Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC Infected...Virus/Malware Uknown [Solved]


  • This topic is locked This topic is locked

#1
XPorter

XPorter

    Member

  • Member
  • PipPip
  • 19 posts
Salutations To Everybody @ Geeks to Go...

So, I am pretty sure I am infected with some type of nasty malware or some variant of a Win32 Trojan. I unfortunately, stupidly, did not right the name down when I initially detected it. Anyhow, I will explain everything in details below.

The alarms went off earlier this afternoon when I was browsing the net, safe sites I assure you, when I could not create a bookmark. My primary browser is Maxthon v3.4.5.2000; I stumbled upon a website I wanted to save and when I tried creating the bookmark I could not do it; the dialog box popped up, I selected the folder, clicked "OK" and the box did not close. I forcefully closed the box by selecting "X", I then proceeded to exit Maxthon after trying to create the bookmark a couple times without success. A dialog box appeared because I had multiple tabs open, however I was unable to close the browser as clicking "OK" again did not register and clicking "X" did not work this time. I had to kill the process to close it. At this point I thought that the Maxthon files got corrupted somehow. So I attempted to load up Firefox to download Maxthon to reinstall it and received an error upon loading Firefox, which I did not right down. Then Google Chrome, which did not load at all, the process was there for a split second then it closed just as fast. Same thing that happened with Chrome occurred with Opera. So, at this point I was thinking some type of Malware was in my system. The next step I took was running a full scan of drive C with NOD32 Ver.5 with virus signature database version 7552. That was not successful as it locked up at 26% when it was scanning my desktop under C:\Users\[username]\Desktop. From this point I booted into a Ubuntu distribution of Linux off one of my USB drives. Linux is not actually installed on the USB drive, but is set up as a recovery disk of sorts; it boots into Ubuntu and creates a RAM disk, so it's in memory. From there I downloaded Avast for Linux and executed a scan. The scan found a lot of false positives and two Win32.xx Trojans in Hiberfil.sys and Pagefile.sys, so I deleted my pagefile via Avast and tried to move Hiberfil.sys to the chest because unlike the pagefile this file cannot be recreated, AFAIK...but that failed so I deleted that too. Rebooted into Windows safe mode and installed and ran Malwarebytes which found nothing. Rebooted into Win7 and recreated a 4gb pagefile. Everything seemed okay and then Windows pops a message up while I was looking at stuff saying that in xx seconds Window would restart. Windows restarted and then upon logging in, my desktop does not load, all I see is a black screen. But, I could still see the Taskbar just couldn't do anything. So, I was able to open Task Manager and restart the system. From there, everything was okay again...I am now in the Win7 environment without any difficulties so far, at least for the last two hours I have doing things like changing my desktop location, moving files and writing this post. However, I did try re-scanning drive C with NOD32 and it locked up again, maybe at the same location...not sure, but it was at 26% as it was the first time.

Anyhow, sorry for the long-winded explanation. That is where I am at right now...I am still kind of worried that I did not completely clean what was/is lingering on my system.
Any help in running additional scans would be much appreciated!

Kind regards,

Dan Porter

Please see below for my OTL scan results...I am also including the extras.txt file just in case, maybe the program errors can be of assistance; if this is not needed please disregard.

OTL.txt:

OTL logfile created on: 05/10/2012 8:42:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

17.99 Gb Total Physical Memory | 11.58 Gb Available Physical Memory | 64.36% Memory free
21.99 Gb Paging File | 15.45 Gb Available in Paging File | 70.27% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 786.92 Gb Free Space | 84.48% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1268.94 Gb Free Space | 68.11% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 139.18 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive H: | 279.46 Gb Total Space | 86.79 Gb Free Space | 31.06% Space Free | Partition Type: NTFS
Drive J: | 3.99 Gb Total Space | 3.98 Gb Free Space | 99.78% Space Free | Partition Type: FAT32
Drive X: | 223.57 Gb Total Space | 43.89 Gb Free Space | 19.63% Space Free | Partition Type: NTFS

Computer Name: WIN7-DP | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/05 20:42:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2012/09/17 01:13:54 | 000,097,152 | ---- | M] (Maxthon International ltd.) -- D:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
PRC - [2012/09/09 22:45:24 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/04 14:56:56 | 005,016,064 | ---- | M] (abelhadigital.com) -- D:\Utilities\HostsMan_4.0.82_beta3\hm.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/08/12 20:03:02 | 000,923,072 | ---- | M] (Cyber Power Systems, Inc.) -- D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2010/08/03 11:02:08 | 000,349,632 | ---- | M] (Cyber Power Systems, Inc.) -- D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/12/13 21:23:12 | 000,092,848 | ---- | M] (Binary Fortress Software) -- D:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- D:\Program Files (x86)\Everything\Everything.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/30 22:27:30 | 009,465,032 | ---- | M] () -- D:\Program Files (x86)\Maxthon3\Core\Webkit\Npplugins\NPSWF32.dll
MOD - [2012/08/16 04:25:40 | 000,159,104 | ---- | M] () -- D:\Program Files (x86)\Maxthon3\Addons\Mobile\MxMobile.dll
MOD - [2012/07/11 00:33:16 | 000,258,944 | ---- | M] () -- D:\Program Files (x86)\Maxthon3\Bin\Maxzlib.dll
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- D:\Program Files (x86)\Everything\Everything.exe


========== Services (SafeList) ==========

SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/08/08 22:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/09 22:45:24 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/09 13:32:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/08 17:20:05 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/09/08 17:19:49 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/08/08 22:55:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2010/08/12 20:03:02 | 000,923,072 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 11:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/20 11:00:46 | 000,106,496 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2012/01/20 11:00:46 | 000,034,944 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2011/12/24 08:45:30 | 000,071,464 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2011/11/01 08:23:25 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/11/01 08:23:25 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/10/30 23:08:44 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 14:13:46 | 001,650,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2011/08/04 14:13:32 | 001,605,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2011/08/04 14:13:22 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2011/08/04 14:13:12 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2011/08/04 14:13:00 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2011/08/04 14:12:50 | 000,179,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2011/08/04 14:12:40 | 000,697,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2011/08/04 14:12:28 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2011/08/04 14:12:18 | 001,494,104 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2011/08/04 14:12:18 | 001,494,104 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2011/08/04 14:12:06 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2011/08/04 14:12:06 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2011/08/04 14:11:56 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2011/08/04 14:11:56 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/20 22:04:32 | 000,017,496 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03)
DRV:64bit: - [2011/05/20 22:04:30 | 000,013,016 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02)
DRV:64bit: - [2011/05/20 22:04:28 | 000,251,224 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01)
DRV:64bit: - [2011/04/23 21:30:18 | 000,033,160 | ---- | M] (WeOnlyDo Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wod0205.sys -- (wod0205)
DRV:64bit: - [2011/03/31 16:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/23 21:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 21:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/16 21:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/20 05:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/11 18:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 AF 71 BE 37 89 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ABF532CA-D32C-4D8F-9333-5242CF180093}: "URL" = http://open-search.eu/google.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://flvdirect.iamwired.net/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.5
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.7
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..keyword.URL: "http://flvdirect.iam...c=tops&search="
FF - prefs.js..keyword.enabled: true
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iam...c=tops&search="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/10/31 08:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/08/12 18:00:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/16 14:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/31 08:57:23 | 000,000,000 | ---D | M]

[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/10/04 12:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/23 08:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\extensions
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\extensions\[email protected]
[2012/07/25 22:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2012/04/15 21:53:49 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\[email protected]
[2011/07/09 11:55:38 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\[email protected]
[2011/11/25 12:46:20 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\[email protected]
[2012/07/25 22:33:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2008/09/21 14:55:14 | 000,002,749 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\searchplugins\cuil.xml
[2008/06/22 23:02:53 | 000,000,908 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\searchplugins\imdb.xml
[2010/07/04 02:47:50 | 000,000,266 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\searchplugins\Search.xml
[2008/06/22 23:02:53 | 000,001,108 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\searchplugins\wikipedia-en.xml
File not found (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAM FILES (X86)\ORBITDOWNLOADER\ADDONS\ORBITFF

