Yontoo Virus

[Basalt13]

I pretty sure I have the Yontoo virus, I have the ad scripts popping up on all pages, I removed the Yontoo extentions and uninstalled it but still have problems, can anyone help?

[Larusso]

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  
• I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

Download OTL to your Desktop.

• Double click on the icon to run it.
  
• Under the box paste this in

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

• Make sure all other windows are closed to let it run uninterrupted.
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

[Basalt13]

OTL logfile created on: 25/03/2013 3:15:56 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anthony\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16521)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 53.52% Memory free

16.00 Gb Paging File | 11.45 Gb Available in Paging File | 71.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.86 Gb Total Space | 353.27 Gb Free Space | 38.53% Space Free | Partition Type: NTFS

Drive D: | 7.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANTHONY-PC | User Name: Anthony | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/25 15:12:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony\Desktop\OTL.exe

PRC - [2013/03/21 21:51:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe

PRC - [2013/03/21 21:51:30 | 000,017,304 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe

PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

PRC - [2013/03/13 10:36:14 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

PRC - [2013/02/19 07:37:40 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

PRC - [2013/02/19 07:37:40 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

PRC - [2013/02/06 08:59:04 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

PRC - [2013/02/06 08:59:04 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2012/12/06 13:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2012/11/27 22:12:44 | 000,479,840 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

PRC - [2012/11/27 22:08:28 | 000,739,936 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

PRC - [2012/03/31 11:57:30 | 000,389,120 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Thinstall\VMware View Client 4.6\SKEL\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe

PRC - [2011/12/19 08:45:00 | 050,528,256 | ---- | M] (VMware, Inc.) -- C:\Users\Anthony\Desktop\VMware View Client4.6.exe

PRC - [2009/09/08 02:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe

PRC - [2009/09/08 02:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

PRC - [2009/07/06 11:25:48 | 000,135,416 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/05/30 10:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe

PRC - [2008/02/01 11:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe

PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2007/01/08 14:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/21 21:51:31 | 003,150,744 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll

MOD - [2013/03/13 10:36:14 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

MOD - [2013/02/19 07:37:40 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

MOD - [2013/02/19 07:37:40 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll

MOD - [2013/01/28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2013/01/28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

MOD - [2012/05/28 15:47:36 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll

MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

MOD - [2012/03/31 11:57:30 | 000,389,120 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Thinstall\VMware View Client 4.6\SKEL\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe

MOD - [2009/07/06 18:37:06 | 002,906,624 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll

MOD - [2009/07/06 11:54:34 | 002,103,296 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll

MOD - [2009/07/06 11:54:34 | 000,113,664 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll

MOD - [2009/07/06 11:26:20 | 001,201,171 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll

MOD - [2009/07/06 11:26:20 | 001,191,443 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,306,195 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,248,339 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,121,363 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,074,259 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,059,923 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_directx_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,047,635 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvcd_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,037,395 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,028,691 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll

MOD - [2009/07/06 11:26:20 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll

MOD - [2009/07/06 11:26:18 | 009,605,651 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll

MOD - [2009/07/06 11:26:18 | 002,448,403 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll

MOD - [2009/07/06 11:26:18 | 000,725,011 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll

MOD - [2009/07/06 11:26:18 | 000,032,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll

MOD - [2009/07/06 11:26:18 | 000,031,763 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll

MOD - [2009/07/06 11:26:18 | 000,029,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll

MOD - [2009/07/06 11:26:16 | 000,205,331 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll

MOD - [2009/07/06 11:26:16 | 000,096,275 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll

MOD - [2009/07/06 11:26:14 | 000,193,555 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll

MOD - [2009/07/06 11:26:14 | 000,128,531 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll

MOD - [2009/07/06 11:26:14 | 000,033,299 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll

MOD - [2009/07/06 11:26:14 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblinear_resampler_plugin.dll

MOD - [2009/07/06 11:26:14 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll

MOD - [2009/07/06 11:26:14 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll

MOD - [2009/07/06 11:26:12 | 002,929,683 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,309,267 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,270,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,216,595 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,147,987 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,134,163 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,070,675 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,051,731 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,047,123 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,046,099 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,035,859 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,034,835 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,029,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_mmx_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll

MOD - [2009/07/06 11:26:12 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,195,603 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,173,587 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,053,779 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,052,755 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,045,075 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,042,003 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_float_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,029,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll

MOD - [2009/07/06 11:26:10 | 000,028,691 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll

MOD - [2009/07/06 11:26:08 | 005,003,795 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll

MOD - [2009/07/06 11:26:08 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll

MOD - [2009/07/06 11:26:08 | 000,041,491 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll

MOD - [2009/07/06 11:26:08 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll

MOD - [2009/07/06 11:26:06 | 000,073,747 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll

MOD - [2009/07/06 11:26:06 | 000,064,019 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll

MOD - [2009/07/06 11:26:06 | 000,032,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll

MOD - [2009/07/06 11:26:06 | 000,031,763 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_directory_plugin.dll

MOD - [2009/07/06 11:26:06 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_fake_plugin.dll

MOD - [2009/07/06 11:26:06 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_file_plugin.dll

MOD - [2009/07/06 11:26:06 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll

MOD - [2009/07/06 11:25:48 | 000,135,416 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

MOD - [2008/05/30 10:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/04 01:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/08/01 11:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)

SRV:64bit: - [2011/08/01 11:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)

SRV:64bit: - [2011/08/01 11:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)

SRV:64bit: - [2009/08/31 18:36:57 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV - [2013/03/21 21:51:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/03/13 10:36:15 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2013/02/19 07:37:40 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)

SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2013/02/06 08:59:04 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2012/11/27 22:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/09/16 07:35:06 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/08 02:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)

SRV - [2009/08/31 18:36:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2013/02/19 07:37:40 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2013/02/06 08:59:22 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2009/08/29 19:02:28 | 000,860,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/24 05:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009/06/10 15:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2013/02/06 08:59:22 | 000,297,240 | ---- | M] (Trusteer Ltd.) [File_System | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2013/02/06 08:59:22 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2012/10/30 03:36:44 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)

