running MAB and it reboots my computer

rustypirate · October 14, 2010

Initially I was getting a No disk pop up and I couldnt run mcaffee it freeze I download MAB and the no disk is gone after a quick scan however I ran a full scan 3 times now and it shows 5 infections but right as the scan is almost complete it crash dumps my system I am assuming its the malware I have also I have noticed that a user account titled administrator has appeared in my log on screen it appears to be like a master administrator account because I can't delete it but I didn't create it and it wasn't always there hmm? I followed the instructions viat the pre-hjt and here is my HJT file. Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:07:44 AM, on 10/14/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

c:\PROGRA~2\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Users\Conan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{383EBE...4-6FA3A7A1EB7D}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{383EBE...4-6FA3A7A1EB7D}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HyperCam Toolbar\tbhelper.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Games.com Toolbar Loader - {b07040d6-4cb3-4af4-8a5c-038b7cd8a5d8} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll

O3 - Toolbar: Games.com Toolbar - {9da1bcf1-77f5-41c5-b7c3-c597dc20752c} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll

O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [Google Update] "C:\Users\Conan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.girlsgogames.com/game/Unicorn_Universe.html"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX

Gammo · October 16, 2010

Hi,

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Under the Custom Scan box paste this in
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

rustypirate · October 16, 2010

OTL logfile created on: 10/16/2010 10:52:25 AM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Conan\Downloads

64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18865)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free

16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 372.60 Gb Total Space | 63.17 Gb Free Space | 16.95% Space Free | Partition Type: NTFS

Drive J: | 149.01 Gb Total Space | 59.13 Gb Free Space | 39.68% Space Free | Partition Type: FAT32

Unable to calculate disk information.

Computer Name: CONAN-DESTROYER | User Name: Conan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/16 10:26:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Conan\Downloads\OTL.exe

PRC - [2010/09/24 08:36:59 | 001,960,744 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe

PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/02/16 11:57:38 | 000,197,632 | ---- | M] () -- C:\Program Files (x86)\HyperCam Toolbar\TbHelper2.exe

PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe

PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

PRC - [2009/07/14 05:59:24 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/02/03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

========== Modules (SafeList) ==========

MOD - [2010/10/16 10:26:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Conan\Downloads\OTL.exe

MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll

MOD - [2008/01/20 21:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)

SRV:64bit: - [2009/11/04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV:64bit: - [2009/10/28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2008/07/29 16:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)

SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010/09/24 08:36:59 | 001,960,744 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/01/26 11:49:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/12/08 15:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/03/16 17:47:00 | 002,780,212 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2009/02/03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX

rustypirate · October 16, 2010

OTL Extras logfile created on: 10/16/2010 10:52:25 AM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Conan\Downloads

64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18865)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free

16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 372.60 Gb Total Space | 63.17 Gb Free Space | 16.95% Space Free | Partition Type: NTFS

Drive J: | 149.01 Gb Total Space | 59.13 Gb Free Space | 39.68% Space Free | Partition Type: FAT32

Unable to calculate disk information.

Computer Name: CONAN-DESTROYER | User Name: Conan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-47103327-79266996-2798099630-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Users\Conan\DownloadsCod mw 2.exe" = C:\Users\Conan\DownloadsCod mw 2.exe:*:Enabled:Cod mw 2 -- File not found

"C:\Users\Conan\AppData\Roaming\dlsbot.exe" = C:\Users\Conan\AppData\Roaming\dlsbot.exe:*:Enabled:bot -- File not found

"Windows Firewall" = C:\Users\Conan\AppData\Roaming\winlogon.exe -- File not found

"Windows SafeAssist" = C:\Users\Conan\AppData\Roaming\winlogon.exe -- File not found

"C:\Users\Conan\DownloadsCod mw 2.exe" = C:\Users\Conan\DownloadsCod mw 2.exe:*:Enabled:Cod mw 2 -- File not found

"C:\Users\Conan\AppData\Roaming\dlsbot.exe" = C:\Users\Conan\AppData\Roaming\dlsbot.exe:*:Enabled:bot -- File not found

"Windows Firewall" = C:\Users\Conan\AppData\Roaming\winlogon.exe -- File not found

