IIS

[2012/11/03 03:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS

[2012/11/03 03:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express

[2012/11/02 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2012/11/02 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs

[2012/11/02 15:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2012/11/02 15:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2012/11/02 15:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET

[2012/11/02 15:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache

[2012/11/02 14:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2012/10/23 02:00:51 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\Documents\Live! Cam Center

[2012/10/23 02:00:47 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\AppData\Roaming\Creative

[2012/10/22 23:18:01 | 000,000,000 | ---D | C] -- C:\Users\SteinwertM\AppData\Local\Line

[2012/10/22 23:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE

[2012/10/20 01:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager

[2012/10/20 01:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Noel Danjou

[2012/10/13 07:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/11 14:24:35 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/11 14:24:35 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/11 14:23:21 | 000,784,346 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/11 14:23:21 | 000,663,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/11 14:23:21 | 000,122,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/11 14:17:26 | 000,000,435 | ---- | M] () -- C:\Windows\Brownie.ini

[2012/11/11 14:17:22 | 000,003,284 | ---- | M] () -- C:\Users\SteinwertM\AppData\Roaming\ANIWZCS{96D28906-A425-45B5-8B35-40C9E7EE03D0}

[2012/11/11 14:17:18 | 000,000,011 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{96D28906-A425-45B5-8B35-40C9E7EE03D0}

[2012/11/11 14:16:53 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/11 14:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/11 14:16:34 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/09 20:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/09 20:08:13 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000UA.job

[2012/11/09 20:06:52 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{96D28906-A425-45B5-8B35-40C9E7EE03D0}

[2012/11/09 19:59:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/09 19:56:44 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/09 19:40:29 | 004,998,937 | R--- | M] (Swearware) -- C:\Users\SteinwertM\Desktop\ComboFix.exe

[2012/11/09 05:30:41 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012/11/09 04:08:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000Core.job

[2012/11/06 11:10:44 | 000,003,505 | ---- | M] () -- C:\Users\SteinwertM\Documents\DrWeb.csv

[2012/11/06 07:37:49 | 098,322,920 | ---- | M] () -- C:\Users\SteinwertM\Desktop\drweb-cureit.exe

[2012/11/06 01:29:16 | 000,002,120 | ---- | M] () -- C:\scu.dat

[2012/11/04 02:24:52 | 000,778,070 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/11/02 23:49:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/28 18:35:04 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/10/26 18:16:11 | 000,002,044 | ---- | M] () -- C:\Users\SteinwertM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/10/24 01:42:24 | 000,004,608 | ---- | M] () -- C:\Users\SteinwertM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/10/22 23:17:58 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\LINE.lnk

[2012/10/20 01:48:55 | 000,308,999 | ---- | M] () -- C:\Users\SteinwertM\Desktop\amcap.zip

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/09 02:01:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/09 02:01:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/09 02:01:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/09 02:01:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/09 02:01:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/06 02:26:39 | 098,322,920 | ---- | C] () -- C:\Users\SteinwertM\Desktop\drweb-cureit.exe

[2012/11/06 02:22:27 | 000,003,505 | ---- | C] () -- C:\Users\SteinwertM\Documents\DrWeb.csv

[2012/11/06 01:19:20 | 000,002,120 | ---- | C] () -- C:\scu.dat

[2012/11/02 15:09:03 | 000,778,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/11/02 14:55:22 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk

[2012/10/22 23:17:58 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\LINE.lnk

[2012/10/20 01:49:17 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMCap.lnk

[2012/10/20 01:48:53 | 000,308,999 | ---- | C] () -- C:\Users\SteinwertM\Desktop\amcap.zip

[2012/10/14 03:03:42 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000UA.job

[2012/10/14 03:03:40 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000Core.job

[2012/06/24 14:41:44 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/04/11 19:04:43 | 000,000,253 | ---- | C] () -- C:\Users\SteinwertM\AppData\Roaming\ANICONFIG_{96D28906-A425-45B5-8B35-40C9E7EE03D0}.ini

[2012/03/06 16:04:08 | 000,003,284 | ---- | C] () -- C:\Users\SteinwertM\AppData\Roaming\ANIWZCS{96D28906-A425-45B5-8B35-40C9E7EE03D0}

[2012/03/06 16:03:18 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe

[2012/02/23 18:40:16 | 000,003,284 | ---- | C] () -- C:\Users\SteinwertM\AppData\Roaming\ANIWZCS{D81DC66F-8EDF-4556-A96F-A97593090EAA}

[2011/12/12 15:25:14 | 000,016,218 | -HS- | C] () -- C:\Users\SteinwertM\AppData\Local\gxinlh7k4nei2qoa2gfu5x365g4s

[2011/12/12 15:25:14 | 000,016,218 | -HS- | C] () -- C:\ProgramData\gxinlh7k4nei2qoa2gfu5x365g4s

[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/12/05 18:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011/12/05 18:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/10/31 15:00:08 | 000,000,253 | ---- | C] () -- C:\Users\SteinwertM\AppData\Roaming\ANICONFIG_{E22F64DC-5393-477A-AC21-53C8130314FF}.ini

[2011/09/30 18:44:09 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/08/16 00:57:15 | 000,004,608 | ---- | C] () -- C:\Users\SteinwertM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/15 17:10:39 | 000,000,031 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2010/10/20 18:34:55 | 000,003,284 | ---- | C] () -- C:\Users\SteinwertM\AppData\Roaming\ANIWZCS{E22F64DC-5393-477A-AC21-53C8130314FF}