DRV - [2009/09/07 22:06:31 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS -- (TVICHW64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&s=1&o=vp64&d=0809&m=dx4820

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=266

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=28b617a90000000000000025111d02e8

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enCA342

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={759B773E-6D36-4BF6-A0E6-9E646777CCBC}&mid=7375945d076d47d09e2ed16c57f9eb1b-27b3ebf49405dd083487093cd0c8225e8864a1b0〈=en&ds=AVG&pr=fr&d=2012-11-07 15:05:44&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "-"

FF - prefs.js..browser.search.useDBForOrder: "false"

FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/home.php"

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 07:37:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2013/03/21 21:51:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins

[2009/11/17 20:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions

[2013/03/16 08:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions

[2013/03/08 20:36:54 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions\freehdsport@freehdsport.tv.xpi

[2013/03/06 09:32:10 | 000,555,868 | ---- | M] () (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions\{091dc955-8128-4a3d-bd56-88e400cc28c6}.xpi

[2013/03/16 08:44:54 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013/02/20 13:35:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/03/03 10:14:49 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2010/12/19 11:57:12 | 000,001,740 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\searchplugins\search-the-web.xml

[2011/03/31 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/02/08 10:33:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/05/12 07:32:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/31 22:30:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/06 10:41:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/11 19:58:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2009/11/17 20:43:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)

O1364bit: - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.17.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.176.13 64.59.177.226

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2F9257-CA57-4D7B-8FF7-A72A2D2EC5F4}: DhcpNameServer = 64.59.176.13 64.59.177.226

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\gopher - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: C:\Users\Anthony\Pictures\Anthony and Carolina - Couple in Love3.JPG

O24 - Desktop BackupWallPaper: C:\Users\Anthony\Pictures\Anthony and Carolina - Couple in Love3.JPG

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{5f8165b2-26fe-11e1-b7fa-0025111d02e8}\Shell - "" = AutoRun

O33 - MountPoints2\{5f8165b2-26fe-11e1-b7fa-0025111d02e8}\Shell\AutoRun\command - "" = J:\unlock.exe autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {64FBF728-E913-F4F7-1029-FF928D4E4BB7} - Offline Browsing Pack

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\qttask.exe (Apple Computer, Inc.)

MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/25 15:12:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anthony\Desktop\OTL.exe

[2013/03/23 10:39:07 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\{DAAD2714-ED20-4A9F-A3DB-C1DA4041DA08}

[2013/03/21 21:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12

[2013/03/19 16:20:23 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Yahoo!

[2013/03/19 12:33:06 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\{183DA152-714B-4181-A3C2-C7FA4AB3F969}

[2013/03/18 20:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2013/03/18 20:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/03/18 20:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/03/14 11:53:40 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\{78C9273A-E1FF-4E79-84C3-D9E54615A180}

[2013/03/12 12:55:43 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\{1E3C8109-3332-4C8D-B0CC-0535975FF237}

[2013/03/09 20:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2013/03/08 20:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2013/03/08 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com

[2013/03/08 20:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirstRowSportApp.com

[2013/03/08 10:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/03/07 14:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher

[2013/03/07 14:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp

[2013/03/07 14:16:29 | 011,681,632 | ---- | C] (DsNET Corp) -- C:\Users\Anthony\Desktop\aTube_Catcher_Setup-291347.exe

[2013/03/07 11:46:42 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\{87D21CEF-0FEF-4DE9-862D-9B28A1542ED8}

[2013/02/28 22:46:07 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\Apple Computer

[2013/02/28 22:46:06 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Apple Computer

[2013/02/28 22:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/02/28 22:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/02/28 22:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/02/28 22:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013/02/28 22:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2013/02/28 22:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/02/28 22:44:31 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\Apple

[2013/02/28 22:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2013/02/28 22:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2013/02/28 22:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2013/02/28 22:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2013/02/26 23:40:46 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

[2009/08/29 14:04:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Anthony\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/03/25 15:12:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony\Desktop\OTL.exe

[2013/03/25 14:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/03/25 14:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/03/25 14:15:09 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/03/24 22:36:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/23 10:42:39 | 000,014,336 | ---- | M] () -- C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/03/22 07:46:54 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/03/22 07:46:54 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/03/22 03:27:12 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/03/22 03:27:12 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/03/22 03:27:12 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/03/22 03:22:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/03/22 03:22:18 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/22 03:02:24 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/03/22 03:02:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013/03/18 20:16:06 | 000,001,260 | ---- | M] () -- C:\Users\Anthony\Desktop\Spybot - Search & Destroy.lnk

[2013/03/13 07:39:27 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn

[2013/03/12 17:39:34 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2013/03/11 11:28:59 | 001,478,392 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2

[2013/03/08 20:36:52 | 000,000,914 | ---- | M] () -- C:\Users\Anthony\Desktop\FirstRowSportApp.lnk

[2013/03/07 14:17:41 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk

[2013/03/07 14:16:39 | 011,681,632 | ---- | M] (DsNET Corp) -- C:\Users\Anthony\Desktop\aTube_Catcher_Setup-291347.exe

[2013/02/28 22:52:14 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for

[2013/02/28 22:46:02 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

========== Files Created - No Company Name ==========

[2013/03/22 03:02:24 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/03/22 03:02:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013/03/18 20:16:06 | 000,001,260 | ---- | C] () -- C:\Users\Anthony\Desktop\Spybot - Search & Destroy.lnk

[2013/03/11 11:28:59 | 001,478,392 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2

[2013/03/08 20:36:52 | 000,000,914 | ---- | C] () -- C:\Users\Anthony\Desktop\FirstRowSportApp.lnk

[2013/03/07 14:17:41 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk

[2013/02/28 22:52:14 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn

[2013/02/28 22:52:14 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for

[2013/02/28 22:46:02 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/02/28 22:44:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012/05/21 21:51:57 | 000,007,605 | ---- | C] () -- C:\Users\Anthony\AppData\Local\resmon.resmoncfg

[2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/03/31 08:12:28 | 000,010,270 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub

[2011/03/31 08:12:28 | 000,010,270 | -HS- | C] () -- C:\ProgramData\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub

[2009/11/21 14:08:39 | 000,014,336 | ---- | C] () -- C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/08 21:00:27 | 000,000,176 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\default.rss

[2009/09/05 13:59:33 | 000,422,319 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\UserTile.png

[2009/08/29 14:45:04 | 000,004,670 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\wklnhst.dat

[2009/08/29 14:04:54 | 000,001,044 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\vso_ts_preview.xml

[2009/08/29 14:04:25 | 000,099,384 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\inst.exe

[2009/08/29 14:04:25 | 000,007,859 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\pcouffin.cat

[2009/08/29 14:04:25 | 000,001,167 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\pcouffin.inf

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/03/03 23:07:57 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Absolute Poker

[2012/10/13 10:49:10 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\AVG

[2012/10/08 10:17:11 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\AVG2013

[2009/11/17 20:50:29 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\AVSMedia

[2011/06/24 11:49:08 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Bitcoin

[2012/12/21 11:12:05 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\calibre

[2011/03/31 22:30:25 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Dropbox

[2011/03/31 21:10:47 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\GetRightToGo

[2011/02/04 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\HEM Data

[2013/01/31 19:13:59 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\HoldemManager

[2009/11/17 20:50:29 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Ludia

[2009/11/17 20:50:41 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\My Games

[2010/06/12 13:03:16 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\OpenOffice.org

[2010/11/27 18:13:37 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\postgresql

[2013/02/01 10:34:30 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Roaming

[2009/11/17 20:50:41 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\SPORE

[2012/12/15 12:07:22 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\SystemRequirementsLab

[2009/11/17 20:50:41 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Template

[2012/03/31 11:57:30 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Thinstall

[2009/12/06 14:08:56 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Transparent

[2009/11/17 20:50:41 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Trusteer

[2012/10/08 10:16:24 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\TuneUp Software

[2010/03/11 20:21:12 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\UB

[2013/03/25 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\uTorrent

[2010/09/02 21:14:39 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\VictoryPoker

[2012/06/25 22:26:09 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Vso

[2010/11/20 11:56:33 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2012/10/08 10:14:59 | 000,000,000 | -H-D | M] -- C:\$AVG

[2009/11/17 22:14:04 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR

[2009/11/17 23:20:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2009/11/17 20:56:49 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q

[2009/10/31 22:11:02 | 000,000,000 | ---D | M] -- C:\65bc7d169df95ba49b4f5185220a

[2009/10/30 22:10:33 | 000,000,000 | ---D | M] -- C:\a3441d8ea0a67853eeced287

[2009/08/29 13:39:07 | 000,000,000 | -H-D | M] -- C:\ACER

[2012/05/18 21:23:01 | 000,000,000 | ---D | M] -- C:\AMD

[2009/04/14 03:55:40 | 000,000,000 | ---D | M] -- C:\book

[2011/05/29 08:46:10 | 000,000,000 | -HSD | M] -- C:\Boot

[2013/03/25 14:16:00 | 000,000,000 | -H-D | M] -- C:\Config.Msi

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2013/02/01 10:36:48 | 000,000,000 | ---D | M] -- C:\HMArchive

[2009/04/14 03:01:20 | 000,000,000 | ---D | M] -- C:\Intel

[2011/02/08 11:16:35 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009/11/17 19:18:15 | 000,000,000 | ---D | M] -- C:\OEM

[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011/06/21 20:31:13 | 000,000,000 | ---D | M] -- C:\Poker

[2013/03/15 16:30:38 | 000,000,000 | R--D | M] -- C:\Program Files

[2013/03/22 07:34:45 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2013/03/18 20:53:58 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010/03/21 19:05:10 | 000,000,000 | ---D | M] -- C:\Programs

[2009/11/17 21:09:51 | 000,000,000 | -HSD | M] -- C:\Recovery

[2013/03/25 15:18:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010/09/16 22:01:53 | 000,000,000 | R--D | M] -- C:\Users

[2013/03/22 03:00:42 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /5 >

< %localappdata%\*. /5 >

[2013/03/25 15:18:10 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Local\Temp

[2013/03/23 10:39:30 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Local\Windows Live

[2013/03/23 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Local\{DAAD2714-ED20-4A9F-A3DB-C1DA4041DA08}

< MD5 for: SERVICES.EXE >

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USER32.DLL >

[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Victory Poker:MID

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\DoylesRoom:MID

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

[Basalt13]

OTL Extras logfile created on: 25/03/2013 3:15:56 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anthony\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16521)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 53.52% Memory free

16.00 Gb Paging File | 11.45 Gb Available in Paging File | 71.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.86 Gb Total Space | 353.27 Gb Free Space | 38.53% Space Free | Partition Type: NTFS

Drive D: | 7.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANTHONY-PC | User Name: Anthony | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{088A57DC-F1D1-44D7-A3FA-C2E338093BDE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0BC18B13-6807-4A00-907F-698208742E6B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0F0773C4-94FB-4829-8F9A-D1B9D39C5ECE}" = rport=10243 | protocol=6 | dir=out | app=system |

"{106F4259-8D22-4BB6-A349-624B29C2B249}" = rport=445 | protocol=6 | dir=out | app=system |

"{27241615-E377-49BD-9EFD-4EF2C281A131}" = lport=445 | protocol=6 | dir=in | app=system |

"{2D02F8F5-BEDC-4AD7-95A6-4666623ACAA8}" = lport=43763 | protocol=6 | dir=in | name=spf port 43763 tcp |

"{3EC29BE1-3608-413D-AD1E-283F01DAFF57}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4345B383-087B-4EE7-A8FC-EA71F68F4398}" = rport=138 | protocol=17 | dir=out | app=system |

"{474ECD62-1922-4E2B-94A9-325229A52D94}" = lport=137 | protocol=17 | dir=in | app=system |

"{48E39C69-732E-4B7F-B493-FF7966E76AE2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{4ADF44C2-2597-4902-9F32-525E8C4E60E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{548C2D7D-8EFC-4B09-AC8D-43D9AB270A53}" = lport=139 | protocol=6 | dir=in | app=system |