"Windows SafeAssist" = C:\Users\Conan\AppData\Roaming\winlogon.exe -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0093CD00-6279-4327-AA93-5DE43CBC9E13}" = rport=139 | protocol=6 | dir=out | app=system |

"{038D7795-6051-4681-87F2-84448F379426}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{03A09268-F2CA-4504-BAB8-939206BFDA31}" = lport=445 | protocol=6 | dir=in | app=system |

"{1F84D933-89AD-49F0-AE88-33B1575EC119}" = lport=138 | protocol=17 | dir=in | app=system |

"{2375707B-2DD2-44B4-87EE-62859A3A440F}" = rport=138 | protocol=17 | dir=out | app=system |

"{4F095591-4932-4731-B06D-DD0720999B8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{56A9236F-F5A2-4D88-B42B-662AAEDD6857}" = rport=137 | protocol=17 | dir=out | app=system |

"{589324D4-C3CE-4F66-AE49-E1742655FD3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{7B15E0C0-BE5A-4CD3-A23E-28491A3375BF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{7DD32BD5-D14F-4F06-A2BC-F2FD55B9994D}" = lport=58057 | protocol=17 | dir=in | name=pando media booster |

"{9C53B90D-0E90-453B-952D-25A05C8E2EDE}" = lport=137 | protocol=17 | dir=in | app=system |

"{B173A6F1-4940-430B-A64D-EDD698A65C8A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DAD1F3A0-CD8D-4010-99AD-4A8816044FE0}" = lport=58057 | protocol=6 | dir=in | name=pando media booster |

"{E491E51C-8CB6-44D9-ADE4-BCF51B775AA3}" = rport=445 | protocol=6 | dir=out | app=system |

"{E9C5990E-4275-4415-833E-2A4B4F9C5ECB}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{030B3896-74FE-43B9-9FA3-285EF6095472}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{09BA5229-1841-432D-8511-371CED1B8CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"{0EF4F4C2-8ED8-4A2A-9B1E-5A974026A3E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{12A5D63A-E210-4B1B-88D0-2AA5C186849F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{1AE1787B-BA59-43A7-ADAC-92CE1C8C1D21}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{250DE2CF-CFAB-49B6-8DDE-2E27481CC824}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{2B5259C7-5A41-434A-BF35-96DDEA8359F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ai war fleet command\aiwar.exe |

"{2C2C7471-7851-4C5B-A1F0-80FA53336E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"{2F70BEF5-FCEA-4269-BF10-7CF7439094DE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{2FAC3197-BD36-4547-8B48-13F7943B2030}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |

"{32FC7C79-10A1-4DF7-BEA8-7D6222C64383}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3359B0B7-FCF8-4B98-9E0A-6EB0D296A40F}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{3A738E37-47C1-462A-9460-33035CD16DE1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{3C4A2D10-9E10-40B6-AC36-3CE6313D4F65}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |

"{3F304FE8-B4F7-40D3-9409-9A9C55560A7A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{4312FF61-599B-45A6-9332-C4D68EF334C4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |

"{487D00C3-CE09-4D61-843B-89DF104E8742}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\viva pinata demo\viva pinata.exe |

"{4AB14575-A651-440F-802A-335DBD86BEA3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{4B8BEDDA-58A0-4097-A0DE-2565569F93B8}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |

"{51401980-62BA-47F5-83BE-4599509283C4}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{526D5800-D6D1-462B-99C6-0E2927A5AF3B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{5848318D-EFBE-4E88-876C-085465FAE89F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{5DA426F7-1CD6-4507-BC9E-79A51389AE00}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{5FC9EDD0-3A8A-439A-B1CD-65C12C9661E3}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{613ED074-304B-4713-AC95-C4632E0FE4F4}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |

"{630E3663-2D9B-442F-BDC0-E1CDC35BF978}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{63392674-7EBC-4EF1-81A1-B05F5EB42DBF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{66886C2B-FC50-409E-B394-1E6F3B0D615C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{68FB3BA2-5660-481C-8A0D-53E387817EB0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{693FA29F-FBCD-4FCE-AF2C-967E895B857F}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |

"{6E33C23A-CE0A-453B-A874-5F9038B05C2E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{710C6AFA-3575-4EEA-8512-8DD33A7BEBE4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{7AB5A3AC-3196-4C2B-9101-170253D287D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{7CEBFB1E-CDC2-4E08-BF09-D37752A0462C}" = protocol=6 | dir=in | app=c:\users\conan\appdata\local\microsoft\windows\temporary internet files\content.ie5\d2cxp7me\sc2_teaser_1080p[1].exe |