========== Chrome ==========

CHR - homepage: http://www.gamespot.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.gamespot.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_221.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Pando Web Installer (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Digital Trends = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\1.7.4_0\
CHR - Extension: SpaceVenture Kickstarter Prototype: Phase 1 = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomnnfeooofoenddphjjfdfbpkiiboof\0.5_0\
CHR - Extension: SpaceVenture Kickstarter Prototype: Phase 2 = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjbdidbieimmfipadjkioniffgcgopp\0.13_0\
CHR - Extension: Gmail = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/03 02:44:29 | 001,009,164 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 33263 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Everything] D:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
O4 - HKCU..\Run: [DisplayFusion] D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [HostsMan] D:\Utilities\HostsMan_4.0.82_beta3\hm.exe (abelhadigital.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.25 192.168.0.1 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = porter.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{271FC4E1-0192-4AA4-BC2E-86FE092558D2}: DhcpNameServer = 127.0.0.1 192.168.0.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F25B8A8-1564-47B0-82C6-E45C88A57F2B}: DhcpNameServer = 192.168.0.25 192.168.0.1 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F25B8A8-1564-47B0-82C6-E45C88A57F2B}: NameServer = 64.71.255.198,192.168.0.25
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell - "" = AutoRun
O33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 20:42:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2012/10/05 19:48:57 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Stardock
[2012/10/05 13:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/10/05 12:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/10/05 12:55:58 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/10/05 02:09:47 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Solid State Networks
[2012/09/29 11:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOSS
[2012/09/28 23:54:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meteor Entertainment
[2012/09/24 21:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nicolas Games
[2012/09/22 19:20:15 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Runic Games
[2012/09/22 19:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight 2
[2012/09/20 08:55:01 | 000,000,000 | ---D | C] -- D:\Users\Dan\Documents\Inquisitor_SaveGames
[2012/09/20 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\GOG.com
[2012/09/16 14:32:40 | 000,000,000 | ---D | C] -- D:\Users\Dan\Documents\Mudbox
[2012/09/16 14:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/09/10 15:01:56 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\ProcessLasso
[2012/09/09 23:42:10 | 000,000,000 | ---D | C] -- D:\Users\Dan\Documents\Hard Reset Extended
[2012/09/09 22:59:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\Saved Games
[2012/09/09 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012/09/09 22:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012/09/09 16:48:15 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/09/09 16:48:15 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/09/08 17:21:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2012/09/08 17:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2012/09/08 17:20:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data
[2012/09/08 17:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auzentech
[2012/09/08 17:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2012/09/08 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2012/09/08 17:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2012/09/08 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2012/09/08 17:09:47 | 000,782,336 | ---- | C] (Creative Labs Inc.) -- C:\Windows\SysWow64\oalinst.exe
[2012/09/08 17:09:47 | 000,077,824 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\eaxac3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/05 20:42:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2012/10/05 20:42:04 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 20:42:04 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 20:35:22 | 000,791,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/05 20:35:22 | 000,672,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/05 20:35:22 | 000,128,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/05 20:29:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 20:29:06 | 1603,620,861 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 20:16:08 | 000,062,836 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2012/10/05 20:16:08 | 000,062,836 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2012/10/05 20:16:08 | 000,000,904 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2012/10/05 20:14:37 | 000,777,054 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/04 22:26:02 | 1395,766,598 | ---- | M] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 8.mp4
[2012/10/04 22:25:52 | 1380,838,861 | ---- | M] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 9.mp4
[2012/10/04 02:49:17 | 1607,115,555 | ---- | M] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 7.mp4
[2012/10/04 02:47:00 | 1386,365,463 | ---- | M] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 6.mp4
[2012/10/03 02:44:29 | 001,009,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2012/10/03 01:47:52 | 001,009,165 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.bak
[2012/10/02 22:53:05 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012/10/02 22:53:05 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2012/10/02 19:25:48 | 2253,952,302 | ---- | M] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 5.mp4
[2012/10/02 13:18:43 | 935,639,840 | ---- | M] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 4.mp4
[2012/10/01 17:32:09 | 1913,044,538 | ---- | M] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 3.mp4
[2012/09/30 16:23:54 | 000,075,510 | ---- | M] () -- D:\Users\Dan\Documents\Chieftain_Insurance_$163_30-Sep-2012.pdf
[2012/09/30 16:22:08 | 000,076,294 | ---- | M] () -- D:\Users\Dan\Documents\ScotiaLine_$50_30-Sep-2012.pdf
[2012/09/30 16:21:22 | 000,071,647 | ---- | M] () -- D:\Users\Dan\Documents\Visa_Payment_$200_30-Sep-2012.pdf
[2012/09/30 16:20:27 | 000,090,295 | ---- | M] () -- D:\Users\Dan\Documents\Rent_Dad_$270_30-Sep-2012.pdf
[2012/09/28 23:55:45 | 000,001,285 | ---- | M] () -- C:\Users\Dan\Desktop\Hawken.lnk
[2012/09/28 08:35:40 | 774,414,598 | ---- | M] () -- C:\Users\Dan\Desktop\Borderlands 2_Gamespot_hardware_comparison.mp4
[2012/09/25 02:21:54 | 1150,511,496 | ---- | M] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 2.mp4
[2012/09/24 22:46:55 | 1184,335,437 | ---- | M] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 1.mp4
[2012/09/18 01:36:10 | 1606,619,565 | ---- | M] () -- C:\Users\Dan\Desktop\videoplayback.mp4
[2012/09/14 20:17:00 | 000,016,054 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/09/14 17:25:31 | 003,499,215 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/09/10 19:42:01 | 000,071,239 | ---- | M] () -- D:\Users\Dan\Documents\Visa_Payment_$200_10-Sep-2012.pdf
[2012/09/10 19:39:07 | 000,091,105 | ---- | M] () -- D:\Users\Dan\Documents\Rent_Dad_$219_10-Sep-2012.pdf
[2012/09/10 19:36:41 | 000,083,165 | ---- | M] () -- D:\Users\Dan\Documents\Rogers-HomePhone_Internet__$169.73_10-Sep-2012.pdf
[2012/09/09 22:45:24 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/08 17:21:18 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012/09/07 22:05:43 | 1177,751,522 | ---- | M] () -- C:\Users\Dan\Desktop\169_qft_ep13_090712_hd.mp4
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/05 18:39:20 | 1603,620,861 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/05 12:57:58 | 003,499,215 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/10/05 12:57:00 | 000,016,054 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/10/04 22:03:51 | 1380,838,861 | ---- | C] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 9.mp4
[2012/10/04 22:03:14 | 1395,766,598 | ---- | C] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 8.mp4
[2012/10/04 02:37:22 | 1607,115,555 | ---- | C] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 7.mp4
[2012/10/04 02:36:15 | 1386,365,463 | ---- | C] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 6.mp4
[2012/10/02 19:13:07 | 2253,952,302 | ---- | C] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 5.mp4
[2012/10/02 13:11:28 | 935,639,840 | ---- | C] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 4.mp4
[2012/10/01 17:19:53 | 1913,044,538 | ---- | C] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 3.mp4
[2012/09/30 16:23:54 | 000,075,510 | ---- | C] () -- D:\Users\Dan\Documents\Chieftain_Insurance_$163_30-Sep-2012.pdf
[2012/09/30 16:22:08 | 000,076,294 | ---- | C] () -- D:\Users\Dan\Documents\ScotiaLine_$50_30-Sep-2012.pdf
[2012/09/30 16:21:22 | 000,071,647 | ---- | C] () -- D:\Users\Dan\Documents\Visa_Payment_$200_30-Sep-2012.pdf
[2012/09/30 16:20:27 | 000,090,295 | ---- | C] () -- D:\Users\Dan\Documents\Rent_Dad_$270_30-Sep-2012.pdf
[2012/09/28 23:55:45 | 000,001,285 | ---- | C] () -- C:\Users\Dan\Desktop\Hawken.lnk
[2012/09/28 08:31:43 | 774,414,598 | ---- | C] () -- C:\Users\Dan\Desktop\Borderlands 2_Gamespot_hardware_comparison.mp4
[2012/09/25 02:11:12 | 1150,511,496 | ---- | C] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 2.mp4
[2012/09/24 22:05:35 | 1184,335,437 | ---- | C] () -- C:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 1.mp4
[2012/09/18 01:29:24 | 1606,619,565 | ---- | C] () -- C:\Users\Dan\Desktop\videoplayback.mp4
[2012/09/16 14:27:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/10 19:42:00 | 000,071,239 | ---- | C] () -- D:\Users\Dan\Documents\Visa_Payment_$200_10-Sep-2012.pdf
[2012/09/10 19:39:06 | 000,091,105 | ---- | C] () -- D:\Users\Dan\Documents\Rent_Dad_$219_10-Sep-2012.pdf
[2012/09/10 19:36:41 | 000,083,165 | ---- | C] () -- D:\Users\Dan\Documents\Rogers-HomePhone_Internet__$169.73_10-Sep-2012.pdf
[2012/09/08 17:41:21 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012/09/08 17:41:21 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2012/09/08 17:23:39 | 000,062,836 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2012/09/08 17:23:39 | 000,062,836 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2012/09/08 17:23:39 | 000,000,904 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2012/09/08 17:20:17 | 000,207,872 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/09/08 17:20:17 | 000,089,600 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2012/09/08 17:20:17 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/09/08 17:20:16 | 000,272,384 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2012/09/08 17:20:16 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2012/09/08 17:09:47 | 002,167,684 | ---- | C] () -- C:\Windows\SysWow64\CT2MGM.SF2
[2012/09/08 17:09:47 | 002,167,684 | ---- | C] () -- C:\Windows\SysNative\CT2MGM.SF2
[2012/09/08 17:09:47 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\CT1MGM.ROM
[2012/09/08 17:09:47 | 001,048,576 | ---- | C] () -- C:\Windows\SysNative\CT1MGM.ROM
[2012/09/08 17:09:47 | 000,390,609 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2012/09/08 17:09:47 | 000,390,609 | ---- | C] () -- C:\Windows\SysNative\ctdnlstr.dat
[2012/09/08 17:09:47 | 000,051,979 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2012/09/08 17:09:47 | 000,051,979 | ---- | C] () -- C:\Windows\SysNative\ctdlang.dat
[2012/09/08 17:09:47 | 000,028,411 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2012/09/08 17:09:47 | 000,028,411 | ---- | C] () -- C:\Windows\SysNative\instwdm.ini
[2012/09/08 17:09:47 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\regplib.exe
[2012/09/08 17:09:47 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2012/09/08 17:09:47 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2012/09/08 17:09:47 | 000,010,062 | ---- | C] () -- C:\Windows\SysWow64\UDAAPO64.UDA
[2012/09/08 17:09:47 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2012/09/08 17:09:47 | 000,005,530 | ---- | C] () -- C:\Windows\SysWow64\CTMLFX64.UDA
[2012/09/08 17:09:47 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2012/09/08 17:09:47 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\CtxfiRes.dll
[2012/09/08 17:09:47 | 000,001,688 | ---- | C] () -- C:\Windows\SysNative\XFi.bmp
[2012/09/08 17:09:47 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2012/09/08 17:09:47 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default8.sfm
[2012/09/08 17:09:47 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default8.sfm
[2012/09/08 17:09:47 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default4.sfm
[2012/09/08 17:09:47 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default4.sfm
[2012/09/08 17:09:47 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default.sfm
[2012/09/08 17:09:47 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default.sfm
[2012/09/08 17:09:47 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012/09/08 17:09:47 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\ctzapxx.ini
[2012/09/07 21:57:19 | 1177,751,522 | ---- | C] () -- C:\Users\Dan\Desktop\169_qft_ep13_090712_hd.mp4
[2012/08/26 23:06:58 | 000,000,213 | ---- | C] () -- C:\Windows\PCWGXDRV.INI
[2012/08/26 23:06:58 | 000,000,057 | ---- | C] () -- C:\Windows\LOGINPUT.INI
[2012/08/12 21:26:44 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI
[2012/07/25 16:01:16 | 000,002,081 | ---- | C] () -- C:\ProgramData\ENG.2012-07.pl.nicolasgames_B05A5A11-F525-40DF-AE67-58228603B921.swidtag
[2012/07/21 00:03:09 | 000,000,036 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/05 00:28:53 | 000,000,079 | ---- | C] () -- C:\Users\Dan\AppData\Local\CrystalDiskMark30.ini
[2012/02/25 21:55:54 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2012/02/25 18:29:56 | 000,000,119 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Network Monitor II_Traffic.ini
[2012/02/22 22:53:47 | 000,001,765 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012/02/22 22:53:39 | 000,000,513 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\GPU Monitor_GPU0_Settings.ini
[2012/02/03 22:53:39 | 000,777,054 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/18 17:56:43 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/13 00:25:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/13 00:25:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/12 18:42:04 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/30 23:57:41 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/10/30 11:07:56 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/10/30 07:53:21 | 000,003,084 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/26 22:35:05 | 000,081,456 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\icarus-dxdiag.xml
[2011/10/26 22:35:05 | 000,001,702 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\System Monitor II_Settings.ini
[2011/10/26 22:35:05 | 000,000,601 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Network Monitor II_Settings.ini
[2011/10/26 22:35:05 | 000,000,485 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\GPU Monitor_Settings.ini
[2011/10/26 22:35:05 | 000,000,424 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Drives Monitor_Settings.ini
[2011/10/26 22:33:37 | 000,007,618 | ---- | C] () -- C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
[2011/10/26 22:33:37 | 000,000,091 | ---- | C] () -- C:\Users\Dan\AppData\Local\fusioncache.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/26 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.dbox
[2012/08/22 22:23:18 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.minecraft
[2012/03/17 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\abelhadigital.com
[2011/10/26 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Acronis
[2010/07/01 08:36:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Amazon
[2012/08/26 23:33:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Audacity
[2011/10/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Autodesk
[2012/03/23 12:00:42 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\BHOK IT Consulting
[2011/10/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Bioshock2
[2011/10/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Bizarre Creations
[2011/10/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Blackberry Desktop
[2012/04/16 01:07:00 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\BoneTown
[2011/10/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Braid
[2011/10/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Brawsome
[2011/10/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Cloanto
[2011/10/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\com.adobe.ExMan
[2011/10/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2011/10/26 22:35:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\CrystalApp
[2010/05/24 07:52:19 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\CrystalSpace
[2012/09/24 21:48:02 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools Pro
[2012/09/06 22:42:10 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DisplayFusion
[2011/10/26 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Downloaded Installations
[2012/05/01 08:37:36 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Dropbox
[2011/07/21 00:00:08 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\EurekaLog
[2012/08/13 00:56:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\fltk.org
[2011/10/26 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Foxit
[2011/10/26 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Foxit Software
[2012/02/15 00:34:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GameRanger
[2011/10/26 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GARMIN
[2011/10/26 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GetRightToGo
[2012/09/20 00:17:32 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GOG.com
[2011/10/26 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GrabPro
[2012/03/22 18:55:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\gsmartcontrol
[2012/04/02 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Hensense.com
[2011/10/26 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Hothead Games
[2011/10/26 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImgBurn
[2011/10/26 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\JKHub
[2012/02/25 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Language
[2011/10/26 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Leadertech
[2012/04/24 22:49:43 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LoneSurvivor
[2011/10/26 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LucasArts
[2011/10/26 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\MagicIndie
[2011/10/26 22:35:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Maxthon3
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\MinMaxGames
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mumble
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\New Technology Studio
[2012/01/02 02:23:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Nifflas
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Nokia
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Notepad++
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\OpenCandy
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\OpenOffice.org
[2011/10/26 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Opera
[2012/04/29 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Orbit
[2011/10/26 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PlaneShift
[2011/10/26 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PlayFirst
[2012/09/10 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ProcessLasso
[2011/10/26 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ProgSense
[2011/10/26 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ProtectDISC
[2012/01/31 23:31:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Razer
[2011/10/26 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Research In Motion
[2011/10/26 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\runic games
[2011/10/26 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ScummVM
[2012/07/05 23:07:34 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SteelSeries
[2012/01/18 09:48:06 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SumatraPDF
[2011/10/26 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\The Creative Assembly
[2011/10/26 22:36:04 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Thunderbird
[2011/10/26 22:37:12 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Tilted Mill
[2011/10/26 22:37:12 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TrueCrypt
[2011/10/26 22:37:12 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TS3Client
[2011/10/26 22:37:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Turbine
[2011/10/26 22:37:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Ubisoft
[2011/10/26 22:37:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\UHS Reader
[2011/10/26 22:37:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uqm
[2012/10/03 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent
[2012/07/16 20:44:54 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Vessel
[2011/10/26 22:37:17 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Wippien
[2011/10/26 22:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\World of Warcraft
[2012/01/12 23:31:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\XnView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5120 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 3584 bytes -> D:\Users\Dan\Documents\desktop.ini:gs5sys

< End of report >

Extras.txt:

OTL Extras logfile created on: 05/10/2012 8:42:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