"{63EB2482-8915-42F9-98C6-A2968EEE34A7}" = lport=10243 | protocol=6 | dir=in | app=system |

"{7433C6BA-86A6-496B-B6D8-84635C0D251C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{74B048A7-16C2-408D-ABFA-3C7B4C4820D5}" = lport=5432 | protocol=6 | dir=in | name=postgres |

"{7801B6AF-EB7E-4548-B1CC-C0803D179FE4}" = rport=139 | protocol=6 | dir=out | app=system |

"{8245F91E-D004-4A18-8C42-6D04241FECC3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{89F2C406-69A7-404E-A573-FB4449A8D8DD}" = lport=138 | protocol=17 | dir=in | app=system |

"{A4110EA0-057F-405B-993B-8FF752D1532F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A9700806-13FD-4695-A0AA-B2F5BB82949E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A9C35D9A-38DC-4402-AFEC-C3972E5B87AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B8074086-C819-446E-B1FC-D10699D04BA2}" = rport=137 | protocol=17 | dir=out | app=system |

"{B8DD1025-B1F5-4060-A0EB-A96D0B42B3AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B8F74911-B83F-42E7-89C4-3458E97CEF4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DC4F1F2F-5D28-4E88-BA2C-C5A0ADFDF69C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DE51876E-A281-4F8B-A11A-B9024CBBBE14}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{E061185E-6D93-4FAF-8686-219C908B349E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{E95EC8CC-93C6-4AD0-B56E-A0FCC4C09479}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EEFAE46B-26E8-46A3-BE43-8DDBFDF41DB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F48C986B-8642-4219-A418-57DD1F339724}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{019A7E62-C5AB-4800-B5C8-967AB539BD06}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{04BB2A1D-1B7B-4941-A11D-A5FF3B3D0F32}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{05B8FBCA-6DD5-4F1B-B3BF-D3856D8EFB42}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{0615C948-BBDF-44CC-B86D-449C094815BF}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |

"{06382232-4921-4977-B976-8C2B88EC6127}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{0CBCD103-3F6C-4784-8CDA-B90BE9C8B724}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0CDC1917-D13E-4D78-9E51-8A79EAA130D2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{0F510E0E-1AC1-486F-85D7-EE09F4FFAB8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{136D25F1-1D06-457C-AF74-889CB94B69E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{14289E61-6E62-40CE-BBC2-CA88FFE9EE28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{172456A7-4C3B-4A48-BB54-4CD4A3DA22A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1A880A79-8EBC-4B27-923C-563BF3DB0153}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1E144D61-A367-4942-805A-A5D50BDB92C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{21ECFCD8-D065-440A-ABE1-52C1337E8C52}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{2C69CD3A-7F33-4729-ABC5-62B0FF9A1734}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2DF24475-25AB-4332-BD79-D95A062140D5}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |

"{30FF9E97-BA18-4C87-A95B-26116AFF32BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{35D89608-622A-4D66-8BDB-72189B0C4483}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3817B78E-4763-47F2-9DB3-F1B72BD2E1ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3904482F-F311-4C0C-9E86-90B6E9B027B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{397674DA-DB89-41CC-BFE4-D3D3465F6869}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{41C7F39A-8D4C-465A-A906-5F696142684C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{42C1A4B3-1B14-4605-9918-162786DBAF6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{43F373C9-AC51-40E8-8FD6-44694C3DE085}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{458D6234-A087-4282-902B-959EC5B4AC44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{472A5E27-539A-41CE-87C6-35F868BB7FFE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{476E2326-E5D4-4C09-B400-520A4DB27A30}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{4E2B7567-C94D-4562-A736-E07F5DFFB9EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4EC16998-2057-4219-86CB-98E99C9B233C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4F37A80F-B66B-4420-9441-A227E1773DF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{4F3AA627-6E97-4952-AD12-837F1CB8EE46}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{5238B061-4C78-4FD5-B0C7-27ECB4D51DFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{533B98B5-D26C-461E-A32E-5A5B733BE0ED}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{5712B5A7-09F2-4B20-9397-3279EC2F392A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{59C98A4A-2E8C-45A3-B174-2A10687AD3C6}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |

"{59EF88FC-8C02-4252-A3FC-C71F98A9122D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{5FF97306-2274-411E-9114-93BA7E387E2B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{6332CBFD-AE3A-4D07-970C-78AD2819D90C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{64819917-6009-433C-9252-84FCFC85F3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{668EB08D-65A6-4EF4-BF15-3BB311C4291B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{671670C1-4C46-47BD-8D4B-DDE1D9BDF29A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{6888806A-DAB1-441E-8523-675C1649A0C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{69176411-0EB4-4D15-809A-F29E49A58D2A}" = protocol=6 | dir=out | app=system |

"{6BCB51E9-320B-407F-BC2C-424F78F204F2}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{6CB812D2-50FB-42D1-9251-B0650EA9A6A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{72BEE4AA-CB24-485C-A5FB-2E7323833330}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7475CFAD-F94B-4285-9087-64FAEF5CFF09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{760ADEC4-A4DC-4050-A2E7-40BBB8430405}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |

"{77B97D3A-7F97-4B6D-8A72-4D35AAC5A820}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7967C476-3338-49E2-B63E-BE39078D321D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{79BBC210-C057-47A1-AB82-A243C5FF9813}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7DA72B4E-7992-4630-B633-754C09885BBB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{7DCB1B3E-4DDB-4839-8FCE-93AC52390242}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{8052D761-6DD4-4FA5-8F14-207F03ACD7F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{8094720A-7279-409E-863B-636A33D414B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{84ADDFD0-F2C6-444F-B564-79F3AECB26C7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{86009D30-29E2-4B3F-85DB-5A1FDD7D4488}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{8CA58472-A588-429A-8611-4CB6F05FBB7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8DBE0000-A33B-48E2-BC70-ED474AAAF22D}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |

"{8FB6E9BE-F6B5-4830-91AB-3F4FEE1AC176}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |

"{92148AE7-4A9F-4360-9D92-D8E13804CBD7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{95E3DCED-67CD-4808-AAED-46FC61D69BE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{96747C89-FB55-457F-BEBF-931F9CF6F13D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{969C82EC-59CC-43C9-B840-915C3A570088}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{96CA8EF7-2363-4072-91BE-D300535C689D}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |

"{9A233189-0638-4E59-91DC-22666F62EF4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9B3D381C-B1D8-4B77-820F-C7A6F4DC36CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9BAA5190-3B9D-4675-8A3A-F86332AB49B9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{9CC0CA2A-A56E-4F5D-B7BB-39DCC07770A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{A253131A-C232-4CC1-83B4-B00994AA5BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |

"{A574652C-1A96-49C1-9232-D2530A70A564}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{A949D172-8740-4CC1-9CA7-73ED7F5A1536}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |

"{A9C04004-7507-46AB-A993-00B9216D8565}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{A9CA1730-F248-4C02-B02D-6ACD81A8EDBD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AC5BB43D-344F-42EB-AFD6-8CF79F324E32}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{AD3CA868-97C2-48BE-A0C0-7DA8C40F9853}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{ADE8FF5A-8C7B-4E43-ABB9-1A631F164967}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AF0CAB5A-3560-4993-9127-D4F1595715CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{AFF86C1C-8AAC-435B-AA13-825F45D5FB95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B69823A6-87D1-4ED7-9AA9-049DBAFD4F39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B6C62E78-ADFF-44E8-B579-F84B9B8E273B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BB70C126-AFD2-4D18-91F0-C0ED0B1C075E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{BD08F693-D593-4257-B575-893C3F00A994}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BD60EE45-8584-4674-B250-5203B41350FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BE50C4CD-21B0-4917-A889-CE2E8A24BFA3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C0348498-4C1A-4839-9989-2BDF8C1C12DA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{C546867E-6D4B-4B2E-B160-E2D9438ABBD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C67C0369-0EA4-4D07-A35E-55E99A958834}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |

"{C7822A84-4494-4A4E-92EC-A5B8CF08426F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{CA2D556F-DEBE-4ACA-A4AF-107068D65D48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CFB5077E-0FE5-4AF2-81A9-D5A1346ABDD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CFDA64F7-A63E-4928-8A94-F10FD52E693F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{D311B3AF-1CA5-448E-8ACD-113C18B77D31}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{D74B3AB1-1F24-4535-BF05-A8E5E284EAE9}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |

"{D8916FB8-E007-4805-90A1-F88744E68819}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{D9B5FF23-EBAA-444D-B14C-73E451EFBA82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{DD229DB6-1605-401E-83A3-1AD5B050208D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E1064E15-2C68-40C0-91B2-19D2E0AEA011}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{E15E2157-1585-4B41-8B8B-9ACC73723F27}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E4B88535-FFAE-431B-93EC-33E7DB8B7157}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |

"{E579AAB1-CF1E-49A4-8F01-9B513EB86E69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E592B0C5-E8E2-4A7D-A6E9-7E9DE5E98C12}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{ED22018F-6C52-4BC2-A429-BF5CB4A72AD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EF2C50E5-D0F1-423F-9679-1576F1800F6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F0EE90C3-30E2-42E2-9400-7DE91808DD3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F3E40EE9-F8CA-48D3-A7C4-05930B5BC828}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F6153DE3-6084-46D7-B8DB-398C526C575F}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |

"{FA1EEE84-C957-43C7-B3B3-0BEAF51C0D4B}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |

"{FCC00A27-6DC2-4C78-A493-476349948F14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{2B21A605-2FD4-4D22-A46F-CEE6E18C917C}C:\users\anthony\desktop\vmware view client4.6.exe" = protocol=6 | dir=in | app=c:\users\anthony\desktop\vmware view client4.6.exe |

"TCP Query User{8B4EF2CA-20C0-4B34-B8B7-8107CBFF40F3}C:\users\anthony\appdata\roaming\thinstall\vmware view client 4.6\skel\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe" = protocol=6 | dir=in | app=c:\users\anthony\appdata\roaming\thinstall\vmware view client 4.6\skel\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe |

"TCP Query User{D546ED60-6CF1-4AF5-9C03-166222A10633}C:\users\anthony\appdata\roaming\thinstall\vmware view client 4.6\skel\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe" = protocol=6 | dir=in | app=c:\users\anthony\appdata\roaming\thinstall\vmware view client 4.6\skel\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe |

"TCP Query User{DF448466-23ED-44C7-B58C-70A373097D36}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"TCP Query User{FE3AF3B3-2671-441E-B5BD-8ED4FCF27C59}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{43793AE8-4DB2-4CE3-8A0E-03B6CBCD68E1}C:\users\anthony\desktop\vmware view client4.6.exe" = protocol=17 | dir=in | app=c:\users\anthony\desktop\vmware view client4.6.exe |

"UDP Query User{6DC6846D-3B8C-4009-9F4B-F6C34D89EB13}C:\users\anthony\appdata\roaming\thinstall\vmware view client 4.6\skel\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe" = protocol=17 | dir=in | app=c:\users\anthony\appdata\roaming\thinstall\vmware view client 4.6\skel\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe |

"UDP Query User{7946CE6A-D3CF-49A4-9295-3DA550945B71}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{7E3D2972-C39C-44AE-B310-7631AF91DD79}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"UDP Query User{A2AD2C62-6FAD-4373-AE70-6CB3930E23DF}C:\users\anthony\appdata\roaming\thinstall\vmware view client 4.6\skel\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe" = protocol=17 | dir=in | app=c:\users\anthony\appdata\roaming\thinstall\vmware view client 4.6\skel\e9877ef3b0e7584d973831f76dca2e2b8e1558\wsnm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{018F3B17-AF23-809D-3807-25A16563416C}" = AMD Media Foundation Decoders

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager

"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding

"{1A2B11DC-654B-0C80-14AA-B980D07257A7}" = ccc-utility64

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare

"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding

"{45ABEF88-3864-41F5-8189-BB80F2C5A75C}" = AVG 2013

"{473D65A4-09B5-4BC2-B971-22E2E5BE66F6}" = AVG 2013

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"AVG" = AVG 2013

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPOCR" = HP OCR Software 8.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{03E1711E-2A57-D826-142F-4D1C8CBB9CE3}" = CCC Help Korean