"{7F1884F4-535E-4DCD-A62C-788F77E1FD69}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{7FF8CF18-B6C6-495D-BE37-9A96EC464C7D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{807B447C-4112-48ED-AF11-7E2422A03B90}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{8412D6FF-2158-42E2-8062-016ED969B3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |

"{86F9D4C1-FD64-49C7-8D88-5EF96995A1CD}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{914FEDE9-E858-4550-B879-46892877560C}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |

"{963DBED1-052F-4DF0-8DE0-8F8F11C82DDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{97C710B1-BA2D-4B1D-B3EA-1BEDDE993CD4}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |

"{9BAC01D5-F790-4C19-803F-0CECAC6B538C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{9D4C1229-19C5-464E-A2FB-2A89A26DD579}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{AA19A2ED-1193-48BD-AE33-E8E7A69F7BF1}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |

"{AB2033B6-0257-45F3-8BAA-934A7EF75648}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ai war fleet command\aiwar.exe |

"{B9BCC8EC-3683-4E7D-A746-08A5C100D9CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{BC013515-6438-4E7A-8DC4-910CDE63909E}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |

"{C16EB89C-BB12-486E-9DAC-BD21C1878463}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |

"{D4AEE656-6952-4DBA-A77B-635723C1DC2F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |

"{D9A2665A-EAF4-4A9F-A471-8088BF427012}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |

"{DA9E168B-D5C3-402D-A47A-555E37F8C748}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |

"{DDCAF3E4-1622-41E7-8495-C27F232DDD51}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{E1B06170-42AF-4557-A6FD-1ABB4069F9B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{E8E8A95B-D60C-497E-B356-229C772C540C}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |

"{EE53B31F-5605-40FE-BAAE-DD16BD536C1F}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{F5D49523-6801-485D-99A7-119DCF310934}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\viva pinata demo\viva pinata.exe |

"{F5F203EF-37DA-40D1-B950-3A07491CB71F}" = protocol=17 | dir=in | app=c:\users\conan\appdata\local\microsoft\windows\temporary internet files\content.ie5\d2cxp7me\sc2_teaser_1080p[1].exe |

"{F7EE0AFA-AB36-46E4-87F6-7367786F5258}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |

"{F92AC82B-63B9-4231-9A96-961635A80E3B}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{FA9604BB-0743-4297-80B0-3D35BD0EECC6}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |

"{FF0D89F4-3C01-472B-85F3-7A43DE64360D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |

"TCP Query User{01CDA4E6-0C04-4AD1-B48B-ED67B4DE92FB}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"TCP Query User{0B44C6AD-F1A9-4E42-B551-BEB34DAFB75C}E:\my documents\iclone & poser documents\iclone - poser\poser7\ffrender.exe" = protocol=6 | dir=in | app=e:\my documents\iclone & poser documents\iclone - poser\poser7\ffrender.exe |

"TCP Query User{0B89AEFC-65F6-441F-89AB-C27DA891D914}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"TCP Query User{15B07FC8-59C1-4E38-8DDC-DB8D0FDD9A5B}C:\users\conan\appdata\local\temp\blizzard launcher temporary - 24ac43d8\launcher.exe" = protocol=6 | dir=in | app=c:\users\conan\appdata\local\temp\blizzard launcher temporary - 24ac43d8\launcher.exe |

"TCP Query User{1CB23BBF-628D-4A46-81CE-4593796EF1F1}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"TCP Query User{2943E676-AD3C-4432-9426-223CFD178923}F:\program files\sorenson\squeeze.exe" = protocol=6 | dir=in | app=f:\program files\sorenson\squeeze.exe |

"TCP Query User{2CA7E2BE-294F-432C-92C7-7D1FDAF468B1}C:\program files (x86)\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo trial\halo.exe |

"TCP Query User{350BD8A8-6BDE-4F30-A582-ACE65792AE7C}E:\my documents\iclone & poser documents\poser\poser7\poser.exe" = protocol=6 | dir=in | app=e:\my documents\iclone & poser documents\poser\poser7\poser.exe |

