As of two days ago I have started to get notifications from my Microsoft security essentials every five minutes that detected threats are being cleaned. When I open up security essentials and check the history it shows me that it is Trojan:JS/Medfos.B and the file was located at- containerfile:C:\Users\Tye\AppData\Local\chromeupdate.crx file:C:\Users\Tye\AppData\Local\chromeupdate.crx->manager.js
I have ran a full scan Malewarebytes and several full scans from Microsoft Security Essentials. The security essentials is the only one that picks up the Medfos.B . I havent noticed any other symptoms other then the constant notifications.
Any Help would be greatly appreciated! I will be home for a couple hours but will be leaving soon and wont be back till probably later tomorrow.
OTL logfile created on: 08/10/2012 11:29:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tye\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 40.30% Memory free
7.99 Gb Paging File | 5.49 Gb Available in Paging File | 68.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.69 Gb Total Space | 40.21 Gb Free Space | 8.92% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 0.01 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
Computer Name: TYES-XPS | User Name: Tye | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/08 11:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tye\Desktop\OTL.exe
PRC - [2012/10/08 01:49:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PRC - [2012/10/03 23:39:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/21 19:08:26 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/08/30 13:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/12 18:52:48 | 000,471,408 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/07/09 21:08:30 | 000,404,848 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/07/09 21:04:30 | 000,385,392 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/07/09 20:57:46 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/27 16:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/19 18:27:48 | 000,232,960 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Arctosa\razerhid.exe
PRC - [2009/04/17 09:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/09 15:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/25 16:10:12 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Arctosa\razertra.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/06 20:48:14 | 000,460,800 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\orvcpr.dll
MOD - [2012/07/24 20:44:21 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012/07/24 20:44:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/07/24 20:44:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/24 20:43:59 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/07/24 20:43:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/24 20:43:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/24 20:43:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/24 20:43:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/19 03:40:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/19 03:40:04 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/07/09 21:11:50 | 000,009,584 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012/07/09 20:57:46 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/27 16:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2010/05/12 15:06:36 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll
MOD - [2009/04/09 15:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/04/09 15:29:00 | 000,263,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/04/09 15:29:00 | 000,132,336 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/04/09 15:29:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/04/09 15:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/04/09 15:29:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2008/09/25 16:10:12 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Arctosa\razertra.exe
========== Services (SafeList) ==========
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/10/03 23:39:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/10/03 21:44:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/21 20:08:23 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/30 13:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 18:52:48 | 000,471,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/09 21:13:34 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2012/07/09 21:08:30 | 000,404,848 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/07/09 21:04:30 | 000,385,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/04/05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/30 18:28:02 | 000,271,856 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/11/30 18:28:02 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/17 09:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/09 20:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 12:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/08 17:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/11/04 17:28:54 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/08/19 15:57:22 | 000,019,840 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Arctosa.sys -- (Arctosa)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/08/15 23:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...tB&cr=827958695
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tB&cr=827958695
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell....c=ca&l=en&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {06A4FB7E-E78F-453C-992B-1FF9E96A1A48}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{06A4FB7E-E78F-453C-992B-1FF9E96A1A48}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tB&cr=827958695
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...ms}&fr=chr-divx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Foxtab Web Search"
FF - prefs.js..browser.search.selectedEngine: "Foxtab Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.foxtab...B&cr=827958695"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.2
FF - prefs.js..extensions.enabledAddons: {609FE45E-1029-11E2-8271-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.659.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tye\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tye\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/05 02:21:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tye\AppData\Roaming\Move Networks [2010/12/29 21:08:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{609FE45E-1029-11E2-8271-B8AC6F996F26}: C:\Users\Tye\AppData\Local\{609FE45E-1029-11E2-8271-B8AC6F996F26}\ [2012/10/06 20:48:18 | 000,000,000 | ---D | M]
[2010/12/29 21:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Extensions
[2012/07/18 15:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions
[2011/01/11 14:49:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/02 00:58:16 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2009/07/20 00:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\jd6lpzs1.default\extensions
[2012/07/18 15:20:55 | 000,031,033 | ---- | M] () (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\[email protected]
[2011/06/25 21:45:12 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\[email protected]
[2011/08/12 21:21:52 | 000,005,423 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\searchplugins\Foxtab Web Search.xml
[2012/10/08 01:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/29 20:44:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/29 20:44:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 00:32:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/11 21:02:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/01/11 13:20:33 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/10/06 20:48:18 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\TYE\APPDATA\LOCAL\{609FE45E-1029-11E2-8271-B8AC6F996F26}
========== Chrome ==========
CHR - homepage: http://search.foxtab...tB&cr=827958695
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://search.foxtab...tB&cr=827958695