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{05499036-169E-2DB2-CA6A-921826EDB571}" = CCC Help Hungarian

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{1737B9BC-D3B4-D62A-C79F-049D1C14BAC5}" = CCC Help Finnish

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help

"{1C179D24-8307-A87E-5BF2-7F847B5489FB}" = CCC Help Dutch

"{1C961E37-1448-39D0-7A46-BB6BEA266C18}" = CCC Help Russian

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1E5C7043-09C5-4974-A69F-A5271FD82BBC}" = PlayMemories Home

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{24E95349-8629-47A0-EB12-9B081EFE4122}" = Catalyst Control Center Localization All

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 23

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords

"{4048B649-4AD0-1C0F-3C0F-09478FE3E4E8}" = CCC Help Chinese Traditional

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{51E47ACA-6672-7A6B-FE18-20E1EA4802E3}" = CCC Help Greek

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59C7AFEC-E6E0-C99E-31FD-1FCBBFF70393}" = Catalyst Control Center

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{5CA66729-D7A8-428B-21AC-CE78AB6BC83D}" = CCC Help Portuguese

"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries

"{604B7475-6B17-D7DF-636D-E1E147349316}" = CCC Help Japanese

"{62460273-C5CA-BEAB-5AEA-360698FCB506}" = CCC Help Czech

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6D5B770B-9F4B-5D56-C270-196E91C9F0FF}" = CCC Help Danish

"{6E25AE88-7018-022F-508B-80656F538535}" = CCC Help Polish

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{739941B6-3C0F-290A-0B76-08C7CEA6F0F3}" = Catalyst Control Center InstallProxy

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193h

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7C0759C8-4C6C-4AD7-89B8-0842C4C44F23}" = Jeopardy! 2003

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{941BF29A-8738-34FB-58AF-116758FA60AB}" = CCC Help Thai

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{9C797804-93A4-482B-A3CD-8DB6C711B35F}" = Byki

"{9D4D322B-0BE2-F994-701F-8E464029B11A}" = CCC Help Swedish

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9FDFB03-82ED-0DCC-6351-A562F184E9ED}" = CCC Help Italian

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4

"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4

"{B62BA521-B0BB-7215-6467-9EC0A1E61D85}" = Catalyst Control Center Graphics Previews Common

"{B6D49D90-3D8B-F6D4-2009-11AE0E11EBC3}" = CCC Help English

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BE0BEC1F-C9D6-17D5-075A-53DF0A23C282}" = CCC Help Norwegian

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{BFD7E2D6-B4E1-D425-166E-CF27BBD79C10}" = CCC Help Spanish

"{C04ACDD0-62A7-091E-0B83-4383E7073469}" = CCC Help Turkish

"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C7232E58-FD2F-5EC0-B4FD-2C5FA2DB6BB8}" = CCC Help French

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D7E16C53-8B27-46FE-9499-E826CBC2E9CE}" = calibre

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI

"{E661CA41-4846-13AB-5137-25F13F1C5D6B}" = CCC Help Chinese Standard

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver

"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1" = GPU Caps Viewer 1.16.0

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FCB53C89-7998-6782-DA2B-99B49BE8AD96}" = CCC Help German

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1ClickDownload" = FirstRowSportApp

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"aTube Catcher" = aTube Catcher

"AVG Secure Search" = AVG Security Toolbar

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"Battlelog Web Plugins" = Battlelog Web Plugins

"Bodog Hand Grabber" = Bodog Hand Grabber 1.15

"Bodog Poker_is1" = Bodog Poker

"Byki Deluxe" = Byki Deluxe

"Cisco Connect" = Cisco Connect

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.5.10.0

"Diablo III" = Diablo III

"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition

"ESN Sonar-0.70.4" = ESN Sonar

"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.4

"Gateway Screensaver" = Gateway ScreenSaver

"HoldemManager" = Holdem Manager

"HoldemManager2" = Holdem Manager 2

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"Money2007b" = Microsoft Money Essentials

"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"PartyPoker" = PartyPoker

"PKR" = PKR

"Poker PlayNow.com " = Poker PlayNow.com

"PokerStars" = PokerStars

"PostgreSQL 8.4" = PostgreSQL 8.4

"QuickTime" = QuickTime

"Rapport_msi" = Rapport

"Simple Port Forwarding" = Simple Port Forwarding

"Steam App 8930" = Sid Meier's Civilization V

"SystemRequirementsLab" = System Requirements Lab

"uTorrent" = µTorrent

"Veetle TV" = Veetle TV

"Victory Poker(uninstall)" = Victory Poker

"VLC media player" = VLC media player 1.0.0

"WildTangent gateway Master Uninstall" = Gateway Games

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"Xfire" = Xfire (remove only)

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GR88" = GR88

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 25/03/2013 11:00:10 AM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/03/2013 11:00:10 AM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/03/2013 11:00:10 AM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/03/2013 11:00:10 AM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/03/2013 11:00:10 AM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/03/2013 11:00:11 AM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/03/2013 1:13:33 PM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/03/2013 1:13:33 PM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/03/2013 3:15:33 PM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/03/2013 3:15:33 PM | Computer Name = Anthony-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]

Error - 07/10/2009 5:25:35 PM | Computer Name = Anthony-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 21/03/2013 4:18:39 AM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 21/03/2013 4:18:39 AM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

Error - 21/03/2013 4:21:36 AM | Computer Name = Anthony-PC | Source = bowser | ID = 8003

Description =

Error - 22/03/2013 4:21:08 AM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 22/03/2013 4:21:43 AM | Computer Name = Anthony-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 22/03/2013 4:22:48 AM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 22/03/2013 4:22:51 AM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 22/03/2013 4:24:27 AM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 22/03/2013 4:24:27 AM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

Error - 22/03/2013 12:26:44 PM | Computer Name = Anthony-PC | Source = bowser | ID = 8003

Description =

< End of report >

[Larusso]

"uTorrent" = µTorrent

Please read this --> http://forums.malwarebytes.org/index.php?showtopic=97700

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

[Basalt13]

It said I had Microsoft Security Essentials still running although I didn't, I looked everywhere for it and couldn't find it so just ran the scan.