17.99 Gb Total Physical Memory | 11.58 Gb Available Physical Memory | 64.36% Memory free
21.99 Gb Paging File | 15.45 Gb Available in Paging File | 70.27% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 786.92 Gb Free Space | 84.48% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1268.94 Gb Free Space | 68.11% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 139.18 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive H: | 279.46 Gb Total Space | 86.79 Gb Free Space | 31.06% Space Free | Partition Type: NTFS
Drive J: | 3.99 Gb Total Space | 3.98 Gb Free Space | 99.78% Space Free | Partition Type: FAT32
Drive X: | 223.57 Gb Total Space | 43.89 Gb Free Space | 19.63% Space Free | Partition Type: NTFS

Computer Name: WIN7-DP | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- D:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- "D:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- "D:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BADFD17-5C84-4920-A4E7-14F3AF36D8CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B99955D-E79A-4861-A4DA-A1754DECF45E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F216B51-4768-4483-96E8-854D37B899A5}" = lport=57012 | protocol=17 | dir=in | name=pando media booster |
"{3761BA1C-1760-4C98-8141-E7A715716389}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{431F06F0-B86B-4FA9-948D-28BED627C3D6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4687EE1D-8C44-4595-868D-9929DB4EAD1C}" = lport=57012 | protocol=6 | dir=in | name=pando media booster |
"{5B2DB423-1832-487B-9492-AA625356BB26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D170943-0C4C-47DB-8E5F-44AEBDD66605}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73F71296-D02E-400B-A79A-27866AFACCFC}" = lport=57012 | protocol=6 | dir=in | name=pando media booster |
"{7A38BE08-08A5-4417-9A4D-AE5091FED629}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8291ED36-F31E-4510-929A-37AC8B9DDB75}" = lport=57012 | protocol=17 | dir=in | name=pando media booster |
"{85A22411-639A-48E1-A6DE-C8E62C1CF013}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{A2AF314F-ABCB-4923-A723-68EC9221B4A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B48F0B85-6FAD-44C3-9C2E-3C6E710F5778}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D82778BF-61E8-4DD8-B43C-473AE90AFD82}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0935523-80B3-4989-97EA-288E6A1C7D53}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF734D76-85B0-4205-B6B3-177A6BEA331C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{F93EE87A-BCEB-4372-92B8-8AABCA1E0B72}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0337668E-1D8B-4877-8C45-C51E8F377453}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{0E644385-7A6E-45CB-BD26-1B43256E47A8}" = protocol=6 | dir=in | app=d:\program files (x86)\maxthon3\bin\mxup.exe |
"{1E1FD935-AA87-4B35-9F45-EBDCB7C16231}" = protocol=17 | dir=in | app=d:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{1EBAC985-18C5-4568-848E-E4C8C287F0B8}" = protocol=17 | dir=in | app=d:\program files (x86)\maxthon3\bin\maxthon.exe |
"{6EC79879-8834-4681-B1F2-E37638B5CA60}" = protocol=6 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{77F138DE-869B-4CD2-9FEE-83A398B7337B}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{95F4AD16-A05D-49D2-9E69-74C1DBCED766}" = protocol=17 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{9C1122DB-39C3-443D-BCBB-61865659B0C6}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{CF9B8CFE-FE3B-4E26-BF72-FEAEC93B0803}" = protocol=17 | dir=in | app=d:\program files (x86)\maxthon3\bin\mxup.exe |
"{D5377B04-AECF-4FE0-B9B6-A51D6B66A1CC}" = protocol=6 | dir=in | app=d:\program files (x86)\maxthon3\bin\maxthon.exe |
"{E2F76DBE-6FD2-487B-86FB-543B2C5A699D}" = protocol=6 | dir=in | app=d:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{E70DD125-4025-48DA-A78A-C75886471696}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEF2EE23-8E80-4796-8E97-72C3862E5716}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"TCP Query User{09E55F61-2A53-467E-87ED-09E7AF28A3A5}D:\program files (x86)\codemasters\rise of the argonauts\binaries\riseoftheargonauts.exe" = protocol=6 | dir=in | app=d:\program files (x86)\codemasters\rise of the argonauts\binaries\riseoftheargonauts.exe |
"TCP Query User{13979C66-995C-4188-9778-F6E2C61C6DEC}C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{35116CB9-74A3-443E-8FC4-172759D2444C}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{3E4C8057-0B9E-445A-96C4-37CD628E74A6}D:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{706AF2EB-7C28-496E-AB78-1CF673FA3B3F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{71062E2E-17E0-487C-BE17-7BB3D3801699}D:\udk\udk-2010-09\binaries\unrealfrontend.exe" = protocol=6 | dir=in | app=d:\udk\udk-2010-09\binaries\unrealfrontend.exe |
"TCP Query User{E27DD617-DB46-436F-8402-9DD02DC76BFE}D:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=d:\program files (x86)\opera\opera.exe |
"TCP Query User{F9D71C9C-A255-4FBF-B80F-C96BE48999CA}D:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe" = protocol=6 | dir=in | app=d:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
"UDP Query User{03DC33CC-C5F6-4D15-A376-D3B8586202D5}D:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe" = protocol=17 | dir=in | app=d:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
"UDP Query User{1122B828-6D37-4805-BDD8-F37A574EAA10}D:\program files (x86)\codemasters\rise of the argonauts\binaries\riseoftheargonauts.exe" = protocol=17 | dir=in | app=d:\program files (x86)\codemasters\rise of the argonauts\binaries\riseoftheargonauts.exe |
"UDP Query User{141EC4D6-4E4F-45C6-9D04-321489059840}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{173EB1A2-C08D-44CD-8115-23CD50C53728}D:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{2BC6D970-2C94-4571-9E1D-6B89905B57A4}D:\udk\udk-2010-09\binaries\unrealfrontend.exe" = protocol=17 | dir=in | app=d:\udk\udk-2010-09\binaries\unrealfrontend.exe |
"UDP Query User{BEDFC086-F6E1-4202-A93B-74FD6201E736}D:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=d:\program files (x86)\opera\opera.exe |
"UDP Query User{CB0644E0-A604-482E-8E9D-44D9C7AF0688}C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E162B6F4-319D-4C18-8738-1D588FD175EE}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{10E5F3FF-AD93-40C5-A0F5-13B9185DBB12}" = ESET NOD32 Antivirus
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java™ 7 Update 4 (64-bit)
"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E1993D28-CC66-47D2-AB36-64EEDC317FFA}" = StudioTax 2011
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6FD24B4-34A3-4635-8ECD-7B5C791EAE5F}" = Wing Commander Saga 1.0.2.7795
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"Explorer Suite_is1" = Explorer Suite III
"HardlinkShellExt" = Link Shell Extension
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D5FF1F-BB19-4387-8EF1-C6319037EC12}" = RAMDisk
"{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}" = Torchlight 2
"{08CFF9D1-BD86-4CA3-BC4A-AC51EF7640A4}" = X-Fi Forte 7.1
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D693CF9-13F1-432A-8FF4-4ADA4CB523B5}" = Afterfall InSanity
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.52
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93F750BB-805D-4325-A8E6-C80BE01B870D}" = BOSS Userlist Manager
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
"{EDEC45BE-39B9-4C23-81AF-FD1B5CECEA2A}" = CyberPower PowerPanel Personal Edition 1.3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.04.04.8012
"3.0.100.39_is1" = Disktrix UltimateDefrag 3.0
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Conan_is1" = Age of Conan: Unchained
"Audacity_is1" = Audacity 2.0.2
"AutoHotkey" = AutoHotkey 1.0.48.05
"AviSynth" = AviSynth 2.5
"AW7" = Postal 2: AW7
"Baldur's Gate II_is1" = Baldur's Gate II
"Baldur's Gate_is1" = Baldur's Gate
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"BOSS" = BOSS
"CHControlManager_is1" = CH Control Manager Software
"CwGet_is1" = CwGet V2.26
"DarkLoader_is1" = DarkLoader 4.3
"Diablo III" = Diablo III
"dips64" = Desktop Icon Position Saver (64-bit)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Eternal Damnation: A Postal 2 Modification" = Eternal Damnation: A Postal 2 Modification
"Everything" = Everything 1.2.1.371
"ffdshow_is1" = ffdshow [rev 497] [2006-11-04]
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster 3
"GOM Player" = GOM Player
"GSmartControl" = GSmartControl
"Guild Wars 2" = Guild Wars 2
"Inquisitor_is1" = Inquisitor
"Intel® Solid-State Drive Toolbox" = Intel® Solid-State Drive Toolbox
"Legend of Grimrock_is1" = Legend of Grimrock
"Marvell Miniport Driver" = Marvell Miniport Driver
"Maxthon3" = Maxthon 3
"MDK_is1" = MDK
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"OpenAL" = OpenAL
"PFPortChecker" = PFPortChecker 1.0.39
"Postal 2 - Apocalypse Weekend" = Postal 2 - Apocalypse Weekend
"Postal 2 - Share The Pain" = Postal 2 - Share The Pain
"PunkBusterSvc" = PunkBuster Services
"Resonance_is1" = Resonance
"Rockstar Games Social Club" = Rockstar Games Social Club
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Steam App 202170" = Sleeping Dogs™
"Steam App 202480" = Creation Kit
"Steam App 218350" = Unmechanical Demo
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8980" = Borderlands
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"The Secret World_is1" = The Secret World
"The Walking Dead © 3_is1" = The Walking Dead © 3 version 1
"Thief 2: The Metal Age_is1" = Thief 2: The Metal Age
"Thief Gold_is1" = Thief Gold
"uTorrent" = µTorrent
"Winamp" = Winamp
"Wrye Bash" = Wrye Bash
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"XnView Shell Extension_is1" = XnView Shell Extension 3.1.0 (64bits)
"XnView_is1" = XnView 1.98.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Hawken" = Hawken
"Space Quest II Remake" = Space Quest II Remake
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/10/2012 1:51:54 PM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp:
0x4a40f18b Faulting module name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Exception
code: 0xc0000005 Fault offset: 0x001878f8 Faulting process id: 0x15a4 Faulting application
start time: 0x01cda0c65f35caf4 Faulting application path: X:\Games\Fallout 3\Fallout3.exe
Faulting
module path: X:\Games\Fallout 3\Fallout3.exe Report Id: d981a724-0cb9-11e2-a466-00248c444208

Error - 02/10/2012 9:11:57 PM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp:
0x4a40f18b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1d24 Faulting application
start time: 0x01cda0d2e1451dab Faulting application path: X:\Games\Fallout 3\Fallout3.exe
Faulting
module path: unknown Report Id: 5321fb71-0cf7-11e2-a466-00248c444208

Error - 04/10/2012 1:50:30 AM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp:
0x4a40f18b Faulting module name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Exception
code: 0xc0000005 Fault offset: 0x007ecef3 Faulting process id: 0x5194 Faulting application
start time: 0x01cda1ef723da334 Faulting application path: X:\Games\Fallout 3\Fallout3.exe
Faulting
module path: X:\Games\Fallout 3\Fallout3.exe Report Id: 67128114-0de7-11e2-a23c-00248c444208

Error - 04/10/2012 7:52:07 PM | Computer Name = Win7-DP.porter.local | Source = Application Hang | ID = 1002
Description = The program Fallout3.exe version 1.7.0.3 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2da4 Start
Time: 01cda2757a847311 Termination Time: 229 Application Path: X:\Games\Fallout 3\Fallout3.exe

Report
Id: 7a204bc3-0e7e-11e2-a23c-00248c444208

Error - 04/10/2012 11:00:05 PM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: Borderlands.exe, version: 1.4.2.1, time
stamp: 0x4eddb1bf Faulting module name: Borderlands.exe, version: 1.4.2.1, time
stamp: 0x4eddb1bf Exception code: 0xc0000005 Fault offset: 0x006ad78a Faulting process
id: 0x23c4 Faulting application start time: 0x01cda2a581199851 Faulting application
path: x:\steam\steamapps\common\borderlands\Binaries\Borderlands.exe Faulting module
path: x:\steam\steamapps\common\borderlands\Binaries\Borderlands.exe Report Id:
c2f06427-0e98-11e2-a23c-00248c444208

Error - 04/10/2012 11:00:09 PM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: Borderlands.exe, version: 1.4.2.1, time
stamp: 0x4eddb1bf Faulting module name: Borderlands.exe, version: 1.4.2.1, time
stamp: 0x4eddb1bf Exception code: 0xc0000005 Fault offset: 0x0145dab7 Faulting process
id: 0x23c4 Faulting application start time: 0x01cda2a581199851 Faulting application
path: x:\steam\steamapps\common\borderlands\Binaries\Borderlands.exe Faulting module
path: x:\steam\steamapps\common\borderlands\Binaries\Borderlands.exe Report Id:
c558e1ae-0e98-11e2-a23c-00248c444208

Error - 05/10/2012 12:57:20 PM | Computer Name = Win7-DP.porter.local | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed.