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Tye\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Tye\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Tye\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\Tye\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Tye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Arctosa] C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [orvcpr] C:\Users\Tye\AppData\Roaming\orvcpr.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12042425-9E50-45A6-AFDE-C8B55A2BF582}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{163DAF9B-AD67-4049-B7BD-F3688293F2DE}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F45E283-F346-459F-AF57-E8EE7C4FE1F5}: DhcpNameServer = 64.71.255.198 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E63F5CB-F719-41F1-B66F-3BADCC0BE859}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEEDDB56-6277-47ED-B6B4-36BA1BEF6A13}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\intu-qt2009 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/15 17:06:10 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/08 11:21:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tye\Desktop\OTL.exe
[2012/10/08 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/08 00:06:09 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Roaming\Malwarebytes
[2012/10/08 00:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/08 00:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/08 00:05:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/08 00:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/07 21:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/10/07 21:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/07 21:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/06 20:54:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\default
[2012/10/06 20:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2012/10/06 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Local\{609FE45E-1029-11E2-8271-B8AC6F996F26}
[2012/10/04 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Local\SCE
[2012/10/04 19:38:15 | 000,000,000 | ---D | C] -- C:\Crash
[2012/10/03 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/10/03 21:48:21 | 000,000,000 | R--D | C] -- C:\Users\Tye\MegaCloud
[2012/10/03 21:40:16 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/10/03 18:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blacklight
[2012/10/03 11:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2011/12/09 02:11:24 | 086,405,736 | ---- | C] (K2 Network, Inc.) -- C:\Users\Tye\APB_Reloaded_Installer.exe
[2010/03/16 03:38:40 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Tye\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/08 11:33:38 | 000,006,466 | ---- | M] () -- C:\Users\Tye\AppData\Local\chromeupdate.crx
[2012/10/08 11:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tye\Desktop\OTL.exe
[2012/10/08 11:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/08 01:15:58 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 01:15:58 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 01:07:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 01:07:03 | 3219,234,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 00:06:03 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 21:58:04 | 000,002,478 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/10/06 20:48:14 | 000,460,800 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\orvcpr.dll
[2012/10/04 19:38:00 | 000,002,392 | ---- | M] () -- C:\Users\Tye\Desktop\PlanetSide 2 Beta.lnk
[2012/10/03 23:57:03 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/10/03 23:57:03 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/03 23:39:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/03 23:39:24 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/10/03 21:59:43 | 000,001,040 | ---- | M] () -- C:\Users\Tye\Desktop\Blacklight Retribution.lnk
[2012/10/02 01:37:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/02 01:37:57 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/02 01:37:57 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/01 20:18:11 | 000,002,008 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\wklnhst.dat
[2012/09/30 12:59:14 | 000,796,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/08 00:06:03 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 21:58:04 | 000,002,478 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/10/06 20:48:12 | 000,460,800 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\orvcpr.dll
[2012/10/04 19:38:00 | 000,002,422 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 Beta.lnk
[2012/10/04 19:38:00 | 000,002,392 | ---- | C] () -- C:\Users\Tye\Desktop\PlanetSide 2 Beta.lnk
[2012/10/03 21:59:43 | 000,001,040 | ---- | C] () -- C:\Users\Tye\Desktop\Blacklight Retribution.lnk
[2012/10/03 21:40:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/08/30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/08/12 14:56:19 | 000,000,268 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/07/25 16:49:30 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/02/02 01:51:35 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\bsrmgcv.dll
[2012/02/02 01:51:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\bsrmgps.dll
[2012/02/02 01:51:35 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\bsreffs.dll
[2012/02/02 01:51:35 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\bsrlback.dll
[2012/02/02 01:51:35 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\bsrgvas.dll
[2012/02/02 01:50:50 | 000,585,728 | ---- | C] () -- C:\Windows\SysWow64\bsratswf.dll
[2012/02/02 01:50:50 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\bsratwmv.dll
[2011/12/09 02:11:24 | 3830,088,838 | ---- | C] () -- C:\Users\Tye\Client1.5.3.569583.7z
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/17 02:21:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/12 01:28:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/02/17 02:26:22 | 000,000,600 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\winscp.rnd
[2010/12/29 20:27:55 | 000,781,494 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/05 00:18:33 | 000,130,850 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/11/05 00:09:33 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/10/17 21:39:39 | 000,028,140 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\OFMissionEditorConfig.xml
[2009/07/23 17:40:04 | 000,002,008 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2012/10/04 16:17:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$3da447917be5014b02fa72516726b9f3\L
[2012/10/04 16:17:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$3da447917be5014b02fa72516726b9f3\U
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-789600660-107216011-2290983713-1000\$3da447917be5014b02fa72516726b9f3\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$3da447917be5014b02fa72516726b9f3\n.
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2010/12/29 21:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\.BitTornado
[2011/03/13 21:39:37 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\acccore
[2011/01/29 01:26:14 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\ArmA II Launcher
[2011/07/05 00:41:49 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Bioshock
[2010/12/29 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Civitas2
[2011/02/17 02:30:13 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\DiskAid
[2012/09/06 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Fatshark
[2010/12/29 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\FinalTorrent
[2011/09/30 19:55:15 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\ieSpell
[2010/12/29 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Leadertech
[2010/12/29 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Mount&Blade
[2011/05/30 09:33:38 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Mount&Blade Warband
[2011/07/18 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/08/09 21:52:49 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Origin
[2011/03/27 23:29:41 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Petroglyph
[2011/09/30 19:47:48 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Razer
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\SPORE
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Stardock
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\SystemRequirementsLab
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Template
[2011/02/28 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\The Creative Assembly
[2010/12/29 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Tropico 3 Demo
[2012/10/06 00:44:23 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\TS3Client
[2010/12/29 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Unity
[2012/04/10 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\wargaming.net
[2011/07/14 17:44:29 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
P.S. Happy Canadian Thanks Giving
Edited by Tye14, 08 October 2012 - 12:03 PM.