ComboFix 13-03-25.01 - Anthony 26/03/2013 8:39.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8191.4554 [GMT -5:00]

Running from: c:\users\Anthony\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\boost_interprocess\20130316083158.109999

c:\users\Anthony\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2

c:\users\Anthony\AppData\Roaming\Roaming

c:\users\Anthony\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml

.

.

((((((((((((((((((((((((( Files Created from 2013-02-26 to 2013-03-26 )))))))))))))))))))))))))))))))

.

.

2013-03-26 13:47 . 2013-03-26 13:47 -------- d-----w- c:\users\postgres\AppData\Local\temp

2013-03-26 13:47 . 2013-03-26 13:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-22 02:51 . 2013-03-22 12:34 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 12

2013-03-20 20:58 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-19 21:20 . 2013-03-19 21:20 -------- d-----w- c:\users\Anthony\AppData\Roaming\Yahoo!

2013-03-19 01:16 . 2013-03-21 13:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-03-19 01:16 . 2013-03-19 01:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-03-12 22:40 . 2013-03-12 22:40 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-09 01:36 . 2013-03-15 21:31 -------- d-----w- c:\programdata\Tarma Installer

2013-03-09 01:36 . 2013-03-09 01:36 -------- d-----w- c:\program files (x86)\FirstRowSportApp.com

2013-03-07 19:17 . 2013-03-07 19:17 -------- d-----w- c:\program files (x86)\DsNET Corp

2013-03-01 03:52 . 2013-03-01 03:52 1409 ----a-w- c:\windows\QTFont.for

2013-03-01 03:46 . 2013-03-01 03:46 -------- d-----w- c:\users\Anthony\AppData\Local\Apple Computer

2013-03-01 03:46 . 2013-03-01 03:55 -------- d-----w- c:\users\Anthony\AppData\Roaming\Apple Computer

2013-03-01 03:45 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-03-01 03:45 . 2013-03-01 03:45 -------- d-----w- c:\program files\iPod

2013-03-01 03:45 . 2013-03-01 03:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-01 03:45 . 2013-03-01 03:45 -------- d-----w- c:\program files\iTunes

2013-03-01 03:45 . 2013-03-01 03:45 -------- d-----w- c:\program files (x86)\iTunes

2013-03-01 03:45 . 2013-03-01 03:45 -------- d-----w- c:\programdata\Apple Computer

2013-03-01 03:44 . 2013-03-01 03:44 -------- d-----w- c:\users\Anthony\AppData\Local\Apple

2013-03-01 03:44 . 2013-03-01 03:44 -------- d-----w- c:\program files (x86)\Apple Software Update

2013-03-01 03:44 . 2013-03-10 01:48 -------- d-----w- c:\program files\Common Files\Apple

2013-03-01 03:43 . 2013-03-10 01:48 -------- d-----w- c:\program files (x86)\Common Files\Apple

2013-03-01 03:43 . 2013-03-01 03:44 -------- d-----w- c:\programdata\Apple

2013-02-27 09:01 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-02-27 09:01 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-02-27 09:01 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-02-27 09:01 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-02-27 04:40 . 2013-02-27 04:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-13 15:36 . 2012-05-22 21:30 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 15:36 . 2011-06-18 13:18 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 08:04 . 2009-12-11 13:18 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-03-12 22:40 . 2012-05-15 14:08 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-12 22:40 . 2010-05-12 12:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-19 12:37 . 2012-10-08 15:16 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-02-14 08:52 . 2013-02-14 08:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2013-02-12 05:45 . 2013-03-12 22:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-12 22:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-12 22:10 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-12 22:10 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-12 22:10 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-12 22:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-08 09:37 . 2013-02-08 09:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2013-02-08 09:37 . 2013-02-08 09:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-02-08 09:37 . 2013-02-08 09:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-02-08 09:37 . 2013-02-08 09:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-02-08 09:37 . 2013-02-08 09:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2013-02-06 13:59 . 2011-03-09 09:23 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2013-01-05 05:53 . 2013-02-13 09:59 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-13 09:59 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 09:59 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-13 09:58 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-13 09:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-13 09:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-13 09:59 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-13 09:58 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-13 09:58 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-13 09:58 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-13 09:58 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00 . 2013-02-13 09:58 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 06:00 . 2013-02-13 09:58 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-02-19 12:37 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-19 1929392]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-19 1151152]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-11-28 739936]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A

"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-30 860656]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-28 4937264]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-08-31 1038088]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TVICHW64;TVICHW64;c:\windows\SysWOW64\Drivers\TVICHW64.SYS [2009-09-08 21200]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2013-02-06 101688]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-27 246072]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-19 39768]

S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-02-06 55096]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-02-06 297240]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-11-28 479840]

S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-02-06 976728]

S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-19 968880]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]

S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]

S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 15:36]

.

2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 08:15]

.

2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 08:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 64.59.176.13 64.59.177.226

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\

FF - prefs.js: browser.search.selectedEngine - -

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/home.php

FF - ExtSQL: 2013-03-08 19:36; freehdsport@freehdsport.tv; c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions\freehdsport@freehdsport.tv.xpi

FF - ExtSQL: 2013-03-16 08:44; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4} - c:\users\Anthony\AppData\Local\{7D4B3D1D-104E-4507-9123-568BC721B7E2}\BYKI4Installer.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]

"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]

"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-619722867-1435490409-405705067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-619722867-1435490409-405705067-1000)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-619722867-1435490409-405705067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

@=""

"Installed"="1"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

@=""

"Installed"="1"

"NoChange"="1"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

@=""

"Installed"="1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-26 08:52:14

ComboFix-quarantined-files.txt 2013-03-26 13:52

.

Pre-Run: 385,467,248,640 bytes free

Post-Run: 385,240,133,632 bytes free

.

- - End Of File - - EF1A0FCC7707E528891C839BF55B84DF

[Larusso]

Hy there.

I see AVG components in your Logfiles but nothing related to MSE. Which one are you currently using ?

Please download AdwCleaner by Xplode onto your desktop.