System
Error: The parameter is incorrect. .

Error - 05/10/2012 12:57:20 PM | Computer Name = Win7-DP.porter.local | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed.

System
Error: The parameter is incorrect. .

Error - 05/10/2012 1:45:34 PM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 21.0.1180.83, time
stamp: 0x502eaec7 Faulting module name: USP10.dll, version: 1.626.7601.17514, time
stamp: 0x4ce7ba29 Exception code: 0xc0000005 Fault offset: 0x00047075 Faulting process
id: 0x1eb4 Faulting application start time: 0x01cda32136d5b52e Faulting application
path: C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\syswow64\USP10.dll Report Id: 7633134d-0f14-11e2-8c3e-00248c444208

Error - 05/10/2012 1:59:22 PM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 21.0.1180.83, time
stamp: 0x502eaec7 Faulting module name: USP10.dll, version: 1.626.7601.17514, time
stamp: 0x4ce7ba29 Exception code: 0xc0000005 Fault offset: 0x00047075 Faulting process
id: 0x1090 Faulting application start time: 0x01cda323254da37b Faulting application
path: C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\syswow64\USP10.dll Report Id: 63af38ca-0f16-11e2-8c3e-00248c444208

Error - 05/10/2012 2:00:04 PM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: opera.exe, version: 11.52.1100.0, time
stamp: 0x4e9c6c1d Faulting module name: USP10.dll, version: 1.626.7601.17514, time
stamp: 0x4ce7ba29 Exception code: 0xc0000005 Fault offset: 0x00047075 Faulting process
id: 0x1ff4 Faulting application start time: 0x01cda3233f2501d8 Faulting application
path: D:\Program Files (x86)\Opera\opera.exe Faulting module path: C:\Windows\syswow64\USP10.dll
Report
Id: 7cf7264e-0f16-11e2-8c3e-00248c444208

Error - 05/10/2012 7:39:59 PM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.0.1446.623, time
stamp: 0x5004ae1a Faulting module name: libcef.dll, version: 1.989.464.0, time stamp:
0x502d6408 Exception code: 0x80000003 Fault offset: 0x0002f1a0 Faulting process id:
0x21c Faulting application start time: 0x01cda352b20aca40 Faulting application path:
X:\Steam\Steam.exe Faulting module path: X:\Steam\bin\libcef.dll Report Id: f93ad5f3-0f45-11e2-86fd-00248c444208

Error - 05/10/2012 7:40:21 PM | Computer Name = Win7-DP.porter.local | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.0.1446.623, time
stamp: 0x5004ae1a Faulting module name: libcef.dll, version: 1.989.464.0, time stamp:
0x502d6408 Exception code: 0x80000003 Fault offset: 0x0002f1a0 Faulting process id:
0x7c4 Faulting application start time: 0x01cda352bf60605c Faulting application path:
X:\Steam\Steam.exe Faulting module path: X:\Steam\bin\libcef.dll Report Id: 064aaf79-0f46-11e2-86fd-00248c444208

[ System Events ]
Error - 05/10/2012 8:23:06 PM | Computer Name = Win7-DP.porter.local | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 05/10/2012 8:23:06 PM | Computer Name = Win7-DP.porter.local | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 05/10/2012 8:23:06 PM | Computer Name = Win7-DP.porter.local | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 05/10/2012 8:23:06 PM | Computer Name = Win7-DP.porter.local | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 05/10/2012 8:23:12 PM | Computer Name = Win7-DP.porter.local | Source = DCOM | ID = 10005
Description =

Error - 05/10/2012 8:23:13 PM | Computer Name = Win7-DP.porter.local | Source = DCOM | ID = 10005
Description =

Error - 05/10/2012 8:23:12 PM | Computer Name = Win7-DP.porter.local | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 05/10/2012 8:24:35 PM | Computer Name = Win7-DP.porter.local | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1068

Error - 05/10/2012 8:29:26 PM | Computer Name = Win7-DP.porter.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain PORTER due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 05/10/2012 8:29:28 PM | Computer Name = Win7-DP.porter.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.


< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello XPorter,

Welcome to Geekstogo.

Sorry for the delay.

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post post the log (Result.txt) in your next reply.

So when you return please post
  • aswMBR log
  • Result.txt

  • 0

#3
XPorter

XPorter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello emeraldnzl,

Don't worry about the delay...I totally understand.

I executed the two scan you asked me to...the txt files are attached.

Quick question; aswMBR created a MBR.dat along side the aswMBR.txt file, do I need the .dat file?

Thanks,

Dan Porter

Attached File  aswMBR.txt   2.08KB   45 downloads
Attached File  Result.txt   5.8KB   39 downloads
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

the txt files are attached.


Please paste the logs back in the thread in future. Easier to analyse and we are a training site so it helps with student education. :)

Quick question; aswMBR created a MBR.dat along side the aswMBR.txt file, do I need the .dat file?


Please leave it there for the time being. If we need to check the MBR that is the one we will upload.

Now

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
When you return please post
  • MBAM log
  • checkup.txt

  • 0

#5
XPorter

XPorter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ah, Sorry about that...and my first instinct was to copy & paste the txt file contents into the body of my post...lol.

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dan :: WIN7-DP [administrator]

Protection: Disabled

19/10/2012 9:22:17 AM
mbam-log-2012-10-19 (09-22-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201607
Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again XPorter,

Please download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

After that

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

When you return please post
  • AdwCleaner log
  • OTL.txt

  • 0

#7
XPorter

XPorter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the results of my latest scans;

# AdwCleaner v2.005 - Logfile created 10/19/2012 at 15:44:56
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Dan - WIN7-DP
# Boot Mode : Normal
# Running from : D:\Users\Dan\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\searchplugins\search.xml
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Dan\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Dan\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\prefs.js

C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\user.js ... Deleted !

Deleted : user_pref("extensions.snipit.askTbInstalled", true);

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Dan\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2433 octets] - [19/10/2012 15:43:32]
AdwCleaner[S2].txt - [2346 octets] - [19/10/2012 15:44:56]

########## EOF - C:\AdwCleaner[S2].txt - [2406 octets] ##########



OTL logfile created on: 19/10/2012 4:05:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Dan\Desktop\Scan Results from GeekstoGo
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

17.99 Gb Total Physical Memory | 11.96 Gb Available Physical Memory | 66.46% Memory free
21.99 Gb Paging File | 15.74 Gb Available in Paging File | 71.60% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 843.24 Gb Free Space | 90.52% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1196.97 Gb Free Space | 64.25% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 124.93 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
Drive H: | 279.46 Gb Total Space | 83.46 Gb Free Space | 29.86% Space Free | Partition Type: NTFS
Drive J: | 3.99 Gb Total Space | 3.99 Gb Free Space | 99.97% Space Free | Partition Type: FAT32
Drive X: | 223.57 Gb Total Space | 58.83 Gb Free Space | 26.31% Space Free | Partition Type: NTFS

Computer Name: WIN7-DP | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/05 20:42:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Dan\Desktop\Scan Results from GeekstoGo\OTL.exe
PRC - [2012/09/17 01:13:54 | 000,097,152 | ---- | M] (Maxthon International ltd.) -- D:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
PRC - [2012/09/09 22:45:24 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/04 14:56:56 | 005,016,064 | ---- | M] (abelhadigital.com) -- D:\Utilities\HostsMan_4.0.82_beta3\hm.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/08/12 20:03:02 | 000,923,072 | ---- | M] (Cyber Power Systems, Inc.) -- D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2010/08/03 11:02:08 | 000,349,632 | ---- | M] (Cyber Power Systems, Inc.) -- D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2009/12/13 21:23:12 | 000,092,848 | ---- | M] (Binary Fortress Software) -- D:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- D:\Program Files (x86)\Everything\Everything.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/16 04:25:40 | 000,159,104 | ---- | M] () -- D:\Program Files (x86)\Maxthon3\Addons\Mobile\MxMobile.dll
MOD - [2012/07/11 00:33:16 | 000,258,944 | ---- | M] () -- D:\Program Files (x86)\Maxthon3\Bin\Maxzlib.dll
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- D:\Program Files (x86)\Everything\Everything.exe


========== Services (SafeList) ==========

SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/08/08 22:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/19 11:49:12 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/09 22:45:24 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/09 13:32:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/08 17:20:05 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/09/08 17:19:49 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2010/08/12 20:03:02 | 000,923,072 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 11:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/20 11:00:46 | 000,106,496 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2012/01/20 11:00:46 | 000,034,944 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2011/12/24 08:45:30 | 000,071,464 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2011/11/01 08:23:25 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/11/01 08:23:25 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/10/30 23:08:44 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 14:13:46 | 001,650,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2011/08/04 14:13:32 | 001,605,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2011/08/04 14:13:22 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2011/08/04 14:13:12 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2011/08/04 14:13:00 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2011/08/04 14:12:50 | 000,179,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2011/08/04 14:12:40 | 000,697,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2011/08/04 14:12:28 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2011/08/04 14:12:18 | 001,494,104 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2011/08/04 14:12:18 | 001,494,104 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2011/08/04 14:12:06 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2011/08/04 14:12:06 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2011/08/04 14:11:56 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2011/08/04 14:11:56 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/20 22:04:32 | 000,017,496 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03)
DRV:64bit: - [2011/05/20 22:04:30 | 000,013,016 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02)
DRV:64bit: - [2011/05/20 22:04:28 | 000,251,224 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01)
DRV:64bit: - [2011/04/23 21:30:18 | 000,033,160 | ---- | M] (WeOnlyDo Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wod0205.sys -- (wod0205)
DRV:64bit: - [2011/03/31 16:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/23 21:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 21:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/16 21:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/20 05:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/11 18:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 2D 68 85 11 AE CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{ABF532CA-D32C-4D8F-9333-5242CF180093}: "URL" = http://open-search.eu/google.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://flvdirect.iamwired.net/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.5
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.7
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..keyword.URL: "http://flvdirect.iam...c=tops&search="
FF - prefs.js..keyword.enabled: true
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iam...c=tops&search="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/10/31 08:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/10/19 11:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/19 11:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/31 08:57:23 | 000,000,000 | ---D | M]

[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/10/04 12:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/23 08:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\extensions
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\extensions\[email protected]
[2012/07/25 22:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/26 22:35:57 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2012/04/15 21:53:49 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\[email protected]
[2011/07/09 11:55:38 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\[email protected]
[2011/11/25 12:46:20 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\[email protected]
[2012/07/25 22:33:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2008/09/21 14:55:14 | 000,002,749 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\searchplugins\cuil.xml
[2008/06/22 23:02:53 | 000,000,908 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\searchplugins\imdb.xml
[2010/07/04 02:47:50 | 000,000,266 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\searchplugins\Search.xml
[2008/06/22 23:02:53 | 000,001,108 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\d4l7a5i2.default\searchplugins\wikipedia-en.xml
File not found (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAM FILES (X86)\ORBITDOWNLOADER\ADDONS\ORBITFF