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/16 14:35:40 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\.minecraft

[2011/05/26 02:30:18 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\.Nitrous

[2011/09/05 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\Day 1 Studios

[2012/11/11 14:17:57 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\Dropbox

[2011/07/24 17:50:52 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\Eclipse

[2010/09/21 16:50:45 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\EPSON

[2012/09/10 12:37:50 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\iPodtoComputer

[2010/06/21 13:27:03 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\Mount&Blade Warband

[2012/01/07 23:13:39 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\Origin

[2012/06/24 14:41:43 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\PunkBuster

[2012/11/07 02:39:58 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\QuickScan

[2012/09/14 00:17:32 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\RIFT

[2012/10/09 01:51:04 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\Spotify

[2011/07/24 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\SPSSInc

[2011/04/28 20:48:14 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\SystemRequirementsLab

[2012/10/17 03:22:03 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\TS3Client

[2012/10/17 03:22:03 | 000,000,000 | ---D | M] -- C:\Users\SteinwertM\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old\Windows\SysWOW64\explorer.exe

[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe

[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows.old\Windows\explorer.exe

[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\$WINDOWS.~BT\Windows\System32\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe

[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\$WINDOWS.~BT\Windows\System32\userinit.exe

[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe

[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\$WINDOWS.~BT\Windows\System32\winlogon.exe

[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\System32\winlogon.exe

[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 11/11/2012 2:25:42 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SteinwertM\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 63.97% Memory free

8.00 Gb Paging File | 6.32 Gb Available in Paging File | 79.05% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 84.64 Gb Free Space | 18.18% Space Free | Partition Type: NTFS

Drive D: | 450.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 596.02 Gb Total Space | 313.38 Gb Free Space | 52.58% Space Free | Partition Type: FAT32

Computer Name: STEINWERTM-PC | User Name: SteinwertM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3009903324-944403242-2419885812-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OpenAsAWebSite] -- C:\Program Files (x86)\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OpenAsAWebSite] -- C:\Program Files (x86)\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0172ED41-8904-4FDE-A660-BDC7BBDA66A7}" = lport=65356 | protocol=6 | dir=in | name=akamai netsession interface |

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{183EAE63-C2C0-41FA-90C1-3C4827B0197B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1C1707C8-474F-40E9-A540-552EDF3FFDCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{22F465BA-C838-46E4-9563-B6C4A5B79FE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{46F25B20-3994-478C-AA0D-B16128E82610}" = lport=138 | protocol=17 | dir=in | app=system |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{5AC4C1A1-8DA9-4DAA-A4F1-37C13D21BDD1}" = rport=137 | protocol=17 | dir=out | app=system |

"{5C7DC457-3E52-4D44-863E-075CBF2DA335}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6C63AEC5-CBC6-420C-A791-B7DBB0708204}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{74FD9378-72F5-4BCB-A99D-DF1291F66E2B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{8174C6D1-FDA6-4688-A7B7-DD4289D62309}" = rport=139 | protocol=6 | dir=out | app=system |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{87FD4555-11AD-4815-BB80-BEB04A799589}" = lport=10243 | protocol=6 | dir=in | app=system |

"{8FD8AB52-BA17-4E83-8B1D-58F2FBB9BA4B}" = rport=138 | protocol=17 | dir=out | app=system |

"{9166E7E5-48F3-46D8-902E-6FC30D1AF9CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9905BEE2-7C55-496D-907E-72A271D22C93}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{A304C791-9992-4906-AA54-E26495F382BC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AB926527-D6DB-4989-862F-C38C3C729450}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B1A353AE-D4AE-4FC1-BA31-1BF6F65A6A84}" = lport=137 | protocol=17 | dir=in | app=system |

"{B4B583C3-3E7E-45AC-91F7-6AD7F15EA9F5}" = lport=49228 | protocol=6 | dir=in | name=akamai netsession interface |

"{B65AF8ED-B55D-4F32-991A-4A290291AB0C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B9F3F7FE-BD58-4C83-AA43-7DAC97BB84A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BBBEBCA6-24E1-462F-AE76-20BD7F159B04}" = lport=139 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C002829D-327C-460D-A16B-9AC5974C7D4F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CF507148-3626-4E54-A2E0-A41832062424}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DC47ABCC-C200-4E33-848F-50B70DAAC54B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DED6617F-3BD1-4BA6-B706-D53EFEBE4D67}" = rport=445 | protocol=6 | dir=out | app=system |

"{E948ABB0-4976-4296-8ED4-7B20A272C75E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{ECBB57FB-E481-4923-90B2-CB4D7E746335}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F9C39AD6-BEF1-4F8D-BBBE-0CABFBDD131E}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{016289F2-E0E5-4D31-B553-CB1EE70D6EA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0423B993-DBA5-4A1A-B352-A0D0674A110F}" = protocol=6 | dir=in | app=c:\tools\utorrent.exe |

"{0C618C05-4F88-48AE-B8CE-AC360FD7807A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{121BA817-CB77-4563-8B41-511F32FD02D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{182EC102-8D3F-494F-ABAD-371217FE2715}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{1E305C39-53D5-420D-A663-3CC943484AF7}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |

"{250CF4AD-2E8F-44B7-ADA0-D5243E74CAC6}" = protocol=6 | dir=in | app=c:\games\dragon age\bin_ship\daupdatersvc.service.exe |