"TCP Query User{3C1B5126-2F82-422D-8D21-A9D7DD7FF16F}E:\my documents\iclone & poser documents\poser\poser7\poser.exe" = protocol=6 | dir=in | app=e:\my documents\iclone & poser documents\poser\poser7\poser.exe |

"TCP Query User{3D787B5D-FCAA-4182-97F5-42994248626F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"TCP Query User{41B90518-EA3A-4281-9AF0-1F006D57E596}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{463A89B0-6752-4475-8F68-0C715D07BEE3}C:\program files (x86)\steam\steamapps\amnferguson1991\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\amnferguson1991\garrysmod\hl2.exe |

"TCP Query User{470088A6-2D93-4B13-8EBB-B916348531FE}C:\users\conan\documents\mycomic\poser7\ffrender.exe" = protocol=6 | dir=in | app=c:\users\conan\documents\mycomic\poser7\ffrender.exe |

"TCP Query User{480D4E5B-3A09-4DFE-8C8E-ABEF229CD4A3}C:\users\conan\desktop\poser7\poser.exe" = protocol=6 | dir=in | app=c:\users\conan\desktop\poser7\poser.exe |

"TCP Query User{6552E28C-7CB7-4001-9A94-8CD36D438366}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |

"TCP Query User{67B62A45-D3DD-499F-8CEF-7B65CC63F988}E:\my documents\iclone & poser documents\iclone - poser\poser7\poser.exe" = protocol=6 | dir=in | app=e:\my documents\iclone & poser documents\iclone - poser\poser7\poser.exe |

"TCP Query User{6FFB6DF3-1916-48E8-A02E-8F6EFB223B05}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe |

"TCP Query User{7629D158-9C2C-452C-AF75-40326765035D}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"TCP Query User{843379E5-EBB5-4B98-B054-8A9C36D83858}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"TCP Query User{9326860A-0A4C-4860-AB55-7F6C8D23028C}E:\my documents\iclone & poser documents\iclone - poser\poser7\ffrender.exe" = protocol=6 | dir=in | app=e:\my documents\iclone & poser documents\iclone - poser\poser7\ffrender.exe |

"TCP Query User{95662541-074F-4577-8543-9C79E8C5B11E}C:\users\conan\appdata\local\microsoft\windows\temporary internet files\content.ie5\ue5rcstl\clubpenguin%20sever%20size%20trainer%20v%203[1].exe" = protocol=6 | dir=in | app=c:\users\conan\appdata\local\microsoft\windows\temporary internet files\content.ie5\ue5rcstl\clubpenguin%20sever%20size%20trainer%20v%203[1].exe |

"TCP Query User{A7870D0F-A0F4-4804-AE2E-9F76BF6FA9D8}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |

"TCP Query User{B94FDDC3-99E0-4480-B870-11031890F53A}C:\users\conan\documents\mycomic\poser7\ffrender.exe" = protocol=6 | dir=in | app=c:\users\conan\documents\mycomic\poser7\ffrender.exe |

"TCP Query User{C4F9FA80-A2C1-46F1-BEEE-AA90BFB3CC73}C:\users\conan\desktop\poser7\poser.exe" = protocol=6 | dir=in | app=c:\users\conan\desktop\poser7\poser.exe |

"TCP Query User{CC538011-BB84-4891-8D6B-9426AA3020B8}C:\program files (x86)\wolfquest\wolfquest.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wolfquest\wolfquest.exe |

"TCP Query User{D27BBB6C-9791-4B1A-9B95-29EA06464A08}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |

"TCP Query User{EEF975BA-F58B-426D-B144-1635FE679049}C:\program files (x86)\wolfquest\wolfquest.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wolfquest\wolfquest.exe |

"TCP Query User{EF1AFB38-5A6C-453B-842C-D2E246038235}C:\users\conan\documents\mycomic\poser7\poser.exe" = protocol=6 | dir=in | app=c:\users\conan\documents\mycomic\poser7\poser.exe |

"TCP Query User{F6C536AB-4520-4D4D-89F9-D7C1AC5FFB42}E:\my documents\iclone & poser documents\iclone - poser\poser7\poser.exe" = protocol=6 | dir=in | app=e:\my documents\iclone & poser documents\iclone - poser\poser7\poser.exe |