========== Chrome ==========

CHR - homepage: http://www.gamespot.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.gamespot.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_221.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Pando Web Installer (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Digital Trends = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\1.7.4_0\
CHR - Extension: SpaceVenture Kickstarter Prototype: Phase 1 = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomnnfeooofoenddphjjfdfbpkiiboof\0.5_0\
CHR - Extension: SpaceVenture Kickstarter Prototype: Phase 2 = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjbdidbieimmfipadjkioniffgcgopp\0.13_0\
CHR - Extension: Gmail = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/19 11:08:23 | 001,076,709 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 47955 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Everything] D:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
O4 - HKCU..\Run: [DisplayFusion] D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [HostsMan] D:\Utilities\HostsMan_4.0.82_beta3\hm.exe (abelhadigital.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.25 192.168.0.1 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = porter.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{271FC4E1-0192-4AA4-BC2E-86FE092558D2}: DhcpNameServer = 127.0.0.1 192.168.0.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F25B8A8-1564-47B0-82C6-E45C88A57F2B}: DhcpNameServer = 192.168.0.25 192.168.0.1 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F25B8A8-1564-47B0-82C6-E45C88A57F2B}: NameServer = 64.71.255.198,192.168.0.25
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell - "" = AutoRun
O33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/19 00:44:34 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\Scan Results from GeekstoGo
[2012/10/13 14:09:06 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\Games I am Testing
[2012/10/07 02:37:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/10/07 02:37:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/10/07 02:37:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/10/07 02:37:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/10/07 02:37:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/10/07 02:37:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/10/07 02:37:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/10/07 02:37:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/10/07 02:37:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/10/07 02:37:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/10/07 02:37:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/10/07 02:37:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/10/07 02:37:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/10/07 02:37:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/10/07 02:37:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/10/07 02:31:21 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/10/07 02:31:21 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/10/07 02:31:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/10/07 02:31:21 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/10/07 02:31:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/10/07 02:31:17 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/10/06 12:31:09 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\Sherlock_Holmes_-_The_Case_of_the_Serrated_Scalpel(ISO)
[2012/10/06 00:01:49 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\Texture_PackCombiner LITE
[2012/10/06 00:01:49 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\Texture_PackCombiner FULL_HD
[2012/10/06 00:01:49 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\TEMP_TPC_FILES
[2012/10/06 00:01:49 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\Temp_Sharp
[2012/10/06 00:01:49 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\TEMP Web Sites
[2012/10/06 00:01:49 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\Temp Movies - TV Shows
[2012/10/06 00:01:49 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\MOVE TO MY DOCUMENTS
[2012/10/06 00:01:49 | 000,000,000 | ---D | C] -- D:\Users\Dan\Desktop\Misc Web Sites - New Unsorted
[2012/10/05 19:48:57 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Stardock
[2012/10/05 13:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/10/05 12:57:58 | 006,193,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/10/05 12:57:58 | 003,266,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/10/05 12:57:58 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012/10/05 12:57:58 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/10/05 12:57:58 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/10/05 12:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/10/05 12:57:00 | 027,577,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/10/05 12:57:00 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/10/05 12:57:00 | 020,817,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/10/05 12:57:00 | 018,230,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/10/05 12:57:00 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/10/05 12:57:00 | 015,292,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/10/05 12:57:00 | 014,879,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/10/05 12:57:00 | 012,465,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/10/05 12:57:00 | 009,066,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/10/05 12:57:00 | 007,626,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/10/05 12:57:00 | 007,387,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012/10/05 12:57:00 | 006,100,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012/10/05 12:57:00 | 002,745,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/10/05 12:57:00 | 002,725,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/10/05 12:57:00 | 002,573,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/10/05 12:57:00 | 002,422,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/10/05 12:57:00 | 002,216,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/10/05 12:57:00 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/10/05 12:57:00 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/10/05 12:57:00 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012/10/05 12:57:00 | 000,970,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/10/05 12:57:00 | 000,829,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/10/05 12:57:00 | 000,355,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2012/10/05 12:57:00 | 000,308,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2012/10/05 12:57:00 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/10/05 12:57:00 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/10/05 12:55:58 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/10/05 02:09:47 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Solid State Networks
[2012/09/29 11:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOSS
[2012/09/28 23:54:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meteor Entertainment
[2012/09/24 21:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nicolas Games
[2012/09/22 19:20:15 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Runic Games
[2012/09/22 19:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight 2
[2012/09/20 08:55:01 | 000,000,000 | ---D | C] -- D:\Users\Dan\Documents\Inquisitor_SaveGames
[2012/09/20 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\GOG.com
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/19 15:55:10 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 15:55:10 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 15:51:53 | 000,792,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/19 15:51:53 | 000,673,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/19 15:51:53 | 000,129,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/19 15:47:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/19 15:47:27 | 1603,620,861 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/19 15:45:56 | 000,062,836 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2012/10/19 15:45:56 | 000,062,836 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2012/10/19 15:45:56 | 000,000,904 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2012/10/19 13:46:01 | 000,043,999 | ---- | M] () -- D:\Users\Dan\Documents\Visa_Payment_$200_19-Oct-2012.pdf
[2012/10/19 11:08:23 | 001,076,709 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2012/10/16 22:50:11 | 206,637,508 | ---- | M] () -- D:\Users\Dan\Desktop\live_user_obsidian_1350414362.flv
[2012/10/16 22:19:28 | 000,336,739 | ---- | M] () -- D:\Users\Dan\Documents\Rogers-HomePhone_Internet__$168.58_16-Oct-2012.pdf
[2012/10/16 21:44:30 | 000,071,245 | ---- | M] () -- D:\Users\Dan\Documents\Visa_Payment_$200_16-Oct-2012.pdf
[2012/10/16 21:43:05 | 000,090,038 | ---- | M] () -- D:\Users\Dan\Documents\Rent_Dad_$218_16-Oct-2012.pdf
[2012/10/16 01:05:08 | 696,057,077 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 21.mp4
[2012/10/16 01:04:04 | 637,331,763 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 20.mp4
[2012/10/15 09:03:15 | 1277,038,155 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 19.mp4
[2012/10/14 15:48:12 | 000,000,650 | ---- | M] () -- D:\Users\Dan\Desktop\temp - Shortcut.lnk
[2012/10/14 00:28:25 | 191,404,660 | ---- | M] () -- D:\Users\Dan\Desktop\Making a simple Fallout 3 mod Automatic Karma Perks.mp4
[2012/10/12 02:33:17 | 092,654,704 | ---- | M] () -- D:\Users\Dan\Desktop\Fallout 3 Mod Clinic part 1 ENCORE Remastered, Blackened and Merged.mp4
[2012/10/10 23:17:27 | 2105,658,793 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 18.mp4
[2012/10/10 22:29:42 | 2044,077,624 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 16.mp4
[2012/10/10 22:26:23 | 1925,541,204 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 15.mp4
[2012/10/10 22:23:56 | 1153,071,429 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 17.mp4
[2012/10/10 22:05:01 | 1725,287,262 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 11.mp4
[2012/10/10 02:14:42 | 1302,548,695 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 Part 13.mp4
[2012/10/10 01:56:40 | 000,000,166 | ---- | M] () -- D:\Users\Dan\Desktop\Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles - Microsoft Enterprise Networking Team - Si.URL
[2012/10/10 01:52:03 | 1334,240,711 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 Part 14.mp4
[2012/10/08 08:37:03 | 1148,753,160 | ---- | M] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 10.mp4
[2012/10/08 01:48:54 | 1163,265,683 | ---- | M] () -- D:\Users\Dan\Desktop\vf_dishonored_ql_100512_zvx_3500.mp4
[2012/10/07 17:45:21 | 1175,900,144 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 12.mp4
[2012/10/07 14:01:45 | 000,000,126 | ---- | M] () -- D:\Users\Dan\Desktop\AGP Texture Acceleration Enabled.reg
[2012/10/07 14:01:12 | 000,000,126 | ---- | M] () -- D:\Users\Dan\Desktop\AGP Texture Acceleration Disabled.reg
[2012/10/07 09:48:42 | 000,412,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/07 02:36:48 | 000,777,306 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/06 19:49:49 | 000,071,098 | ---- | M] () -- D:\Users\Dan\Documents\Visa_Payment_$40_06-Oct-2012.pdf
[2012/10/06 12:50:56 | 853,916,999 | ---- | M] () -- D:\Users\Dan\Desktop\Quoted for TruthCliffy B leaves Epic Games.mp4
[2012/10/04 22:26:02 | 1395,766,598 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 8.mp4
[2012/10/04 22:25:52 | 1380,838,861 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 9.mp4
[2012/10/04 02:49:17 | 1607,115,555 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 7.mp4
[2012/10/04 02:47:00 | 1386,365,463 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 6.mp4
[2012/10/03 01:47:52 | 001,009,165 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.bak
[2012/10/02 22:53:05 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012/10/02 22:53:05 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2012/10/02 19:25:48 | 2253,952,302 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 5.mp4
[2012/10/02 13:18:43 | 935,639,840 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 4.mp4
[2012/10/01 17:32:09 | 1913,044,538 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 3.mp4
[2012/09/30 16:23:54 | 000,075,510 | ---- | M] () -- D:\Users\Dan\Documents\Chieftain_Insurance_$163_30-Sep-2012.pdf
[2012/09/30 16:22:08 | 000,076,294 | ---- | M] () -- D:\Users\Dan\Documents\ScotiaLine_$50_30-Sep-2012.pdf
[2012/09/30 16:21:22 | 000,071,647 | ---- | M] () -- D:\Users\Dan\Documents\Visa_Payment_$200_30-Sep-2012.pdf
[2012/09/30 16:20:27 | 000,090,295 | ---- | M] () -- D:\Users\Dan\Documents\Rent_Dad_$270_30-Sep-2012.pdf
[2012/09/28 08:35:40 | 774,414,598 | ---- | M] () -- D:\Users\Dan\Desktop\Borderlands 2_Gamespot_hardware_comparison.mp4
[2012/09/25 02:21:54 | 1150,511,496 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 2.mp4
[2012/09/24 22:46:55 | 1184,335,437 | ---- | M] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 1.mp4
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/19 13:45:13 | 000,043,999 | ---- | C] () -- D:\Users\Dan\Documents\Visa_Payment_$200_19-Oct-2012.pdf
[2012/10/16 22:48:51 | 206,637,508 | ---- | C] () -- D:\Users\Dan\Desktop\live_user_obsidian_1350414362.flv
[2012/10/16 22:19:27 | 000,336,739 | ---- | C] () -- D:\Users\Dan\Documents\Rogers-HomePhone_Internet__$168.58_16-Oct-2012.pdf
[2012/10/16 21:44:30 | 000,071,245 | ---- | C] () -- D:\Users\Dan\Documents\Visa_Payment_$200_16-Oct-2012.pdf
[2012/10/16 21:43:05 | 000,090,038 | ---- | C] () -- D:\Users\Dan\Documents\Rent_Dad_$218_16-Oct-2012.pdf
[2012/10/16 01:00:03 | 696,057,077 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 21.mp4
[2012/10/16 00:59:25 | 637,331,763 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 20.mp4
[2012/10/15 08:57:34 | 1277,038,155 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 19.mp4
[2012/10/14 15:48:12 | 000,000,650 | ---- | C] () -- D:\Users\Dan\Desktop\temp - Shortcut.lnk
[2012/10/14 00:27:39 | 191,404,660 | ---- | C] () -- D:\Users\Dan\Desktop\Making a simple Fallout 3 mod Automatic Karma Perks.mp4
[2012/10/12 02:32:55 | 092,654,704 | ---- | C] () -- D:\Users\Dan\Desktop\Fallout 3 Mod Clinic part 1 ENCORE Remastered, Blackened and Merged.mp4
[2012/10/10 23:08:15 | 2105,658,793 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 18.mp4
[2012/10/10 22:09:24 | 1153,071,429 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 17.mp4
[2012/10/10 22:08:47 | 2044,077,624 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 16.mp4
[2012/10/10 22:07:56 | 1925,541,204 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 15.mp4
[2012/10/10 21:57:47 | 1725,287,262 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 11.mp4
[2012/10/10 02:04:02 | 1302,548,695 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 Part 13.mp4
[2012/10/10 01:56:40 | 000,000,166 | ---- | C] () -- D:\Users\Dan\Desktop\Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles - Microsoft Enterprise Networking Team - Si.URL
[2012/10/10 01:46:35 | 1334,240,711 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 Part 14.mp4
[2012/10/08 08:32:05 | 1148,753,160 | ---- | C] () -- D:\Users\Dan\Desktop\Lets Play Fallout 3 (modded) - Part 10.mp4
[2012/10/08 01:26:24 | 1163,265,683 | ---- | C] () -- D:\Users\Dan\Desktop\vf_dishonored_ql_100512_zvx_3500.mp4
[2012/10/07 17:32:01 | 1175,900,144 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 12.mp4
[2012/10/07 14:01:45 | 000,000,126 | ---- | C] () -- D:\Users\Dan\Desktop\AGP Texture Acceleration Enabled.reg
[2012/10/07 14:01:12 | 000,000,126 | ---- | C] () -- D:\Users\Dan\Desktop\AGP Texture Acceleration Disabled.reg
[2012/10/06 19:49:49 | 000,071,098 | ---- | C] () -- D:\Users\Dan\Documents\Visa_Payment_$40_06-Oct-2012.pdf
[2012/10/06 12:47:15 | 853,916,999 | ---- | C] () -- D:\Users\Dan\Desktop\Quoted for TruthCliffy B leaves Epic Games.mp4
[2012/10/06 00:05:51 | 000,000,185 | ---- | C] () -- D:\Users\Dan\Desktop\Why would anyone ever want to be a AAA game developer - GameSpot.com.URL
[2012/10/06 00:05:38 | 1606,619,565 | ---- | C] () -- D:\Users\Dan\Desktop\videoplayback.mp4
[2012/10/06 00:05:38 | 080,782,913 | ---- | C] () -- D:\Users\Dan\Desktop\videoplayback.flv
[2012/10/06 00:05:38 | 000,001,716 | ---- | C] () -- D:\Users\Dan\Desktop\RPGs.lnk
[2012/10/06 00:05:38 | 000,000,683 | ---- | C] () -- D:\Users\Dan\Desktop\Utilities.lnk
[2012/10/06 00:05:12 | 1380,838,861 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 9.mp4
[2012/10/06 00:04:47 | 1395,766,598 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 8.mp4
[2012/10/06 00:04:17 | 1607,115,555 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 7.mp4
[2012/10/06 00:03:51 | 1386,365,463 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 6.mp4
[2012/10/06 00:03:26 | 2253,952,302 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 5.mp4
[2012/10/06 00:03:17 | 935,639,840 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 4.mp4
[2012/10/06 00:03:01 | 1913,044,538 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 3.mp4
[2012/10/06 00:02:49 | 1150,511,496 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 2.mp4
[2012/10/06 00:02:40 | 1184,335,437 | ---- | C] () -- D:\Users\Dan\Desktop\Gopher Vids - Let's Play Fallout 3_part 1.mp4
[2012/10/06 00:02:40 | 000,000,160 | ---- | C] () -- D:\Users\Dan\Desktop\Game Masters Behind the Talent - GameSpot.com.URL
[2012/10/06 00:02:34 | 774,414,598 | ---- | C] () -- D:\Users\Dan\Desktop\Borderlands 2_Gamespot_hardware_comparison.mp4
[2012/10/06 00:02:21 | 1177,751,522 | ---- | C] () -- D:\Users\Dan\Desktop\169_qft_ep13_090712_hd.mp4
[2012/10/06 00:02:01 | 2500,086,421 | ---- | C] () -- D:\Users\Dan\Desktop\169_lastofus_panel_ps3_071412_1_hd.mp4
[2012/10/06 00:02:00 | 061,892,011 | ---- | C] () -- D:\Users\Dan\Desktop\160_ArnoldLines.flv
[2012/10/06 00:01:59 | 119,798,821 | ---- | C] () -- D:\Users\Dan\Desktop\14-day-rfl-new.mp4
[2012/10/05 18:39:20 | 1603,620,861 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/05 12:57:58 | 003,499,215 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/10/05 12:57:00 | 000,016,054 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/09/30 16:23:54 | 000,075,510 | ---- | C] () -- D:\Users\Dan\Documents\Chieftain_Insurance_$163_30-Sep-2012.pdf
[2012/09/30 16:22:08 | 000,076,294 | ---- | C] () -- D:\Users\Dan\Documents\ScotiaLine_$50_30-Sep-2012.pdf
[2012/09/30 16:21:22 | 000,071,647 | ---- | C] () -- D:\Users\Dan\Documents\Visa_Payment_$200_30-Sep-2012.pdf
[2012/09/30 16:20:27 | 000,090,295 | ---- | C] () -- D:\Users\Dan\Documents\Rent_Dad_$270_30-Sep-2012.pdf
[2012/09/08 17:20:17 | 000,207,872 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/09/08 17:20:17 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/09/08 17:09:47 | 000,390,609 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2012/09/08 17:09:47 | 000,051,979 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2012/09/08 17:09:47 | 000,028,411 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2012/09/08 17:09:47 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2012/09/08 17:09:47 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2012/09/08 17:09:47 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2012/09/08 17:09:47 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2012/09/08 17:09:47 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2012/09/08 17:09:47 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012/08/26 23:06:58 | 000,000,213 | ---- | C] () -- C:\Windows\PCWGXDRV.INI
[2012/08/26 23:06:58 | 000,000,057 | ---- | C] () -- C:\Windows\LOGINPUT.INI
[2012/08/12 21:26:44 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI
[2012/07/25 16:01:16 | 000,002,081 | ---- | C] () -- C:\ProgramData\ENG.2012-07.pl.nicolasgames_B05A5A11-F525-40DF-AE67-58228603B921.swidtag
[2012/07/21 00:03:09 | 000,000,036 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/05 00:28:53 | 000,000,079 | ---- | C] () -- C:\Users\Dan\AppData\Local\CrystalDiskMark30.ini
[2012/02/25 21:55:54 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2012/02/25 18:29:56 | 000,000,119 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Network Monitor II_Traffic.ini
[2012/02/22 22:53:47 | 000,001,765 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012/02/22 22:53:39 | 000,000,513 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\GPU Monitor_GPU0_Settings.ini
[2012/02/03 22:53:39 | 000,777,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/18 17:56:43 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/13 00:25:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/13 00:25:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/12 18:42:04 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/30 23:57:41 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/10/30 11:07:56 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/10/30 07:53:21 | 000,003,084 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/26 22:35:05 | 000,081,456 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\icarus-dxdiag.xml
[2011/10/26 22:35:05 | 000,001,702 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\System Monitor II_Settings.ini
[2011/10/26 22:35:05 | 000,000,601 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Network Monitor II_Settings.ini
[2011/10/26 22:35:05 | 000,000,485 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\GPU Monitor_Settings.ini
[2011/10/26 22:35:05 | 000,000,424 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Drives Monitor_Settings.ini
[2011/10/26 22:33:37 | 000,007,618 | ---- | C] () -- C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
[2011/10/26 22:33:37 | 000,000,091 | ---- | C] () -- C:\Users\Dan\AppData\Local\fusioncache.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 5120 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 3584 bytes -> D:\Users\Dan\Documents\desktop.ini:gs5sys