"{25102568-6402-46B5-9D68-E1C3633CCAE7}" = protocol=17 | dir=in | app=c:\games\dragon age\bin_ship\daupdatersvc.service.exe |

"{251D2B8B-1EB9-450B-8681-4CF59B28BD2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{25E3D6B4-8F1E-4683-8DB1-6DD4ABD5AF56}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |

"{26226EC9-FC43-4435-BA7B-B73D4F772763}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe |

"{2A71CF66-3ABB-4D6B-837D-B0E28826228C}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{311F2546-5B1D-4964-8AA3-EAB866238FD4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{381DCC9E-38B9-4998-AAAC-42CC601ABD5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{38E1BC78-9366-4528-A92B-E0D52C1C19D0}" = protocol=6 | dir=in | app=c:\games\dragon age\bin_ship\daorigins.exe |

"{421147E4-79D5-47DE-B536-9D586B111B03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{46F47498-F159-4912-B183-548976BAF924}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{4872A5B1-5621-4D50-AE63-E3B09485ACED}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{4DC2BDF0-8657-4AC3-8471-8D0856EB31B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{52D31D26-0B17-4107-B527-5611B05727E3}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{552697E4-EED0-4635-BB30-2DD922EB1FF4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{5571228B-83AA-4075-9FD5-E906A627D99F}" = protocol=6 | dir=in | app=c:\games\prototype\prototypef.exe |

"{557A3A6B-BDE4-496C-BAC5-204E97D25EC5}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{594D61DD-76B6-4CA9-A7AA-8A56B020C328}" = dir=in | app=c:\prgrams\itunes\itunes.exe |

"{5D479185-BACB-404F-85D2-CBCE9EADC871}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{666ECE2A-2B1B-462B-ADC5-CBAD0F175C9F}" = protocol=58 | dir=in | app=system |

"{674185E4-856A-4F47-AE0F-015737DDBE20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{685B40BA-9ABE-41E8-A454-699E553B0A9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{68C0756E-3A06-4D37-8B37-9E5CDF48E975}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{78BC2C30-2D2C-4639-A885-322DFAE9EDF1}" = protocol=6 | dir=in | app=c:\games\dragon age\daoriginslauncher.exe |

"{7B4D2785-DDC4-4C5A-B0FF-550C1AEB9255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{7BB19A53-0484-4CD4-8CED-2CE2548F1377}" = protocol=17 | dir=in | app=c:\games\prototype\prototypef.exe |

"{8220747B-3100-496D-9232-295944AC2870}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8416EFA0-4749-46B7-AE15-AF6952EB67B1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{925CF3D2-B9A3-4591-B7F3-F68EA3A09B8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{930689C2-9D85-4A83-BB12-EF46B49E7BE7}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |

"{933CC1DF-E609-4D92-B962-D36AE63B44B2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{975DE96A-A938-425A-8A91-2D1214024A27}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe |

"{9A77C736-36E3-4719-93E7-8C6144DD9296}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{9E697865-7186-4E48-B344-10C03502DE00}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9EDD4747-ABA4-445D-B804-3AD56B769B49}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AA0CB344-FA08-4836-BA24-4C47527B3BC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{AA89FBE3-A1BE-4029-825E-6EB3E9837575}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{AD368BC4-7714-440D-A80C-6133C764D2EA}" = protocol=17 | dir=in | app=c:\games\dragon age\daoriginslauncher.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{CBF7C97F-8255-44EB-A402-1389DDB6102C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D592B9F8-E845-4F9D-BA00-67CB6FFD8E86}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |

"{D8844587-5C89-4744-89E9-A493187A0778}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{D9F8442D-A3DA-4E8D-8FA0-472273A6585A}" = protocol=17 | dir=in | app=c:\tools\utorrent.exe |

"{E0F632E7-84BE-4ED2-BA7C-A669C2D6A5E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EFDE581B-98FD-4E56-8D25-586776408D30}" = protocol=6 | dir=in | app=c:\users\steinwertm\appdata\roaming\dropbox\bin\dropbox.exe |

"{F098C150-55B9-4FF8-972C-AC3BC30415CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F55029B5-5659-4883-9B00-DACFB27C139D}" = protocol=17 | dir=in | app=c:\users\steinwertm\appdata\roaming\dropbox\bin\dropbox.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F96DE754-0204-4BAD-9DF9-DA8E49A51EFB}" = protocol=17 | dir=in | app=c:\games\dragon age\bin_ship\daorigins.exe |

"{FA2B1A0A-D399-4A3F-A6CF-499921A3F888}" = protocol=6 | dir=out | app=system |

"TCP Query User{0C652D23-24EC-4717-AE25-6169C50DD550}C:\program files (x86)\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\19\jre\bin\javaw.exe |

"TCP Query User{289DCFDC-CE30-4173-BC06-4B0F6CAD8FE8}C:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base15405\sc2.exe |

"TCP Query User{2DA7FDEF-82CF-45A8-B23D-DEC31BF3B23B}C:\prgrams\spss18\paswstat.exe" = protocol=6 | dir=in | app=c:\prgrams\spss18\paswstat.exe |

"TCP Query User{387C40E2-9216-49C7-8A77-B11590B9FA4D}C:\program files\hunted the demons forge\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=c:\program files\hunted the demons forge\binaries\win32\p4dftre.dll |

"TCP Query User{510BA147-9201-46D9-952F-EE25138A07D2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{68E04169-3561-4D20-B859-CD0B9B8B5135}C:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base15405\sc2.exe |

"TCP Query User{7173CAA1-7CFF-42D0-B4D6-87A5F6AE7C9B}C:\python26\pythonw.exe" = protocol=6 | dir=in | app=c:\python26\pythonw.exe |

"TCP Query User{816AD221-4377-447D-8CDC-FDDC9A027538}C:\program files (x86)\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\19\stats.exe |

"TCP Query User{94850140-346D-4F9C-BF47-2F9F0BB0126B}E:\spss17\statistics.exe" = protocol=6 | dir=in | app=e:\spss17\statistics.exe |

"TCP Query User{A423DED0-2F26-4D47-82CF-4626B9FA97BE}E:\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=e:\dragon age\bin_ship\daorigins.exe |

"TCP Query User{B141F806-B5FE-4AC9-8C99-6E29DE6D3BDB}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe |

"TCP Query User{BA8A75CE-7B6C-4263-AAC4-3653DCD29ACE}C:\games\dungeons and dragons daggerdale\binaries\win32\dndgame.exe" = protocol=6 | dir=in | app=c:\games\dungeons and dragons daggerdale\binaries\win32\dndgame.exe |

"TCP Query User{BE19B5A3-1E9A-465B-831A-BD254A1B8DD0}C:\users\steinwertm\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\steinwertm\appdata\local\akamai\netsession_win.exe |

"TCP Query User{CF084906-CADB-4D37-9824-398D9AB8A2A5}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{D916B700-FA5E-413F-B4B7-2AE82FFF6A98}C:\tmp\vivox\vivoxvoiceservice.exe" = protocol=6 | dir=in | app=c:\tmp\vivox\vivoxvoiceservice.exe |

"TCP Query User{FC77C70B-CB26-4425-A1EC-05CA622F19BA}C:\python25\pythonw.exe" = protocol=6 | dir=in | app=c:\python25\pythonw.exe |

"TCP Query User{FEDFFDE5-FF0E-4D12-B61C-55B0918D5CFC}C:\users\steinwertm\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\steinwertm\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{0CAB1395-D203-4FE6-84AA-9C9F75F7E20A}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{0E13BC9A-38D3-4FF3-A83B-26239EDD166B}C:\python25\pythonw.exe" = protocol=17 | dir=in | app=c:\python25\pythonw.exe |

"UDP Query User{0F3C5D8C-17AB-47D4-856B-595E51E0CAF6}C:\program files (x86)\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\19\jre\bin\javaw.exe |

"UDP Query User{1B31C5B0-8594-4BBA-AAEA-8F03C52A787F}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe |

"UDP Query User{26B64950-0793-4E9B-9DA1-3781DEACC8D2}C:\program files (x86)\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\19\stats.exe |

"UDP Query User{2A572483-6931-45B9-85D2-C28713D8462A}C:\tmp\vivox\vivoxvoiceservice.exe" = protocol=17 | dir=in | app=c:\tmp\vivox\vivoxvoiceservice.exe |

"UDP Query User{35A45293-956E-46D5-A35B-0E22EC30D289}C:\program files\hunted the demons forge\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=c:\program files\hunted the demons forge\binaries\win32\p4dftre.dll |

"UDP Query User{52EE1C28-F274-41C0-AA5B-1DFEE1D09B52}C:\users\steinwertm\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\steinwertm\appdata\local\akamai\netsession_win.exe |

"UDP Query User{6A742DAB-106F-44CC-801D-D186C3A6092A}C:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base15405\sc2.exe |

"UDP Query User{6B5179FF-93E2-4A18-BA0E-30582E3B627B}E:\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=e:\dragon age\bin_ship\daorigins.exe |

"UDP Query User{745BF192-52C5-4011-AE88-B19F411CBA56}C:\games\dungeons and dragons daggerdale\binaries\win32\dndgame.exe" = protocol=17 | dir=in | app=c:\games\dungeons and dragons daggerdale\binaries\win32\dndgame.exe |

"UDP Query User{9F4553F6-F21A-42B3-8A99-7AF020CEDE7B}C:\python26\pythonw.exe" = protocol=17 | dir=in | app=c:\python26\pythonw.exe |

"UDP Query User{B84797C8-D0ED-4203-A69E-F9274F578645}C:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base15405\sc2.exe |

"UDP Query User{BD7E32FD-E0E8-4217-AF46-47A826A52EA1}E:\spss17\statistics.exe" = protocol=17 | dir=in | app=e:\spss17\statistics.exe |

"UDP Query User{BEC3ED4C-4F74-494F-A710-A9F5167C86F4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{C0D4890B-E4CE-479E-A490-54CD4A23E04C}C:\prgrams\spss18\paswstat.exe" = protocol=17 | dir=in | app=c:\prgrams\spss18\paswstat.exe |

"UDP Query User{F48BD0F6-ABC9-4D19-B87B-11413AC655F2}C:\users\steinwertm\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\steinwertm\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1CCF1727-A817-4FEE-A028-5466FB542934}" = Motorola Mobile Drivers Installation 5.2.0

"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java 6 Update 25 (64-bit)

"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java 7 Update 1 (64-bit)

"{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BD}" = Python 2.5.4 (64 bit)

"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework

"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client

"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client

"{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java SE Development Kit 7 Update 1 (64-bit)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7363BA97-2FCD-4343-8B31-9DD3CCC30F1B}" = IBM SPSS Statistics - Essentials for Python 19 64bit

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{75E2C40C-4345-4DD0-B5B3-B8EB92EEECB5}" = Microsoft Web Platform Installer 4.0

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010

"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation

"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64

"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0

"{ABE286AE-C65D-B7DE-C8D1-DF79584169B4}" = AMD Fuel

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{e7394a0f-3f80-45b1-87fc-abcd51893247}" = Python 2.6.4 (64-bit)

"{EDB80696-A3B3-438B-B874-C7A14318B799}" = PASW Statistics-Python Integration Plugin18-64bit

"{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders

"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FAF57A91-58B3-490C-9D0C-66337DAD3F11}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"CCleaner" = CCleaner

"Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.04.02.0000)

"Cucusoft iPad/iPhone/iPod to Computer Transfer_is1" = iPad/iPhone/iPod to Computer Transfer 7.7.7

"EPSON Printer and Utilities" = EPSON Printer Software

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"R for Windows 2.15.0_is1" = R for Windows 2.15.0

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19

"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional

"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian

"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff

"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish

"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English

"{1DEB8A37-56C9-4E41-9102-171D8EC91DF0}" = D-Link DWA-525

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations

"{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}" = IIS 7.5 Express

"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish

"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin

"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish

"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night

"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C26F7D9-CE4B-4E08-BBD5-6AC208C9E469}" = Brother HL-5370DW

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish

"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI

"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German

"{82284382-30E3-4DED-980B-746278DA6CC2}" = Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}" = Debugging Tools for Windows (x86)

"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects

"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial

"{90BA95BF-33B6-4B97-A45C-CAD73CEAD89B}" = Microsoft WebMatrix 2

"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions

"{92E19B5A-1985-49BF-9022-9CF4AD652C72}" = MySQL Connector Net 6.5.4

"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese

"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy

"{A51500FE-6408-4305-B071-B961F691A4CE}" = Microsoft SQL Server Compact 4.0 Web Tools ENU

"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi

"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures

"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter

"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18

"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean

"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = AMD VISION Engine Control Center

"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{cb29be6c-39c4-493e-9da7-d585d5353714}" = Microsoft ASP.NET Web Pages 2

"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek

"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian

"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012

"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch

"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows

"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime

"{EAC93E1D-4807-43E2-B39A-8170B731B7D0}" = RSDLite

"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EF14CED5-C9AA-4044-B82C-4ED7F83E8EAE}" = MD5 Calculator

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition

"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian

"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Akamai" = Akamai NetSession Interface Service

"AMCap" = AMCap

"Bejeweled 31.0" = Bejeweled 3

"CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1" = Divinity II - DKS

"CDisplay_is1" = CDisplay 1.8

"Creative Live! Cam Center" = Creative Live! Cam Center

"Diablo III" = Diablo III

"D-Link Toolbar" = D-Link Toolbar

"Dungeons and Dragons Daggerdale_is1" = Dungeons and Dragons Daggerdale

"EGREEN" = ASUS E-Green Uninstall

"E-Hammer1.0.0" = E-Hammer

"EPSON Scanner" = EPSON Scan

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Google Chrome" = Google Chrome

"Hunted The Demons Forge_is1" = Hunted The Demons Forge

"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype

"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning

"LINE" = LINE

"LogMeIn Hamachi" = LogMeIn Hamachi

"Lord of the Rings - War in the North_is1" = Lord of the Rings - War in the North

"Magic The Gathering - Duels of the Planeswalkers 2013_is1" = Magic The Gathering - Duels of the Planeswalkers 2013

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Minecraft Cracked" = Minecraft Cracked

"MotoHelper" = MotoHelper 2.0.51 Driver 5.1.0

"Mount&Blade Warband" = Mount&Blade Warband

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NirSoft BlueScreenView" = NirSoft BlueScreenView

"Origin" = Origin

"PowerISO" = PowerISO

"PunkBusterSvc" = PunkBuster Services

"SendToKindle" = Amazon Send to Kindle

"StarCraft II" = StarCraft II

"Steam App 22380" = Fallout: New Vegas

"Steam App 440" = Team Fortress 2

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 97340" = Magic: The Gathering - Duels of the Planeswalkers 2013 Demo

"The KMPlayer" = The KMPlayer 3.0.0.1441R2

"The Rosetta Stone" = The Rosetta Stone

"Transformers Fall of Cybertron_is1" = Transformers Fall of Cybertron

"uTorrent" = µTorrent

"Winamp" = Winamp

"WOMic" = WO Mic Client

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3009903324-944403242-2419885812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Dropbox" = Dropbox

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/6/2012 6:27:13 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "E:\downloads\SoftonicDownloader_for_amcap.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/6/2012 4:00:06 PM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".Error

in manifest or policy file "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"

on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"

is invalid.

Error - 11/6/2012 4:00:58 PM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".Error

in manifest or policy file "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"

on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"

is invalid.

Error - 11/6/2012 4:01:07 PM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".

Dependent

Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/6/2012 4:02:46 PM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll".Error

in manifest or policy file "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll" on

line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"

is invalid.

Error - 11/6/2012 4:03:22 PM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/7/2012 4:30:49 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".Error

in manifest or policy file "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"

on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"

is invalid.

Error - 11/7/2012 4:31:21 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".Error

in manifest or policy file "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"

on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"

is invalid.

Error - 11/7/2012 4:31:26 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".

Dependent

Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/7/2012 4:32:15 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll".Error

in manifest or policy file "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll" on

line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"

is invalid.

Error - 11/7/2012 4:32:37 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/8/2012 4:31:12 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".Error

in manifest or policy file "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"

on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"

is invalid.

Error - 11/8/2012 4:32:08 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".Error

in manifest or policy file "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"

on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"

is invalid.

Error - 11/8/2012 4:32:16 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".

Dependent

Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/8/2012 4:33:38 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll".Error

in manifest or policy file "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll" on

line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"

is invalid.

Error - 11/8/2012 4:34:10 AM | Computer Name = SteinwertM-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]

Error - 11/9/2012 6:20:23 AM | Computer Name = SteinwertM-PC | Source = Service Control Manager | ID = 7000

Description = The Web Deployment Agent Service service failed to start due to the

following error: %%31

Error - 11/9/2012 11:36:42 PM | Computer Name = SteinwertM-PC | Source = Service Control Manager | ID = 7031

Description = The avast! Antivirus service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 5000 milliseconds:

Restart the service.

Error - 11/9/2012 11:36:56 PM | Computer Name = SteinwertM-PC | Source = Service Control Manager | ID = 7031

Description = The avast! Antivirus service terminated unexpectedly. It has done

this 2 time(s). The following corrective action will be taken in 5000 milliseconds:

Restart the service.

Error - 11/9/2012 11:37:26 PM | Computer Name = SteinwertM-PC | Source = Service Control Manager | ID = 7034

Description = The MBAMScheduler service terminated unexpectedly. It has done this

1 time(s).

Error - 11/9/2012 11:38:13 PM | Computer Name = SteinwertM-PC | Source = Service Control Manager | ID = 7034

Description = The avast! Antivirus service terminated unexpectedly. It has done

this 3 time(s).

Error - 11/9/2012 11:40:38 PM | Computer Name = SteinwertM-PC | Source = Service Control Manager | ID = 7031

Description = The Akamai NetSession Interface service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in 1000

milliseconds: Restart the service.

Error - 11/9/2012 11:53:14 PM | Computer Name = SteinwertM-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/9/2012 11:58:26 PM | Computer Name = SteinwertM-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 11/9/2012 11:58:26 PM | Computer Name = SteinwertM-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 11/9/2012 11:59:04 PM | Computer Name = SteinwertM-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

< End of report >

Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://start.funmood...CtB&cr=71805779
    IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - SOFTWARE\Classes\CLSID\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d}\InprocServer32 File not found
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://start.funmood...CtB&cr=71805779
    IE - HKLM\..\SearchScopes\{7E3E9319-47C4-60BC-518B-0F526EC707F6}: "URL" = http://slirsredirect...hromesbox-en-us
    IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 55 70 26 E9 E7 CC 01 [binary data]
    IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - SOFTWARE\Classes\CLSID\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d}\InprocServer32 File not found
    IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...CtB&cr=71805779
    IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes\{12135F16-80E8-4323-ACF4-5D4D7D483407}: "URL" = http://www.mysearchr...q={searchTerms}
    IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
    IE - HKU\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local;127.0.0.1:9421;<local>
    FF - prefs.js..extensions.enabledAddons: crossriderapp5060@crossrider.com:0.85.36
    [2012/05/20 01:59:51 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
    [2012/10/20 01:49:28 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com
    [2012/10/20 01:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode
    [2012/10/21 23:42:43 | 000,052,184 | ---- | M] () (No name found) -- C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\SteinwertM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
    O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll File not found
    O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll File not found
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Please post the logs made by OTL and let me know how your system is running. :)

Link to post
Share on other sites

It looks like its cleared up. no more annoying pop ups or random "links" on webpages

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d}\ deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7E3E9319-47C4-60BC-518B-0F526EC707F6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E3E9319-47C4-60BC-518B-0F526EC707F6}\ not found.

HKU\S-1-5-21-3009903324-944403242-2419885812-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d}\ not found.

HKEY_USERS\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Internet Explorer\SearchScopes\{12135F16-80E8-4323-ACF4-5D4D7D483407}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12135F16-80E8-4323-ACF4-5D4D7D483407}\ not found.

Registry key HKEY_USERS\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.

HKU\S-1-5-21-3009903324-944403242-2419885812-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: crossriderapp5060@crossrider.com:0.85.36 removed from extensions.enabledAddons

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}\META-INF folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}\components folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}\chrome folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac} folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\skin folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\locale\en-US folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\locale folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\defaults folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\chrome\content\lib folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\chrome\content folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\chrome folder moved successfully.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com folder moved successfully.

Folder C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode\ not found.

C:\Users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f01858c7-2a68-4d93-9e22-502eae3917c2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f01858c7-2a68-4d93-9e22-502eae3917c2}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61874dfa-9adf-44e5-8e61-f3913707e7d7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61874dfa-9adf-44e5-8e61-f3913707e7d7}\ deleted successfully.

C:\Windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.

C:\Windows\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: SteinwertM

->Temp folder emptied: 18214 bytes

->Temporary Internet Files folder emptied: 2173803 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 552100802 bytes

->Google Chrome cache emptied: 81707007 bytes

->Flash cache emptied: 13405 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36062897 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 641.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11112012_181117

Files\Folders moved on Reboot...

C:\Users\SteinwertM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

It looks like its cleared up. no more annoying pop ups or random "links" on webpages
Good.

----------

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp

-------------

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Other Files

[*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.12.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

SteinwertM :: STEINWERTM-PC [administrator]

11/12/2012 2:10:53 AM

mbam-log-2012-11-12 (02-10-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222265

Time elapsed: 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

C:\Users\SteinwertM\DoctorWeb\Quarantine\1e1bd3df-5175b220 multiple threats

C:\Users\SteinwertM\DoctorWeb\Quarantine\6924d4a2-627a2ac0 multiple threats

C:\Users\SteinwertM\DoctorWeb\Quarantine\instantroot.apk Android/Exploit.Lotoor.AP trojan

C:\Users\SteinwertM\DoctorWeb\Quarantine\smsbomber.apk Android/TrojanSMS.Bosm.A trojan

C:\Users\SteinwertM\DoctorWeb\Quarantine\SoftonicDownloader_for_amcap.exe a variant of Win32/SoftonicDownloader.E application

C:\Users\SteinwertM\DoctorWeb\Quarantine\The_Grey_2012_1080p_H264_[Eng]_johno70.exe Win32/Adware.1ClickDownload.C application

C:\Users\SteinwertM\DoctorWeb\Quarantine\True_Blood_S05E01_REPACK_720p_HDTV_x264-IMMERSE_(eztv).exe Win32/Adware.1ClickDownload.G application

C:\Users\SteinwertM\DoctorWeb\Quarantine\True_Blood_S05E03_720p_HDTV_x264-IMMERSE_eztv.exe a variant of Win32/DirectDownloader.C application

C:\Users\SteinwertM\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application

C:\Users\SteinwertM\Downloads\sr-tfoc\sr-tfoc.iso a variant of Win32/Packed.VMProtect.AAA trojan

E:\downloads\Android Application and Tools\flashrec.apk multiple threats

E:\downloads\Android Application and Tools\sheriffandroid_v1.31.apk Android/SheriDroid.C application

E:\downloads\Android Application and Tools\cooltexter_ver1.9.apk Android/DroidRooter.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver3.00.apk Android/SheriDroid.A application

E:\downloads\Android Application and Tools\Locate_Me_PRO_1.4.apk Android/Lypro.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver2.32.apk Android/SheriDroid.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver2.28s.apk Android/SheriDroid.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver2.26.apk Android/SheriDroid.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver2.27.apk Android/SheriDroid.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver2.3.apk Android/SheriDroid.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver2.2.apk Android/SheriDroid.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver2.11.apk Android/SheriDroid.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver2.1.apk Android/SheriDroid.A application

E:\downloads\Android Application and Tools\sheriffandroid_ver2.01.apk Android/SheriDroid.B application

Things seem to be working pretty good, I dont know what all these threats are but yeah my computer is acting pretty normal

Link to post
Share on other sites

Glad to hear your system is running better.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    File::
    C:\Users\SteinwertM\Downloads\sr-tfoc\sr-tfoc.iso
    E:\downloads\Android Application and Tools\flashrec.apk
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Link to post
Share on other sites

ComboFix 12-11-12.03 - SteinwertM 11/12/2012 17:25:32.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2139 [GMT -8:00]

Running from: c:\users\SteinwertM\Desktop\ComboFix.exe

Command switches used :: c:\users\SteinwertM\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\SteinwertM\Downloads\sr-tfoc\sr-tfoc.iso"

"e:\downloads\Android Application and Tools\flashrec.apk"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\SteinwertM\Downloads\sr-tfoc\sr-tfoc.iso

e:\downloads\Android Application and Tools\flashrec.apk

.

.

((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))

.

.

2012-11-13 01:34 . 2012-11-13 01:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-13 01:34 . 2012-11-13 01:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-11-12 09:40 . 2012-11-12 09:40 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-11-12 09:39 . 2012-11-12 09:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-12 02:11 . 2012-11-12 02:11 -------- d-----w- C:\_OTL

2012-11-10 01:45 . 2012-10-17 09:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD2AA7C6-FEFD-402F-B792-C5C61EC6D44F}\mpengine.dll

2012-11-07 10:36 . 2012-11-07 10:39 -------- d-----w- c:\users\SteinwertM\AppData\Roaming\QuickScan

2012-11-06 09:56 . 2012-11-06 10:20 -------- d-----w- c:\users\SteinwertM\DoctorWeb

2012-11-06 08:58 . 2012-11-06 08:58 -------- d-----w- c:\program files (x86)\ESET

2012-11-06 08:52 . 2012-11-06 08:52 -------- d-----w- c:\program files (x86)\ERUNT

2012-11-03 11:42 . 2012-11-03 11:42 -------- d-----w- c:\users\SteinwertM\AppData\Local\IsolatedStorage

2012-11-03 11:41 . 2012-11-03 11:41 -------- d-----w- c:\users\SteinwertM\AppData\Local\NuGet

2012-11-03 11:18 . 2012-11-03 11:18 -------- d-----w- c:\program files (x86)\Microsoft WebMatrix

2012-11-03 11:09 . 2012-11-03 11:10 -------- d-----w- c:\windows\SysWow64\1033

2012-11-03 11:09 . 2012-11-03 11:10 -------- d-----w- c:\windows\system32\1033

2012-11-03 11:06 . 2012-11-03 11:06 -------- d-----w- c:\program files (x86)\MySQL

2012-11-03 11:06 . 2012-11-03 11:06 -------- d-----w- c:\program files\IIS

2012-11-03 11:06 . 2012-11-03 11:06 -------- d-----w- c:\program files (x86)\IIS

2012-11-03 11:04 . 2012-11-03 11:04 -------- d-----w- c:\program files (x86)\IIS Express

2012-11-02 23:11 . 2012-11-03 11:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server

2012-11-02 23:11 . 2012-11-02 23:11 -------- d-----w- c:\program files (x86)\Microsoft SDKs

2012-11-02 23:11 . 2012-11-03 11:09 -------- d-----w- c:\program files\Microsoft SQL Server

2012-11-02 23:10 . 2012-11-03 10:58 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-11-02 23:10 . 2012-11-02 23:10 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET

2012-11-02 23:09 . 2012-11-02 23:10 -------- d-----w- c:\programdata\Package Cache

2012-11-02 22:55 . 2012-11-02 22:55 -------- d-----w- c:\program files\Microsoft

2012-10-23 10:00 . 2012-10-23 10:00 -------- d-----w- c:\users\SteinwertM\AppData\Roaming\Creative

2012-10-23 07:18 . 2012-10-23 07:21 -------- d-----w- c:\users\SteinwertM\AppData\Local\Line

2012-10-20 09:49 . 2012-11-06 08:38 -------- d-----w- c:\programdata\Browser Manager

2012-10-20 09:49 . 2012-10-20 09:49 -------- d-----w- c:\program files (x86)\Noel Danjou

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-12 09:39 . 2011-04-29 04:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-11 10:03 . 2010-05-26 09:49 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 20:10 . 2012-06-11 08:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 20:10 . 2011-05-23 22:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-08 20:10 . 2012-10-08 20:10 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-30 03:54 . 2011-08-13 00:41 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-24 06:55 . 2012-09-24 06:55 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-14 23:55 . 2012-09-14 23:46 101680 ----a-w- c:\windows\system32\stkMonitor.dll

2012-09-14 19:19 . 2012-10-10 10:47 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 10:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 10:47 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 10:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 10:47 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 10:47 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-10 10:47 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 10:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-23 10:00 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 10:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 10:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 10:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 10:00 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 10:00 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 10:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 10:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 10:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 05:26 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 05:26 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 05:26 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 05:26 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 17:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 20:01 . 2012-09-23 20:47 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 20:01 . 2011-03-18 10:41 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 20:01 . 2011-03-18 10:41 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 18:48 . 2012-10-10 10:47 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 10:47 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 10:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 10:47 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 10:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 10:47 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 10:47 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 10:47 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 10:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 10:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 10:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 10:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 10:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 10:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 10:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"0C72CEEF7D99E3EDE9C462D5CAF1809AFBAA2958._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]

"Akamai NetSession Interface"="c:\users\SteinwertM\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"Spotify Web Helper"="c:\users\SteinwertM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-19 1193176]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"="c:\users\SteinwertM\program\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-12-08 1159480]

"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]

"D-Link D-Link DWA-525"="c:\program files (x86)\D-Link\DWA-525 revA\AirNCFG.exe" [2009-11-25 995328]

"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-525 revA\WZCSLDR2.exe" [2009-11-04 122880]

"iTunesHelper"="c:\prgrams\Itunes\iTunesHelper.exe" [2012-09-10 421776]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\SteinwertM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 243072]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-3-23 4577760]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-1-11 9728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

2;2 D_Link_DWA-525;D_Link_DWA-525 Service [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe [2009-07-08 40960]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-27 285152]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-05-12 11776]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\DRIVERS\V0250Dev.sys [2007-08-30 201632]

R3 V0250Vfx;V0250Vfx;c:\windows\system32\DRIVERS\V0250Vfx.sys [2006-05-05 10752]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1255736]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-07 15872]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-09-06 80472]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]

S3 netr28x;D-Link 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\Dnetr28x.sys [2009-11-09 787968]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]

S3 wovad_micarray;WO Mic Device;c:\windows\system32\drivers\womic.sys [2012-07-26 59344]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMPROTECTOR

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 20:10]

.

2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 10:10]

.

2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 10:10]

.

2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000Core.job

- c:\users\SteinwertM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-14 10:51]

.

2012-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009903324-944403242-2419885812-1000UA.job

- c:\users\SteinwertM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-14 10:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\SteinwertM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = ;192.168.*.*;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

FF - ExtSQL: 2012-10-22 00:42; {9D6218B8-03C7-4b91-AA43-680B305DD35C}; c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}

FF - ExtSQL: 2012-11-07 02:36; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\SteinwertM\AppData\Roaming\Mozilla\Firefox\Profiles\u8ibbhvp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-LINE - c:\program files (x86)\Naver\LINE\LineUnInst.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.9"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-12 17:38:17

ComboFix-quarantined-files.txt 2012-11-13 01:38

ComboFix2.txt 2012-11-10 04:03

ComboFix3.txt 2012-11-09 10:28

.

Pre-Run: 89,581,641,728 bytes free

Post-Run: 89,509,113,856 bytes free

.

- - End Of File - - 5FC8FF70A0E89A95A4F2CD1BA6770F51

Link to post
Share on other sites