"TCP Query User{FB281C88-06BB-4517-AF52-84F67A4B9D14}C:\users\conan\desktop\poser7\ffrender.exe" = protocol=6 | dir=in | app=c:\users\conan\desktop\poser7\ffrender.exe |

"TCP Query User{FFC64823-CE43-4CDB-989E-937EF63BD353}C:\users\conan\desktop\poser7\ffrender.exe" = protocol=6 | dir=in | app=c:\users\conan\desktop\poser7\ffrender.exe |

"UDP Query User{1619D5D0-0524-489A-8C35-E4D71D9FDBB0}E:\my documents\iclone & poser documents\iclone - poser\poser7\poser.exe" = protocol=17 | dir=in | app=e:\my documents\iclone & poser documents\iclone - poser\poser7\poser.exe |

"UDP Query User{18A4DCB2-5877-47E6-8FDD-C2A753112663}C:\program files (x86)\wolfquest\wolfquest.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wolfquest\wolfquest.exe |

"UDP Query User{26EC0B46-84A7-4820-9297-E69EFF8F2011}F:\program files\sorenson\squeeze.exe" = protocol=17 | dir=in | app=f:\program files\sorenson\squeeze.exe |

"UDP Query User{3AFD8ED9-946D-4A65-B78C-CC8DF1D7901B}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"UDP Query User{3B70B15F-358C-4B3B-BC98-3A83EE6C7B97}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"UDP Query User{3BD0173A-E0EF-44CF-B57D-AAAEF8A8F100}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"UDP Query User{494A6629-3128-42E8-AB03-79C3E0B5CF90}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"UDP Query User{496ECDA1-631F-4DEB-B033-0A986F3B7E53}C:\users\conan\documents\mycomic\poser7\poser.exe" = protocol=17 | dir=in | app=c:\users\conan\documents\mycomic\poser7\poser.exe |

"UDP Query User{4B9EDC24-2D5E-4B16-BA79-0DE3FBB1BB55}C:\users\conan\desktop\poser7\poser.exe" = protocol=17 | dir=in | app=c:\users\conan\desktop\poser7\poser.exe |

"UDP Query User{535816A5-137A-4F38-950B-0246BF4AB8C0}E:\my documents\iclone & poser documents\iclone - poser\poser7\poser.exe" = protocol=17 | dir=in | app=e:\my documents\iclone & poser documents\iclone - poser\poser7\poser.exe |

"UDP Query User{565CA686-95E6-40C0-9334-F5D3B77F7C14}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{5C8C903C-E736-44CC-A39B-0C770D4AAE5D}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |

"UDP Query User{6B419BEF-63AD-466E-995D-5D28FE7634FB}C:\users\conan\documents\mycomic\poser7\ffrender.exe" = protocol=17 | dir=in | app=c:\users\conan\documents\mycomic\poser7\ffrender.exe |

"UDP Query User{6C8F11DF-C960-4427-80DF-9D54DC069BA2}C:\users\conan\desktop\poser7\ffrender.exe" = protocol=17 | dir=in | app=c:\users\conan\desktop\poser7\ffrender.exe |

"UDP Query User{6EA53979-D882-4D22-BE93-8EE3944B34F5}C:\users\conan\documents\mycomic\poser7\ffrender.exe" = protocol=17 | dir=in | app=c:\users\conan\documents\mycomic\poser7\ffrender.exe |

"UDP Query User{7C0A155A-EA1A-4990-A73A-A97584EFE750}E:\my documents\iclone & poser documents\poser\poser7\poser.exe" = protocol=17 | dir=in | app=e:\my documents\iclone & poser documents\poser\poser7\poser.exe |

"UDP Query User{A321C39C-7324-42D1-BEDA-4A4A8B0B8EB2}C:\users\conan\desktop\poser7\ffrender.exe" = protocol=17 | dir=in | app=c:\users\conan\desktop\poser7\ffrender.exe |

"UDP Query User{B3F1198A-FA00-4E9F-AA11-3E3B24A4FA89}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe |

"UDP Query User{B5E0BEF2-BDA9-4D85-8003-67F9A4A40692}E:\my documents\iclone & poser documents\iclone - poser\poser7\ffrender.exe" = protocol=17 | dir=in | app=e:\my documents\iclone & poser documents\iclone - poser\poser7\ffrender.exe |

"UDP Query User{C3E99D0B-3C63-4D50-8B3A-488BBFF8DEEE}E:\my documents\iclone & poser documents\iclone - poser\poser7\ffrender.exe" = protocol=17 | dir=in | app=e:\my documents\iclone & poser documents\iclone - poser\poser7\ffrender.exe |

"UDP Query User{C9558D8B-B4C3-42D8-9804-181764A70D4F}C:\program files (x86)\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo trial\halo.exe |

"UDP Query User{CB39BD1B-BFFC-41AC-A992-799607736FD4}E:\my documents\iclone & poser documents\poser\poser7\poser.exe" = protocol=17 | dir=in | app=e:\my documents\iclone & poser documents\poser\poser7\poser.exe |

"UDP Query User{D6D338F8-9BF7-4120-93B3-47EC260B10B3}C:\program files (x86)\steam\steamapps\amnferguson1991\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\amnferguson1991\garrysmod\hl2.exe |

"UDP Query User{DBA6C5CF-16FA-421A-9BBB-A7C36921B17C}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{DDE7F6DA-C397-4BEE-AE42-077C5076F569}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"UDP Query User{EB6BC625-E86E-4025-837D-95400C8D2AB8}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |

"UDP Query User{F303BB52-B6A7-4671-9FD1-78CB316F9312}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |

"UDP Query User{F3C33D41-2951-423A-9D24-0972FF691BE8}C:\users\conan\desktop\poser7\poser.exe" = protocol=17 | dir=in | app=c:\users\conan\desktop\poser7\poser.exe |

"UDP Query User{FA54AEC5-4EE1-498A-BD9A-2385FE121D1C}C:\program files (x86)\wolfquest\wolfquest.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wolfquest\wolfquest.exe |

"UDP Query User{FCEDF4E3-96A2-43DD-9D4A-5837C2BA063E}C:\users\conan\appdata\local\temp\blizzard launcher temporary - 24ac43d8\launcher.exe" = protocol=17 | dir=in | app=c:\users\conan\appdata\local\temp\blizzard launcher temporary - 24ac43d8\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer

"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes

"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A

"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64

"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver

"{6E19F210-3813-4002-B561-94D66AA182B6}" = Attansic L1 Gigabit Ethernet Driver

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"ComicRack" = ComicRack v0.9.125

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPExtendedCapabilities" = HP Customer Participation Program 8.0

"HPOCR" = HP OCR Software 8.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{068E5E60-C039-4706-AB3D-F9589B8BACA2}" = WolfQuest

"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1

"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{35F860D7-5281-4970-A189-1E55C2F4CA8F}" = FPS Creator Model Pack - 8 - Egypt - Bonus

"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox

"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3BE3AEEB-268C-49F9-8B1E-B4989E90E2F9}" = Wizard101 Test

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3E175C63-14BA-4A53-A491-963A457AB5B0}" = CD Key Generator

"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition

"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets

"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone v2.5 Studio

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66FF89F1-6FDB-450E-AA45-21A529008E39}" = FPS Creator Model Pack - 18

"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life

"{6E19F210-3813-4002-B561-94D66AA182B6}" = Attansic L1 Gigabit Ethernet Driver

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71E13F8B-365D-4FCF-BA69-9209FAF9D680}" = FPS Creator Model Pack - 5

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax

"{7CBE3A7A-C3EB-4BB3-AC35-268554A3643A}" = Viva Pinata Demo

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8151518B-A59D-4FC2-89AA-D99084EBC0FD}" = FPS Creator Model Pack - 17

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{869EE40D-2D1C-4930-8A63-A9C5497D04A8}" = Aion

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express

"{8CC166BD-94E6-457E-95B3-E903C402DD27}" = Sorenson Squeeze Trial

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007

"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007

"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{936560AE-2DF2-4370-A120-FA2E294DBD76}" = iClone v1.52 Studio

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations

"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)

"{9DFC9A77-86B4-4139-A4CF-A5E774422D28}" = OLYMPUS USB Reader/Writer

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy

"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software

"{AFEA5739-4FFC-4304-BF1E-BAE4772CF54D}" = FPS Creator Model Pack

"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4

"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook

"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B5C4C2A0-BAE0-4A95-9953-F1488D9A458E}" = FPS Creator Model Pack - 8 - Egypt - V2

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B91E4360-298A-4306-9E95-9AD91A0952A1}" = FPS Creator

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter

"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools

"{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.2 SE

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{C7ABCF96-AD65-4156-94A0-8A8A9AE32D6D}" = TaxCut Kansas 2008

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher

"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar

"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0

"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12

"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI

"{DC1EBED4-B5A0-4F55-8B12-14CE39A8235B}" = TaxCut Standard + Efile 2008

"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX

"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4

"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E68C446D-D95A-4160-AC39-DE7062422985}" = OLYMPUS Master 2

"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{ED4ACDF2-F04A-48FC-B281-D0D4E086426E}" = WidgetMe Beta

"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp

"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"12345_is1" = WeGame Client Public Beta 2.0.3

"886e67449fb4af893ffccc17c4630ccf" = Brunhilda and the Dark Crystal

"9214ab6d810c8baa33f374f0488edd7f" = Family Feud

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Advanced Video FX Engine" = Advanced Video FX Engine

"am-aliceinwonderland" = Alice in Wonderland

"am-lovedeathtmbittentm" = Love & Death - Bitten

"am-robinsquestalegendborn" = Robin's Quest - A Legend Born

"am-snarkbusterswelcometotheclub" = Snark Busters - Welcome to the Club

"Anime Studio Pro_is1" = Anime Studio Pro 5.5

"Art of Murder_is1" = Art of Murder (1.0)

"AudibleManager" = AudibleManager

"BFGC" = Big Fish Games: Game Manager

"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files ®: Dire Grove

Gammo · October 17, 2010

Hi,

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{383EBE1A-0EAF-49C0-A414-6FA3A7A1EB7D}
IE - HKU\S-1-5-21-47103327-79266996-2798099630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{383EBE1A-0EAF-49C0-A414-6FA3A7A1EB7D}
IE - HKU\S-1-5-21-47103327-79266996-2798099630-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HyperCam Toolbar\tbhelper.dll ()
FF - prefs.js..extensions.enabledItems: {7BA9F755-DCD4-4B60-8AE8-EE3662C7C733}:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\2.bin File not found
[2009/12/11 23:59:09 | 000,000,000 | ---D | M] (Seekdns) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7BA9F755-DCD4-4B60-8AE8-EE3662C7C733}
[2009/12/11 23:59:09 | 000,002,385 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seekdns127.xml
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-47103327-79266996-2798099630-1000\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O32 - AutoRun File - [2010/10/13 20:16:40 | 000,000,297 | RHS- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5f3d67af-0e24-11de-8cbf-001d60d7e55f}\Shell\Autoplay\command - "" = H:\driver\info\explorer.exe -- File not found
O33 - MountPoints2\{5f3d67af-0e24-11de-8cbf-001d60d7e55f}\Shell\AutoRun\command - "" = H:\driver\info\explorer.exe -- File not found
O33 - MountPoints2\{5f3d67af-0e24-11de-8cbf-001d60d7e55f}\Shell\Explore\Command - "" = H:\driver\info\explorer.exe -- File not found
O33 - MountPoints2\{5f3d67af-0e24-11de-8cbf-001d60d7e55f}\Shell\open\command - "" = H:\driver\info\explorer.exe -- File not found
O33 - MountPoints2\{600653ae-ebfb-11dd-9274-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{600653ae-ebfb-11dd-9274-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- File not found
O33 - MountPoints2\{ac1f4b2d-b91d-11df-98c0-001d60d7e55f}\Shell - "" = AutoRun
O33 - MountPoints2\{ac1f4b2d-b91d-11df-98c0-001d60d7e55f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c316f9be-303a-11de-8a74-001d60d7e55f}\Shell - "" = AutoRun
O33 - MountPoints2\{c316f9be-303a-11de-8a74-001d60d7e55f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
[2010/10/09 18:02:08 | 000,000,000 | RHSD | C] -- C:\Users\Conan\AppData\Roaming\system32
[2010/10/09 16:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyperCam Toolbar
[2010/10/02 00:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system32
[72 C:\Users\Conan\Desktop\*.tmp files -> C:\Users\Conan\Desktop\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Conan\Documents\*.tmp files -> C:\Users\Conan\Documents\*.tmp -> ]
[1 C:\Users\Conan\AppData\Roaming\*.tmp files -> C:\Users\Conan\AppData\Roaming\*.tmp -> ]

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Conan\AppData\Roaming\dlsbot.exe"=-
"Windows Firewall"=-
"Windows SafeAssist"=-

:Files
ipconfig /flushdns /c
H:\driver
C:\Program Files (x86)\MyWebSearch

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push

rustypirate · October 17, 2010

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4864

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18865

10/17/2010 5:01:53 PM

mbam-log-2010-10-17 (17-01-53).txt

Scan type: Quick scan

Objects scanned: 201465

Time elapsed: 13 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Hi,
Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{383EBE1A-0EAF-49C0-A414-6FA3A7A1EB7D}
IE - HKU\S-1-5-21-47103327-79266996-2798099630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{383EBE1A-0EAF-49C0-A414-6FA3A7A1EB7D}
IE - HKU\S-1-5-21-47103327-79266996-2798099630-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HyperCam Toolbar\tbhelper.dll ()
FF - prefs.js..extensions.enabledItems: {7BA9F755-DCD4-4B60-8AE8-EE3662C7C733}:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\2.bin File not found
[2009/12/11 23:59:09 | 000,000,000 | ---D | M] (Seekdns) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7BA9F755-DCD4-4B60-8AE8-EE3662C7C733}
[2009/12/11 23:59:09 | 000,002,385 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seekdns127.xml
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-47103327-79266996-2798099630-1000\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O32 - AutoRun File - [2010/10/13 20:16:40 | 000,000,297 | RHS- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5f3d67af-0e24-11de-8cbf-001d60d7e55f}\Shell\Autoplay\command - "" = H:\driver\info\explorer.exe -- File not found
O33 - MountPoints2\{5f3d67af-0e24-11de-8cbf-001d60d7e55f}\Shell\AutoRun\command - "" = H:\driver\info\explorer.exe -- File not found
O33 - MountPoints2\{5f3d67af-0e24-11de-8cbf-001d60d7e55f}\Shell\Explore\Command - "" = H:\driver\info\explorer.exe -- File not found
O33 - MountPoints2\{5f3d67af-0e24-11de-8cbf-001d60d7e55f}\Shell\open\command - "" = H:\driver\info\explorer.exe -- File not found
O33 - MountPoints2\{600653ae-ebfb-11dd-9274-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{600653ae-ebfb-11dd-9274-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- File not found
O33 - MountPoints2\{ac1f4b2d-b91d-11df-98c0-001d60d7e55f}\Shell - "" = AutoRun
O33 - MountPoints2\{ac1f4b2d-b91d-11df-98c0-001d60d7e55f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c316f9be-303a-11de-8a74-001d60d7e55f}\Shell - "" = AutoRun
O33 - MountPoints2\{c316f9be-303a-11de-8a74-001d60d7e55f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
[2010/10/09 18:02:08 | 000,000,000 | RHSD | C] -- C:\Users\Conan\AppData\Roaming\system32
[2010/10/09 16:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyperCam Toolbar
[2010/10/02 00:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system32
[72 C:\Users\Conan\Desktop\*.tmp files -> C:\Users\Conan\Desktop\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Conan\Documents\*.tmp files -> C:\Users\Conan\Documents\*.tmp -> ]
[1 C:\Users\Conan\AppData\Roaming\*.tmp files -> C:\Users\Conan\AppData\Roaming\*.tmp -> ]

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Conan\AppData\Roaming\dlsbot.exe"=-
"Windows Firewall"=-
"Windows SafeAssist"=-

:Files
ipconfig /flushdns /c
H:\driver
C:\Program Files (x86)\MyWebSearch

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start Malwarebytes' Anti-Malware
Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I'd like us to scan your machine with ESET OnlineScan
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

rustypirate · October 17, 2010

im scanning using eset right now but running mab previously in quickscan mode it wouldn't pick up anything either it was only using full scan

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4864
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865
10/17/2010 5:01:53 PM
mbam-log-2010-10-17 (17-01-53).txt
Scan type: Quick scan
Objects scanned: 201465
Time elapsed: 13 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Gammo · October 18, 2010

OK. Please post the log file when the scan is completed.

running MAB and it reboots my computer

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information