< End of report >
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello XPorter,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
XPorter

XPorter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the Combofix results:

ComboFix 12-10-19.01 - Dan 19/10/2012 21:43:03.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.18423.12019 [GMT -4:00]
Running from: d:\users\Dan\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
.
.
2012-10-13 17:54 . 2012-10-13 17:54 -------- d-----w- c:\windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP
2012-10-07 06:34 . 2012-09-19 04:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46ACDE94-8563-4FD7-9812-F45186F9F5D0}\mpengine.dll
2012-10-07 06:31 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-07 06:31 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-07 06:31 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-07 06:31 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-10-07 06:31 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-10-07 06:31 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-10-07 06:31 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-10-07 06:31 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-10-07 06:31 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-10-06 19:04 . 2012-10-06 19:04 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-10-05 23:48 . 2012-10-05 23:48 -------- d-----w- c:\users\Dan\AppData\Local\Stardock
2012-10-05 17:01 . 2012-10-05 17:01 -------- d-----w- c:\programdata\NVIDIA
2012-10-05 16:55 . 2012-10-05 16:55 -------- d-----w- C:\NVIDIA
2012-10-05 06:09 . 2012-10-05 06:09 -------- d-----w- c:\users\Dan\AppData\Local\Solid State Networks
2012-09-22 23:20 . 2012-09-22 23:20 -------- d-----w- c:\users\Dan\AppData\Local\Runic Games
2012-09-20 04:17 . 2012-09-20 12:31 -------- d-----w- c:\users\Dan\AppData\Local\GOG.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 02:45 . 2011-11-13 04:25 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-31 04:43 . 2011-11-07 01:42 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-26 04:06 . 2012-03-28 04:04 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 04:06 . 2011-10-30 23:50 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 13:46 . 2012-09-09 20:48 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-22 13:46 . 2012-09-09 20:48 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-08-06 17:29 . 2012-08-06 17:29 5371904 ----a-w- C:\BOSS GUI.exe
2012-08-06 17:26 . 2012-08-06 17:26 2457088 ----a-w- C:\BOSS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="d:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2010-03-17 800944]
"HostsMan"="d:\utilities\HostsMan_4.0.82_beta3\hm.exe" [2012-03-04 5016064]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="d:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632]
"Everything"="d:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"amd_dc_opt"=c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-01-20 106496]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-04 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-04 1494104]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-04 95320]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 GPU-Z;GPU-Z;j:\temp\GPU-Z.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-19 115168]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-01-20 34944]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-10-17 29952]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-07 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 wod0205;WeOnlyDo Network Adapter 2.5;c:\windows\system32\DRIVERS\wod0205.sys [2011-04-24 33160]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-09-08 79360]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-08 79360]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-31 272448]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S3 ALSysIO;ALSysIO;c:\temp\ALSysIO64.sys [x]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys [2011-05-21 251224]
S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\DRIVERS\chdrvr02.sys [2011-05-21 13016]
S3 chdrvr03;chdrvr03;c:\windows\system32\DRIVERS\chdrvr03.sys [2011-05-21 17496]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-04 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-04 1494104]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-04 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2011-08-04 1650264]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2011-12-24 71464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-101056490-1189278675-3631207807-1000Core.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27 18:00]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-101056490-1189278675-3631207807-1000UA.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27 18:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2012-03-04 15:25 458952 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2012-03-04 15:25 458952 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2012-03-04 15:25 458952 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.25 192.168.0.1 64.71.255.198
TCP: Interfaces\{2F25B8A8-1564-47B0-82C6-E45C88A57F2B}: NameServer = 64.71.255.198,192.168.0.25
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-101056490-1189278675-3631207807-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,a0,76,83,a1,e8,65,37,4d,a2,1d,63,d1,f1,0c,61,96,89,ba,9c,94,
72,37,b6,ae,fd,1a,e5,a0,d1,03,7b,56,08,1c,b4,15,68,ec,8b,37,23,ca,69,ff,bf,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
d:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
d:\program files (x86)\DisplayFusion\DisplayFusionHookx86.exe
.
**************************************************************************
.
Completion time: 2012-10-19 23:15:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-20 03:15
.
Pre-Run: 905,240,743,936 bytes free
Post-Run: 905,132,560,384 bytes free
.
- - End Of File - - C7B08D0E34D6E434110D0BE9D99ED295
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/10/26 22:35:55 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    File not found (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    File not found (No name found) -- D:\PROGRAM FILES (X86)\ORBITDOWNLOADER\ADDONS\ORBITFF
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell - "" = AutoRun
    O33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell\AutoRun\command - "" = I:\setup.exe
    O33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe
    @Alternate Data Stream - 5120 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
    @Alternate Data Stream - 4096 bytes -> C:\ProgramData:gs5sys
    @Alternate Data Stream - 3584 bytes -> D:\Users\Dan\Documents\desktop.ini:gs5sys
    
    :Commands
    [CreateRestorePoint]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.
After that

Please run a free on line scan with BitDefender Online Scanner

Note: these instructions were compiled using Firefox. IE users may find slight differences... just follow the prompts.

  • Click the green Start Scanner button
  • Click the green Free Scan Now button
  • Accept the plug in installation
  • Restart your browser if requested
  • Click the green Free Scan Now button again
  • Accept the eula agreement
  • The scan should start. It will be relatively quick.
  • Click View Report (note: this is not the facebook one - just click on the words View Report)
  • Notepad will open with a log
  • Save to your desktop
  • Copy and paste the report back here
When you come back please post
  • OTL.txt
  • Bitdefender scan results

  • 0

Advertisements


#11
XPorter

XPorter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Your custom script is not working for me...when I click "Run Fix" the program immediately says "fix complete" and open the log with the following:


Error: Unable to interpret <:OTL[2011/10/26 22:35:55 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}File not found (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}File not found (No name found) -- D:\PROGRAM FILES (X86)\ORBITDOWNLOADER\ADDONS\ORBITFFO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell - "" = AutoRunO33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell\AutoRun\command - "" = I:\setup.exeO33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell - "" = AutoRunO33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell\AutoRun\command - "" = G:\[email protected] Data Stream - 5120 bytes -> C:\Users\Public\Documents\desktop.ini:[email protected]> in the current context!
Error: Unable to interpret <Alternate Data Stream - 4096 bytes -> C:\ProgramData:[email protected] Data Stream - 3584 bytes -> D:\Users\Dan\Documents\desktop.ini:gs5sys:Commands[CreateRestorePoint][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 10202012_002958
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Likely the forum software being interpreted differently on your machine.

Use this:

:OTL
[2011/10/26 22:35:55 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
File not found (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAM FILES (X86)\ORBITDOWNLOADER\ADDONS\ORBITFF
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell - "" = AutoRun
O33 - MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe
@Alternate Data Stream - 5120 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 3584 bytes -> D:\Users\Dan\Documents\desktop.ini:gs5sys

:Commands
[CreateRestorePoint]
[Reboot]


Paste the content within the quotes (don't include the quote tags) in and run. Tell me how you get on. :)
  • 0

#13
XPorter

XPorter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The script worked this time...I pasted the complete contents; the original script did not word wrap...this one did. I was prompted to reboot my PC after it was done, but a new log file was not created upon loading Windows...


Here is the Bitdefender scan log however...


QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Sat Oct 20 02:33:21 2012
Machine ID: D0D57883



Scan failed! Couldn't access QuickScan server.
----------------------------------------------
couldn't connect to host



Processes
---------
2007 Microsoft Office system 6040 D:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Adobe Acrobat Update Service 1512 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
DisplayFusion Hook x86 3568 D:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
ESET Smart Security 1580 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
Everything 3472 D:\Program Files (x86)\Everything\Everything.exe
Firefox 6032 D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 4276 D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
HostsMan 3360 D:\Utilities\HostsMan_4.0.82_beta3\hm.exe
Maxthon3 2140 D:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
Maxthon3 2164 D:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
Maxthon3 3124 D:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
Maxthon3 3580 D:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
PnkBstrA.exe 1712 C:\Windows\SysWOW64\PnkBstrA.exe
PowerPanel Personal Edition 1.3 1744 D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PowerPanel Personal Edition 1.3 3456 D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
RAID Monitor 2028 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


Network activity
----------------
Process Maxthon.exe (2140) connected on port 80 (HTTP) --> 223.202.36.53
Process firefox.exe (6032) connected on port 80 (HTTP) --> 74.125.226.66
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 69.171.237.16
Process firefox.exe (6032) connected on port 80 (HTTP) --> 199.7.52.72
Process firefox.exe (6032) connected on port 80 (HTTP) --> 69.171.237.16
Process firefox.exe (6032) connected on port 80 (HTTP) --> 24.156.130.195
Process firefox.exe (6032) connected on port 80 (HTTP) --> 24.156.130.195
Process firefox.exe (6032) connected on port 80 (HTTP) --> 24.156.130.195
Process firefox.exe (6032) connected on port 80 (HTTP) --> 24.156.130.195
Process firefox.exe (6032) connected on port 80 (HTTP) --> 24.156.130.195
Process firefox.exe (6032) connected on port 80 (HTTP) --> 24.156.130.195
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 74.125.226.34
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 74.125.142.84
Process firefox.exe (6032) connected on port 80 (HTTP) --> 199.7.48.72
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 74.125.226.79
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 74.125.226.72
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 74.125.133.94
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 74.125.226.76
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 74.125.226.40
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 173.194.75.106
Process firefox.exe (6032) connected on port 443 (HTTP over SSL) --> 74.125.230.239
Process firefox.exe (6032) connected on port 80 (HTTP) --> 50.97.236.19
Process firefox.exe (6032) connected on port 80 (HTTP) --> 74.125.133.95
Process firefox.exe (6032) connected on port 80 (HTTP) --> 50.97.236.19
Process firefox.exe (6032) connected on port 80 (HTTP) --> 66.235.142.58
Process firefox.exe (6032) connected on port 80 (HTTP) --> 50.97.236.19
Process firefox.exe (6032) connected on port 80 (HTTP) --> 50.97.236.19
Process firefox.exe (6032) connected on port 80 (HTTP) --> 66.235.142.58
Process firefox.exe (6032) connected on port 80 (HTTP) --> 74.125.226.66



Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
DisplayFusion D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
ESET Smart Security D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
Everything D:\Program Files (x86)\Everything\Everything.exe
HostsMan D:\Utilities\HostsMan_4.0.82_beta3\hm.exe
Logitech Gaming Framework C:\Program Files\Logitech Gaming Software\LCore.exe
Logitech SetPoint C:\Program Files\Logitech\SetPointP\SetPoint.exe
Microsoft Xbox 360 Accessories C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
PowerPanel Personal Edition 1.3 D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(verified) Google Update C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe


Browser plugins
---------------
2007 Microsoft Office system D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
ActiveGS NPAPI Plugin C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\[email protected]\plugins\npActiveGS.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat D:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
Bitdefender QuickScan C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Foxit Reader Plugin for Mozilla D:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
Google Update C:\Users\Dan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
Java Deployment Toolkit 6.0.300.12 D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Microsoft® Windows Live ID c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Live ID C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows Live ID C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows Media Player Firefox D:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
NPSWF32_11_3_300_271.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
NPWebSLLauncher.dll C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
Uplay PC C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
Winamp Application Detector D:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) nppdf32.DEU D:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.DEU
(verified) nppdf32.FRA D:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.FRA


Scan
----
MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: ba0ed7aa3c36a8da27ded1d6b3508158 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: b63e5c7807334a3a8f731062f15462cc C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: d19c4ee2ac7c47b8f5f84fff1a789d8a C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: c8bd651e13895b93ed9ec5b4f1df42bc C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
MD5: c8bd651e13895b93ed9ec5b4f1df42bc C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
MD5: 734c259da0087d93ae56cd5cb89c7f38 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
MD5: 4c5d603a632023bfdb8edd4436882abf C:\Program Files (x86)\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL
MD5: 4a68ea31ff624a927e6d3b63fb695cfd C:\Program Files (x86)\Common Files\Microsoft Shared\office12\mso.dll
MD5: c7d010bd8bcef2eb3fca8f7cd3c08d9f C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL
MD5: 8fa9a16022a664f536b616130b2ea866 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: 4a1b8af97e3b0aef8be1b8684277200b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
MD5: 1a8b4857f2caaed89e16b1ed1f24930d C:\Program Files (x86)\Common Files\Microsoft Shared\office12\riched20.dll
MD5: bc7b9ba1f4d4c982ae23dcc0d121c4b0 C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
MD5: a2f2f62f77fdf09e378f33cfc6ad6e64 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: ae6f0a6562d3eccd613de1fd8612ac4e C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
MD5: 15c42334805b711fbf0c788a1d751528 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
MD5: 984bdac9f4fc9993ce8d3a7d7da3e9a5 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: 5e4ff36923c37c80b537dce6caa755f9 C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
MD5: 4d7f2682d29b92a6251b17957aa0b985 C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
MD5: f835116b5ceeb4b88dd7b7b680c1ddde C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
MD5: 7772dfab22611050b79504e671b06e6e C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
MD5: 0a888754c63c3a5d8cd8f7492c62b40d C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 6b15a74a2d7bae2452c1ad84e717b166 C:\Program Files\Logitech Gaming Software\LCore.exe
MD5: df72d700cc33611206675b8a2fd4d4f9 C:\Program Files\Logitech\SetPointP\SetPoint.exe
MD5: ed43758bf94b8a5221d69f1b7f63f13d C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: e3bf29ced96790cdaafa981ffddf53a3 C:\Program Files\Windows Sidebar\sidebar.exe
MD5: 8f628060daecf76c537bd89a53228d3b C:\Users\Dan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
MD5: 6d74290856347cf8682277a54b433d4b C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MD5: fe7d1614b1fd127eae3f9fc9e4598b4c C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\[email protected]\plugins\npActiveGS.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\hz2nt2be.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: ac4c51eb24aa95b77f705ab159189e24 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: 6316957bb3431dfb06bffa98c0f1926e C:\Windows\system32\cryptnet.dll
MD5: 06e771aa596b8761107ab57e99f128d7 C:\Windows\system32\cryptsvc.dll
MD5: 28ca821606669bb9215ce010767720fa C:\Windows\system32\cryptui.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 64ca3862d74ea610cd64dc6ad652db5e C:\Windows\system32\d2d1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\system32\DavClnt.DLL
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: a29d734f650f958424743be3baa052c8 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 40d777b7a95e00593eb1568c68514493 C:\Windows\system32\explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 1e8d06aae74fed674c1156b3fea911c2 C:\Windows\system32\faultrep.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 C:\Windows\system32\ieframe.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.dll
MD5: 509d846fdf0c83158ed5970de751364c C:\Windows\system32\jsproxy.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\system32\mscoree.dll
MD5: bb197f54a8f69eea8356b7f70e6d3a20 C:\Windows\system32\MSHTML.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 0b8fe658bd033ec8b1f6fbc305cc65e7 C:\Windows\system32\MSRATING.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: d9a9702e43a5859896f34898d5fd3fec C:\Windows\System32\msxml6.dll
MD5: 591fe0a6ceb19bf886ceb1331f591940 C:\Windows\system32\ncrypt.dll
MD5: 2fca0d2c59a855c54bafa22aa329df0f C:\Windows\system32\netapi32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll
MD5: eb77db354791a5932ca559b6f6374e95 C:\Windows\system32\ntshrui.dll
MD5: 40132dc4a9d01bae33ee8a81143fd0f3 C:\Windows\system32\nvwgf2um.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 703ffd301ab900b047337c5d40fd6f96 C:\Windows\system32\olepro32.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\System32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: a42e7748be906434c5fd17161d168c20 C:\Windows\system32\SCHEDCLI.DLL
MD5: f93674263f6b07c77956e966953242d9 C:\Windows\system32\secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\system32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\userenv.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll
MD5: 590d5c506044fe02ff7643e32ff9bdac C:\Windows\system32\wer.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\windowscodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\system32\WSCAPI.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\wtsapi32.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\comdlg32.dll
MD5: 1295338cfe6f249823ef9bc8d4368a84 C:\Windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 C:\Windows\SysWOW64\ieframe.dll
MD5: eb8a00e8e9931a7ec04f920b09d880d8 C:\Windows\syswow64\iertutil.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\syswow64\IMM32.dll
MD5: 394373142655accf49d64aad466c86ff C:\Windows\SysWOW64\jscript9.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: c7d41058eeb57f425fbd1585f9de71c4 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_265.ocx
MD5: 99b4b884fe9a878b4822f7f326c90ce1 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: 1713d9de407313138118d501b0e3c05b C:\Windows\SysWOW64\PnkBstrA.exe
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 3d3cbd1847f980fb03343a63671e7886 C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\setupapi.dll
MD5: 29e9794708df51db5dc89fb2e903a0f6 C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: eda7ad21df8945528f01f0a86d69e524 C:\Windows\syswow64\SspiCli.dll
MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\SysWOW64\taskschd.dll
MD5: 9fac0f6d5f3d922db294e30cd3f62369 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: 5553611e2f9ea6f613079177f1233068 C:\Windows\syswow64\WININET.dll
MD5: a7d79e9f660340ab20cd73f12910985f C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MD5: 7717f84f483002815490033bf069dabd C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
MD5: 2f8f37bc4a29726c65aedc3bade242a6 D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
MD5: 4efeada6f8c0b6921d9476473ae6cc67 D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
MD5: 066708b24047b549797ea99abf640769 D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
MD5: c8e721917dda6e2b3cf197959239d236 D:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.dll
MD5: 21689d1e53e9bcbf082306456c7689a1 D:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
MD5: 4dab37e8beda1f286f0c40b8aab0d65c D:\Program Files (x86)\Everything\Everything.exe
MD5: 0c0195c48b6b8582fa6f6373032118da D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
MD5: 4d1ec4c43d80392450f0912f777a9ba7 D:\Program Files (x86)\Maxthon3\Addons\Avatarext\MxAvatarext.dll
MD5: 00931413335996d5c877ac75cdd8167a D:\Program Files (x86)\Maxthon3\Addons\ExtTools\MxExtTools.dll
MD5: 0fb8911cf50734ab7e79f9ce75194aa9 D:\Program Files (x86)\Maxthon3\Addons\Misc\MxAddonMisc.dll
MD5: b2913d32b9ab19912a51849b730e68ab D:\Program Files (x86)\Maxthon3\Addons\Mobile\MxMobile.dll
MD5: 0b971301a043ec3474ff651cc2983a28 D:\Program Files (x86)\Maxthon3\Addons\MsgPush\MxMsgPush.dll
MD5: 3e4571829e443af56378b1e1066d2047 D:\Program Files (x86)\Maxthon3\Bin\Maxthon.dll
MD5: e5aedaf9262dbe3a8cf355dc5f601714 D:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
MD5: 64c4442616a59525dbb6b51b2a9af5dd D:\Program Files (x86)\Maxthon3\bin\Maxzlib.dll
MD5: 03c5e7b18285dcb9c4c68e1ea1b0656f D:\Program Files (x86)\Maxthon3\Bin\MxAccountSvc.dll
MD5: 72aa730cdff6368603912550e4327058 D:\Program Files (x86)\Maxthon3\Bin\MxAddonsMgr.dll
MD5: 12a801576c2157d77ad57eac9cfadb92 D:\Program Files (x86)\Maxthon3\Bin\MxCore.dll
MD5: 1c698d034900431f01a96aefd7fbc12c D:\Program Files (x86)\Maxthon3\Bin\MxCoreMan.DLL
MD5: 5d88a59fd9fffc70bc1c08e13dce7393 D:\Program Files (x86)\Maxthon3\Bin\MxCrashCatch.dll
MD5: 06762bf7eef4271211d316ee36356cc7 D:\Program Files (x86)\Maxthon3\Bin\mxdb.dll
MD5: 7f4ded09ef1a98be2e9e883279a5aa03 D:\Program Files (x86)\Maxthon3\Bin\MxEncode.dll
MD5: 8cb0292a5379cd4f6b5083376d09b5c9 D:\Program Files (x86)\Maxthon3\Bin\MxFilePackage.dll
MD5: 12a9f0e291b2ab15b75fe5e16388ce46 D:\Program Files (x86)\Maxthon3\Bin\MxHttpRq.dll
MD5: 727d2e5b9b203b7cd6b45316975f2e89 D:\Program Files (x86)\Maxthon3\Bin\MxIPC.dll
MD5: 1a7dc796ab417d7b4ea630da01f1d328 D:\Program Files (x86)\Maxthon3\Bin\MxMsg.dll
MD5: 39433544966dc2c38f5fb1da8e9c4f7d D:\Program Files (x86)\Maxthon3\Bin\MxResMgr.dll
MD5: 31b756c81338b32e9c47431ca7c17aeb D:\Program Files (x86)\Maxthon3\Bin\MxRsc.dll
MD5: f616c58658e65d2e13632af2cf07ac55 D:\Program Files (x86)\Maxthon3\Bin\MxTool.dll
MD5: 104fda2e010c769a28694cae0009a0b4 D:\Program Files (x86)\Maxthon3\Bin\MxUI.dll
MD5: bb4dcb76b58eef8e76bfd6c8fc48c219 D:\Program Files (x86)\Maxthon3\Bin\MxWKView.dll
MD5: 44a21113db7aab7e5f354155bd16e877 D:\Program Files (x86)\Maxthon3\Bin\MxXDR.dll
MD5: ebd9930dfe6457c6945ffeaf9b850b29 D:\Program Files (x86)\Maxthon3\Core\Trident\MxTrident.dll
MD5: a0fd4605e6c8337827c2d220338a21c5 D:\Program Files (x86)\Maxthon3\Core\Webkit\MxWebkit.dll
MD5: 9d65368f1e9a09b4e149d480e871e03e D:\Program Files (x86)\Maxthon3\Modules\MxCmpUrl\MxCmpUrl.dll
MD5: ce33ab82a4bbe3a1ed6f811fc53eb324 D:\Program Files (x86)\Maxthon3\Modules\MxFavDb\MxFavDb.dll
MD5: 898b19d5da6c0f9764503475131427d0 D:\Program Files (x86)\Maxthon3\Modules\MxHistory\MxHistory.dll
MD5: 8d65408ff13b12b8f3580c7ea8faf917 D:\Program Files (x86)\Maxthon3\Modules\MxMute\MxMute.dll
MD5: 1efaaa2baef9d816b441c38aaddb3925 D:\Program Files (x86)\Maxthon3\Modules\MxSiteIcon\MxSiteIcon.dll
MD5: af1c9b6632e4787947a92ee3465b47e7 D:\Program Files (x86)\Maxthon3\Modules\MxSmartUrl\MxSmartUrl.dll
MD5: 0bbcecf08e17f74e5b4da94f120a69c6 D:\Program Files (x86)\Maxthon3\Modules\MxStorage\MxStorage.dll
MD5: 1c281b215211c167dec5d644acc58c3e D:\Program Files (x86)\Maxthon3\modules\MxSvInfo\MxSvInfo.dll
MD5: 39d7f59747dfab0acbc89cb718b11ae6 D:\Program Files (x86)\Maxthon3\Modules\MxSync\MxSync.dll
MD5: 80b393fe925ae91124b5311e7f84cefd D:\Program Files (x86)\Maxthon3\Modules\MxUeip\MxUeip.dll
MD5: 31d55d30a438c7a7b1b64bb6afdf0e51 D:\Program Files (x86)\Maxthon3\Modules\MxUrlSec\MxUrlSec.dll
MD5: bef1ead605cf791fdbb48add71075509 D:\Program Files (x86)\Microsoft Office\Office12\1033\wwintl.dll
MD5: da79517783552b80229705d9720b8e8d D:\Program Files (x86)\Microsoft Office\Office12\msproof6.dll
MD5: 3a9fba6005bc10ef8d1e61b9fe589505 D:\Program Files (x86)\Microsoft Office\OFFICE12\NLSDATA0009.DLL
MD5: 1a514ca70e5faf1cec2f51cdab1367a7 D:\Program Files (x86)\Microsoft Office\OFFICE12\NLSLEXICONS0009_SP.dll
MD5: 707f023159b541ead5dd6adb2e605443 D:\Program Files (x86)\Microsoft Office\OFFICE12\NLSMODELS0009.dll
MD5: d78bc832da33bb0835c95cd338bb7f2a D:\Program Files (x86)\Microsoft Office\Office12\oart.dll
MD5: 3e790f627ff9d5fa610bd2acf66016b3 D:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
MD5: 2ed95eea3489e516faa87ff49d29e7c8 D:\Program Files (x86)\Microsoft Office\Office12\wwlib.dll
MD5: dbc50c88618094aeee22723c11d6307a D:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: bc03475ec281aa1e685388896acade8d D:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: ea2a401f59cae941df233ac8b347f83b D:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 1cdb643f6561e4648d47b6bbf7333122 D:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MD5: c2695f2c77081f68269d93014953657e D:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: cc6feb2186a2537dbd300da012428c8f D:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: 461e8171cc252ce0be406f7928653493 D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: ad4e1f7a31b0d1df306e16aaeeac3a19 D:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: 03e9314004f504a14a61c3d364b62f66 D:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 D:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll
MD5: bba763abf2de608fb5d196d4037695d8 D:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: ae3023742879c317a1b1ca576185da98 D:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: 6ade2a1469d6cc8263d0bbe05fa60b5c D:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 45357a45cb97c45a21a675cfc0070223 D:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: a20918072f6e8d1175f1ccf4b3809e2c D:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: b67dd248876685c9c6f981b462876fad D:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: b1c8afe8e448dab0d8e9d4eaef2c5fe4 D:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: 0a9153fe672d620a8e8d921f2934749d D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 99f97c9fe748c37528c338a423577fcb D:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
MD5: ff030b5f429a1a8c18821e4595599c1f D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 9a6101f29e2e9d41b99cbcc8f106e8fe D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 D:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: f6a25814f6d9df2c2c14189bf7231258 D:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
MD5: b5589f1f0aedc9cdfc6a3bab55b9a340 D:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: b6a4e9a4364ee9a6cd8d81ca3ab9ee36 D:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: b2a0cb1c0a17a6c04625de4457b4b847 D:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: f3ca1c3694eac2b2e44aef94406e3768 D:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: c9cb0a6626b731206bf9e1007ce4755d D:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 293bbb2f26200f92dc5917751a489f3d D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
MD5: 86a0115282d18ff8cf24e531b2fce430 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\DMON.dll
MD5: c7bb95cf9631aa401e4aded1648f6af7 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
MD5: 6850a67df27e42a51805af2a0f8235f1 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnAmon.dll
MD5: 3629d654b61c49ee199b6c7822d5645d D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnDmon.dll
MD5: 56a494af81a76498e93ed0091f9557e4 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnEmon.dll
MD5: f1f2e1983d5a32590002702c634f9ad2 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnEpfw.dll
MD5: d23bbc0827b1d8730c8c1cfa1d82ccd5 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnHips.dll
MD5: 225b0dfb3490fd7860b0c12a8103031a D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnMailPlugins.dll
MD5: aa7f66b5d4b20a8bf4d0607ecfa0d274 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnScan.dll
MD5: 8bd055a8eb90193b72f5175fa8506156 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnUpdate.dll
MD5: f26102500a90e72fa73e9ab40c1dfb81 D:\Program Files\ESET\ESET NOD32 Antivirus\x86\updater.dll
MD5: 309d4e087d3005aec1f486c7ee0d0050 D:\Utilities\HostsMan_4.0.82_beta3\hm.exe