• 
  
  • Close all open programs and internet browsers.
    
  • Double click on adwcleaner.exe to run the tool.
    
  • Click on Delete.
    
  • Confirm each time with Ok.
    
  • You will be prompted to restart your computer. A text file will open after the restart.
    
  • Please post the contents of that logfile with your next reply.
    
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    

Are the popups still present ? If yes, in which browser ?

[Basalt13]

That is why I was confused by it saying I had MSE running, I used to have it a few months ago but uninstalled it and have been using AVG. I will complete next step later today.

[Basalt13]

The script popups are still there, I am using Firefox.

# AdwCleaner v2.115 - Logfile created 03/26/2013 at 18:26:39

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Anthony - ANTHONY-PC

# Boot Mode : Normal

# Running from : C:\Users\Anthony\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Anthony\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Anthony\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\Conduit

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\ConduitEngine

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\FCTB

Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\delta LTD

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\59e8cdfb53bbd48

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\SOFTWARE\Wow6432Node\59e8cdfb53bbd48

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0 (en-US)

File : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\prefs.js

C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc[...]

Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);

*************************

AdwCleaner[s1].txt - [8038 octets] - [26/03/2013 18:26:39]

########## EOF - C:\AdwCleaner[s1].txt - [8098 octets] ##########

[Larusso]

The script popups are still there, I am using Firefox.

I need to know if they also appears in IE.

[Basalt13]

It does not appear to be happening on IE

[Larusso]

Good to know. Lets see if they also appear in FF's savemode.

Please press the + R Key and Copy/Paste the following single-line command into the Run box.

"C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe" -safe-mode

Close Firefox before you click on OK.

This will launch firefox in an protected mode where all Extensions ... are disabled. Let me know if you the PopUps are still present in this mode

(good nite )

[Basalt13]

The pop ups are still present even in safe mode. Not sure if this will help but when you hover over them it says "by Coupondropdown"

[Basalt13]

Also before I came here to ask for help I was trying things myself, one thing I tried was a add on called no script, and by blocking something called akamaihd.net it fixes the problem, but most sites like facebook don't load at all when I block it.

[Larusso]

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Box:

:otl
[2013/03/08 20:36:54 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions\freehdsport@freehdsport.tv.xpi
[2010/12/19 11:57:12 | 000,001,740 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\searchplugins\search-the-web.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...0000025111d02e8
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACGW_enCA342
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
:commands
[emptytemp]

• Please close all other programs now.
  
• Then click the Run Fix button at the top.
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

[Basalt13]

It seems to be fixed now don't see the script pop ups where I usually do.

All processes killed

========== OTL ==========

C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\extensions\freehdsport@freehdsport.tv.xpi moved successfully.

C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\ks78w2ju.default\searchplugins\search-the-web.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anthony

->Temp folder emptied: 3121911 bytes

->Temporary Internet Files folder emptied: 18595180 bytes

->Java cache emptied: 4830139 bytes

->FireFox cache emptied: 372592693 bytes

->Flash cache emptied: 233896 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 21946795 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 77959 bytes

RecycleBin emptied: 10181973351 bytes

Total Files Cleaned = 10,112.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03272013_123203

Files\Folders moved on Reboot...

C:\Users\Anthony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Anthony\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File\Folder C:\Windows\temp\etilqs_2G60EyaYsEwa5RM0N5sc not found!

C:\Windows\temp\etilqs_3XmnWiKjwRXrizg0PCCo moved successfully.

C:\Windows\temp\etilqs_6B6IONC0eZUFSgVn8CbE moved successfully.

C:\Windows\temp\etilqs_6CtHreU6lYx9yx3esw0W moved successfully.

C:\Windows\temp\etilqs_8CEpdkN1BZeEDT1yLkID moved successfully.

C:\Windows\temp\etilqs_C0KUwWPSmGWfLNiS6SBO moved successfully.

C:\Windows\temp\etilqs_SrdSDs7rf7jg6HtcEG6F moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Larusso]

\o/

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan, and let me know how things are now.

[Basalt13]

C:\Users\Anthony\Desktop\aTube_Catcher_Setup-291347.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\Anthony\Videos\Downloads\Dawn_of_the_Dead_UNRATED_(2004)_720p_BrRip_x264_-_750MB_-_YIFY_secure.exe Win32/TopMedia.B application

C:\Users\Anthony\Videos\Downloads\SoftonicDownloader_for_atube-catcher.exe a variant of Win32/SoftonicDownloader.E application

[Basalt13]

Also still no problems script seems to be gone

[Basalt13]

Thanks for the help Larusso I really appreciate it!

[Larusso]

Hy there.

These files aren't real malware. Feel free to delete them.

Unless you have any open issues, you are good to go. Please follow these last few steps.

Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Please download delfix to your Desktop.

• Close all running programms.
• Doubleclick on the delfix.exe
• Make sure that all options are checked.
  
• Click Start.

This tool will delete most of the tools we have used for the cleanup procedure. If something remaints, simply delete it.

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date

• Please enable Automatic Updates to keep your system up to date.
  
• Windows Updates
  
  • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    
  • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates

  [*] Software Updates

  Your installed Software also can have vulnerabilities that malware can use to infect your system.

  To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software

• Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection

• Malwarebytes Anti Malware
  The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  
• WinPatrol
  WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

• Web of Trust ( WOT )
  This software helps you to stay away from sites that have malicious purposes.
  
• SpywareBlaster
  This software helps prevent the installation of ActiveX-based spyware
  
• MVPS Hosts file
  This Hosts File will restrict known ad sites from serving you unsolicited advertisements.

Use an alternate browser

Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

• Opera
  
• Firefox

Note: If you use Firefox you may want to have a look on this Add Ons.

• AdblockPlus ( Blocks advertisments )
  
• NoScript ( Blocks Java, Flash and JavaScript )

Computer Maintenance

Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).

Thinking while surfing

There is no software which will protect your system from yourself.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

• Staying Safe on the Internet ( by Glaswegian )
  
• Making Internet Explorer Safer.
  
• Think Prevention!

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.

[Basalt13]

Again thanks so much for the help my issue is fixed

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!