Scan finished - communication took 19 sec
Total traffic - 0.00 MB sent, 0.00 KB recvd
Scanned 394 files and modules - 20 seconds

==============================================================================
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

but a new log file was not created upon loading Windows...


If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Scan failed! Couldn't access QuickScan server.


Blocked again...

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan

    Posted Image
  • Wait for the scan to finish.
  • The report is created on your desktop.
  • Click on the Delete button

    Posted Image
  • The report is created on your desktop.
  • Next click on the ShortcutsFix button.

    Posted Image
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of all the RKreport.txt files from your desktop in your next Reply.

When you return please post
  • OTL fix txt
  • RKreport.txt

  • 0

#15
XPorter

XPorter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles


Ah, sorry about that...I remember now, you had mentioned that in one of your original posts; mine was stored in D:\_OTL\MovedFiles. Here is the log:

========== OTL ==========
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22b78c25-0337-11e1-bc7e-00248c444208}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22b78c25-0337-11e1-bc7e-00248c444208}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22b78c25-0337-11e1-bc7e-00248c444208}\ not found.
File I:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97a5fd06-030f-11e1-a437-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97a5fd06-030f-11e1-a437-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97a5fd06-030f-11e1-a437-806e6f6e6963}\ not found.
File G:\FalloutLauncher.exe not found.
ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\ProgramData:gs5sys deleted successfully.
ADS D:\Users\Dan\Documents\desktop.ini:gs5sys deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10202012_021458



Scan failed! Couldn't access QuickScan server.


Hmm, I did not even notice that at the top of the Bitdefender log. Could it be Hostsman blocking it?? Speaking of which, my custom host file that Hostsman maintains is now empty...was this intentional or did one of the scans I ran do this?

Below are all three of the Rogue Killer reports:

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dan [Admin rights]
Mode : Scan -- Date : 10/20/2012 13:07:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4456 : wscript.exe C:\Users\Dan\AppData\Local\Temp\launchie.vbs //B -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{2F25B8A8-1564-47B0-82C6-E45C88A57F2B} : NameServer (64.71.255.198,192.168.0.25) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{2F25B8A8-1564-47B0-82C6-E45C88A57F2B} : NameServer (64.71.255.198,192.168.0.25) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\Users\Dan\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1002FAEX-00Y9A0 +++++
--- User ---
[MBR] 214e9cd94e4033c2a11eaa8311128fb6
[BSP] d22fb538a379f1888d01ccca0cfa6fc5 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: INTEL SSDSC2CW240A3 +++++
--- User ---
[MBR] 63f387b90d539ecdd942739d9f1c83c5
[BSP] 96bdaf9bcdc45daffcd4abd99d3769b8 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228934 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] 4da50b9d4e87c6c1ffe775e02574564f
[BSP] 29efa3bb25cf0ae457ef2049b50ae1c0 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD3000HLFS-01G6U0 +++++
--- User ---
[MBR] f3604cbc562307bce19031125f78fb09
[BSP] 15f46783bffa2a8b008aeb4c49aebfad : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: SAMSUNG HD103SJ +++++
--- User ---
[MBR] b392d0e6969c2c6ae1699c08ba36281e
[BSP] 95337261465f5e6df1dfb2545de23e3b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dan [Admin rights]
Mode : Remove -- Date : 10/20/2012 13:09:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4456 : wscript.exe C:\Users\Dan\AppData\Local\Temp\launchie.vbs //B -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{2F25B8A8-1564-47B0-82C6-E45C88A57F2B} : NameServer (64.71.255.198,192.168.0.25) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{2F25B8A8-1564-47B0-82C6-E45C88A57F2B} : NameServer (64.71.255.198,192.168.0.25) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\Users\Dan\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1002FAEX-00Y9A0 +++++
--- User ---
[MBR] 214e9cd94e4033c2a11eaa8311128fb6
[BSP] d22fb538a379f1888d01ccca0cfa6fc5 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: INTEL SSDSC2CW240A3 +++++
--- User ---
[MBR] 63f387b90d539ecdd942739d9f1c83c5
[BSP] 96bdaf9bcdc45daffcd4abd99d3769b8 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228934 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] 4da50b9d4e87c6c1ffe775e02574564f
[BSP] 29efa3bb25cf0ae457ef2049b50ae1c0 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD3000HLFS-01G6U0 +++++
--- User ---
[MBR] f3604cbc562307bce19031125f78fb09
[BSP] 15f46783bffa2a8b008aeb4c49aebfad : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: SAMSUNG HD103SJ +++++
--- User ---
[MBR] b392d0e6969c2c6ae1699c08ba36281e
[BSP] 95337261465f5e6df1dfb2545de23e3b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dan [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/20/2012 13:12:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\Users\Dan\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 118 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 8 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 329 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume8 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume5 -- 0x3 --> Restored
[G:] \Device\CdRom0 -- 0x5 --> Skipped
[H:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[I:] \Device\CdRom1 -- 0x5 --> Skipped
[J:] \Device\HarddiskVolume6 -- 0x3 --> Restored
[X:] \Device\HarddiskVolume2 -- 0x3 --> Restored

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP