Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

JS/Medfos.B [Solved]

Started by Tye14 , Oct 08 2012 12:02 PM

This topic is locked

#1
Tye14

Posted 08 October 2012 - 12:02 PM

New Member

Member
9 posts

Hi there,
As of two days ago I have started to get notifications from my Microsoft security essentials every five minutes that “detected threats are being cleaned.” When I open up security essentials and check the history it shows me that it is Trojan:JS/Medfos.B and the file was located at- containerfile:C:\Users\Tye\AppData\Local\chromeupdate.crx file:C:\Users\Tye\AppData\Local\chromeupdate.crx->manager.js
I have ran a full scan Malewarebytes and several full scans from Microsoft Security Essentials. The security essentials is the only one that picks up the Medfos.B . I haven’t noticed any other symptoms other then the constant notifications.
Any Help would be greatly appreciated! I will be home for a couple hours but will be leaving soon and wont be back till probably later tomorrow.

OTL logfile created on: 08/10/2012 11:29:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tye\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 40.30% Memory free
7.99 Gb Paging File | 5.49 Gb Available in Paging File | 68.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.69 Gb Total Space | 40.21 Gb Free Space | 8.92% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 0.01 Gb Free Space | 0.04% Space Free | Partition Type: NTFS

Computer Name: TYES-XPS | User Name: Tye | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 11:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tye\Desktop\OTL.exe
PRC - [2012/10/08 01:49:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PRC - [2012/10/03 23:39:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/21 19:08:26 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/08/30 13:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/12 18:52:48 | 000,471,408 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/07/09 21:08:30 | 000,404,848 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/07/09 21:04:30 | 000,385,392 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/07/09 20:57:46 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/27 16:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/19 18:27:48 | 000,232,960 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Arctosa\razerhid.exe
PRC - [2009/04/17 09:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/09 15:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/25 16:10:12 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Arctosa\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/06 20:48:14 | 000,460,800 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\orvcpr.dll
MOD - [2012/07/24 20:44:21 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012/07/24 20:44:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/07/24 20:44:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/24 20:43:59 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/07/24 20:43:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/24 20:43:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/24 20:43:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/24 20:43:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/19 03:40:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/19 03:40:04 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/07/09 21:11:50 | 000,009,584 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012/07/09 20:57:46 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/27 16:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2010/05/12 15:06:36 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll
MOD - [2009/04/09 15:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/04/09 15:29:00 | 000,263,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/04/09 15:29:00 | 000,132,336 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/04/09 15:29:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/04/09 15:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/04/09 15:29:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2008/09/25 16:10:12 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Arctosa\razertra.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/10/03 23:39:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/10/03 21:44:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/21 20:08:23 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/30 13:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 18:52:48 | 000,471,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/09 21:13:34 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2012/07/09 21:08:30 | 000,404,848 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/07/09 21:04:30 | 000,385,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/04/05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/30 18:28:02 | 000,271,856 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/11/30 18:28:02 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/17 09:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/09 20:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 12:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/08 17:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/11/04 17:28:54 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/08/19 15:57:22 | 000,019,840 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Arctosa.sys -- (Arctosa)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/08/15 23:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...tB&cr=827958695
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tB&cr=827958695
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1561552

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell....c=ca&l=en&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {06A4FB7E-E78F-453C-992B-1FF9E96A1A48}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{06A4FB7E-E78F-453C-992B-1FF9E96A1A48}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tB&cr=827958695
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...ms}&fr=chr-divx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Foxtab Web Search"
FF - prefs.js..browser.search.selectedEngine: "Foxtab Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.foxtab...B&cr=827958695"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.2
FF - prefs.js..extensions.enabledAddons: {609FE45E-1029-11E2-8271-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.659.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tye\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tye\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/05 02:21:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tye\AppData\Roaming\Move Networks [2010/12/29 21:08:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{609FE45E-1029-11E2-8271-B8AC6F996F26}: C:\Users\Tye\AppData\Local\{609FE45E-1029-11E2-8271-B8AC6F996F26}\ [2012/10/06 20:48:18 | 000,000,000 | ---D | M]

[2010/12/29 21:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Extensions
[2012/07/18 15:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions
[2011/01/11 14:49:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/02 00:58:16 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2009/07/20 00:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\jd6lpzs1.default\extensions
[2012/07/18 15:20:55 | 000,031,033 | ---- | M] () (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\[email protected]
[2011/06/25 21:45:12 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\[email protected]
[2011/08/12 21:21:52 | 000,005,423 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\searchplugins\Foxtab Web Search.xml
[2012/10/08 01:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/29 20:44:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/29 20:44:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 00:32:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/11 21:02:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/01/11 13:20:33 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/10/06 20:48:18 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\TYE\APPDATA\LOCAL\{609FE45E-1029-11E2-8271-B8AC6F996F26}

========== Chrome ==========

CHR - homepage: http://search.foxtab...tB&cr=827958695
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://search.foxtab...tB&cr=827958695
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Tye\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Tye\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Tye\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\Tye\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Tye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Arctosa] C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [orvcpr] C:\Users\Tye\AppData\Roaming\orvcpr.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12042425-9E50-45A6-AFDE-C8B55A2BF582}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{163DAF9B-AD67-4049-B7BD-F3688293F2DE}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F45E283-F346-459F-AF57-E8EE7C4FE1F5}: DhcpNameServer = 64.71.255.198 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E63F5CB-F719-41F1-B66F-3BADCC0BE859}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEEDDB56-6277-47ED-B6B4-36BA1BEF6A13}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\intu-qt2009 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/15 17:06:10 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 11:21:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tye\Desktop\OTL.exe
[2012/10/08 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/08 00:06:09 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Roaming\Malwarebytes
[2012/10/08 00:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/08 00:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/08 00:05:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/08 00:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/07 21:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/10/07 21:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/07 21:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/06 20:54:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\default
[2012/10/06 20:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2012/10/06 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Local\{609FE45E-1029-11E2-8271-B8AC6F996F26}
[2012/10/04 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Local\SCE
[2012/10/04 19:38:15 | 000,000,000 | ---D | C] -- C:\Crash
[2012/10/03 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/10/03 21:48:21 | 000,000,000 | R--D | C] -- C:\Users\Tye\MegaCloud
[2012/10/03 21:40:16 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/10/03 18:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blacklight
[2012/10/03 11:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2011/12/09 02:11:24 | 086,405,736 | ---- | C] (K2 Network, Inc.) -- C:\Users\Tye\APB_Reloaded_Installer.exe
[2010/03/16 03:38:40 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Tye\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 11:33:38 | 000,006,466 | ---- | M] () -- C:\Users\Tye\AppData\Local\chromeupdate.crx
[2012/10/08 11:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tye\Desktop\OTL.exe
[2012/10/08 11:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/08 01:15:58 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 01:15:58 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 01:07:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 01:07:03 | 3219,234,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 00:06:03 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 21:58:04 | 000,002,478 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/10/06 20:48:14 | 000,460,800 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\orvcpr.dll
[2012/10/04 19:38:00 | 000,002,392 | ---- | M] () -- C:\Users\Tye\Desktop\PlanetSide 2 Beta.lnk
[2012/10/03 23:57:03 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/10/03 23:57:03 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/03 23:39:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/03 23:39:24 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/10/03 21:59:43 | 000,001,040 | ---- | M] () -- C:\Users\Tye\Desktop\Blacklight Retribution.lnk
[2012/10/02 01:37:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/02 01:37:57 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/02 01:37:57 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/01 20:18:11 | 000,002,008 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\wklnhst.dat
[2012/09/30 12:59:14 | 000,796,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/08 00:06:03 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 21:58:04 | 000,002,478 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/10/06 20:48:12 | 000,460,800 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\orvcpr.dll
[2012/10/04 19:38:00 | 000,002,422 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 Beta.lnk
[2012/10/04 19:38:00 | 000,002,392 | ---- | C] () -- C:\Users\Tye\Desktop\PlanetSide 2 Beta.lnk
[2012/10/03 21:59:43 | 000,001,040 | ---- | C] () -- C:\Users\Tye\Desktop\Blacklight Retribution.lnk
[2012/10/03 21:40:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/08/30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/08/12 14:56:19 | 000,000,268 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/07/25 16:49:30 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/02/02 01:51:35 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\bsrmgcv.dll
[2012/02/02 01:51:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\bsrmgps.dll
[2012/02/02 01:51:35 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\bsreffs.dll
[2012/02/02 01:51:35 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\bsrlback.dll
[2012/02/02 01:51:35 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\bsrgvas.dll
[2012/02/02 01:50:50 | 000,585,728 | ---- | C] () -- C:\Windows\SysWow64\bsratswf.dll
[2012/02/02 01:50:50 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\bsratwmv.dll
[2011/12/09 02:11:24 | 3830,088,838 | ---- | C] () -- C:\Users\Tye\Client1.5.3.569583.7z
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/17 02:21:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/12 01:28:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/02/17 02:26:22 | 000,000,600 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\winscp.rnd
[2010/12/29 20:27:55 | 000,781,494 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/05 00:18:33 | 000,130,850 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/11/05 00:09:33 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/10/17 21:39:39 | 000,028,140 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\OFMissionEditorConfig.xml
[2009/07/23 17:40:04 | 000,002,008 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2012/10/04 16:17:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$3da447917be5014b02fa72516726b9f3\L
[2012/10/04 16:17:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$3da447917be5014b02fa72516726b9f3\U
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-789600660-107216011-2290983713-1000\$3da447917be5014b02fa72516726b9f3\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$3da447917be5014b02fa72516726b9f3\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/12/29 21:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\.BitTornado
[2011/03/13 21:39:37 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\acccore
[2011/01/29 01:26:14 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\ArmA II Launcher
[2011/07/05 00:41:49 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Bioshock
[2010/12/29 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Civitas2
[2011/02/17 02:30:13 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\DiskAid
[2012/09/06 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Fatshark
[2010/12/29 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\FinalTorrent
[2011/09/30 19:55:15 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\ieSpell
[2010/12/29 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Leadertech
[2010/12/29 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Mount&Blade
[2011/05/30 09:33:38 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Mount&Blade Warband
[2011/07/18 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/08/09 21:52:49 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Origin
[2011/03/27 23:29:41 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Petroglyph
[2011/09/30 19:47:48 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Razer
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\SPORE
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Stardock
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\SystemRequirementsLab
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Template
[2011/02/28 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\The Creative Assembly
[2010/12/29 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Tropico 3 Demo
[2012/10/06 00:44:23 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\TS3Client
[2010/12/29 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Unity
[2012/04/10 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\wargaming.net
[2011/07/14 17:44:29 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

P.S. Happy Canadian Thanks Giving

Edited by Tye14, 08 October 2012 - 12:03 PM.

#2
Essexboy

Posted 08 October 2012 - 12:30 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi you have a zero access infection so lets clear that for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.659.0
[2012/02/02 00:58:16 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
2011/01/02 00:32:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/11 21:02:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKCU..\Run: [orvcpr] C:\Users\Tye\AppData\Roaming\orvcpr.dll ()
[2012/10/08 11:33:38 | 000,006,466 | ---- | M] () -- C:\Users\Tye\AppData\Local\chromeupdate.crx
[2012/10/06 20:48:14 | 000,460,800 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\orvcpr.dll

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

Download and run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#3
Tye14

Posted 08 October 2012 - 12:50 PM

New Member

Topic Starter
Member
9 posts

Wow thank you for the super quick reply

After doing the run fix and rebooting I received the error message "there was a problem starting C:\Users\Tye\AppData\Roaming\orvcpr.dll
The specific module could not be found."

Do I keep continuing with the other steps?

#4
Essexboy

Posted 08 October 2012 - 01:19 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes please that will disappear after combofix

#5
Tye14

Posted 08 October 2012 - 02:10 PM

New Member

Topic Starter
Member
9 posts

OTL logfile created on: 08/10/2012 12:43:32 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tye\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 56.26% Memory free
7.99 Gb Paging File | 6.07 Gb Available in Paging File | 75.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.69 Gb Total Space | 41.55 Gb Free Space | 9.22% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 0.01 Gb Free Space | 0.04% Space Free | Partition Type: NTFS

Computer Name: TYES-XPS | User Name: Tye | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 11:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tye\Desktop\OTL.exe
PRC - [2012/10/03 23:39:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/21 19:08:26 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012/08/30 13:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/12 18:52:48 | 000,471,408 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/07/09 21:08:30 | 000,404,848 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/07/09 21:04:30 | 000,385,392 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/07/09 20:57:46 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/27 16:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/19 18:27:48 | 000,232,960 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Arctosa\razerhid.exe
PRC - [2009/04/17 09:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/09 15:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/25 16:10:12 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Arctosa\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/24 20:44:21 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012/07/24 20:44:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/07/24 20:44:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/24 20:43:59 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/07/24 20:43:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/24 20:43:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/24 20:43:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/24 20:43:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/19 03:40:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/19 03:40:04 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/07/09 21:11:50 | 000,009,584 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012/07/09 20:57:46 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/27 16:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2010/05/12 15:06:36 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll
MOD - [2009/04/09 15:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/04/09 15:29:00 | 000,263,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/04/09 15:29:00 | 000,132,336 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/04/09 15:29:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/04/09 15:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/04/09 15:29:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2008/09/25 16:10:12 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Arctosa\razertra.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/10/03 23:39:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/10/03 21:44:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/21 20:08:23 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/30 13:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 18:52:48 | 000,471,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/09 21:13:34 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2012/07/09 21:08:30 | 000,404,848 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/07/09 21:04:30 | 000,385,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/04/05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/30 18:28:02 | 000,271,856 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/11/30 18:28:02 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/17 09:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/09 20:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 12:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/08 17:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/11/04 17:28:54 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/08/19 15:57:22 | 000,019,840 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Arctosa.sys -- (Arctosa)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/08/15 23:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...tB&cr=827958695
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tB&cr=827958695
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1561552

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell....c=ca&l=en&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {06A4FB7E-E78F-453C-992B-1FF9E96A1A48}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{06A4FB7E-E78F-453C-992B-1FF9E96A1A48}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tB&cr=827958695
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...ms}&fr=chr-divx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Foxtab Web Search"
FF - prefs.js..browser.search.selectedEngine: "Foxtab Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.foxtab...B&cr=827958695"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.2
FF - prefs.js..extensions.enabledAddons: {609FE45E-1029-11E2-8271-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.659.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tye\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tye\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/05 02:21:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tye\AppData\Roaming\Move Networks [2010/12/29 21:08:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{609FE45E-1029-11E2-8271-B8AC6F996F26}: C:\Users\Tye\AppData\Local\{609FE45E-1029-11E2-8271-B8AC6F996F26}\ [2012/10/06 20:48:18 | 000,000,000 | ---D | M]

[2010/12/29 21:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Extensions
[2012/07/18 15:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions
[2011/01/11 14:49:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/20 00:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\jd6lpzs1.default\extensions
[2012/07/18 15:20:55 | 000,031,033 | ---- | M] () (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\[email protected]
[2011/06/25 21:45:12 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\extensions\[email protected]
[2011/08/12 21:21:52 | 000,005,423 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Profiles\i8ygehvs.default\searchplugins\Foxtab Web Search.xml
[2012/10/08 01:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/29 20:44:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/29 20:44:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 00:32:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/11 13:20:33 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/10/06 20:48:18 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\TYE\APPDATA\LOCAL\{609FE45E-1029-11E2-8271-B8AC6F996F26}
File not found (No name found) -- C:\USERS\TYE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I8YGEHVS.DEFAULT\EXTENSIONS\{75656794-AB59-4712-BFBC-5D816D56F3BC}

========== Chrome ==========

CHR - homepage: http://search.foxtab...tB&cr=827958695
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://search.foxtab...tB&cr=827958695
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Tye\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Tye\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Tye\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\Tye\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Tye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2012/10/08 12:35:12 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Arctosa] C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [orvcpr] "C:\Windows\System32\rundll32.exe" "C:\Users\Tye\AppData\Roaming\orvcpr.dll",UnpackTuple File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12042425-9E50-45A6-AFDE-C8B55A2BF582}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{163DAF9B-AD67-4049-B7BD-F3688293F2DE}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F45E283-F346-459F-AF57-E8EE7C4FE1F5}: DhcpNameServer = 64.71.255.198 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E63F5CB-F719-41F1-B66F-3BADCC0BE859}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEEDDB56-6277-47ED-B6B4-36BA1BEF6A13}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\intu-qt2009 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Tye\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/15 17:06:10 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 12:35:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/08 11:21:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tye\Desktop\OTL.exe
[2012/10/08 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/08 00:06:09 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Roaming\Malwarebytes
[2012/10/08 00:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/08 00:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/08 00:05:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/08 00:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/07 21:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/10/07 21:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/07 21:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/06 20:54:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\default
[2012/10/06 20:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2012/10/06 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Local\{609FE45E-1029-11E2-8271-B8AC6F996F26}
[2012/10/04 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Local\SCE
[2012/10/04 19:38:15 | 000,000,000 | ---D | C] -- C:\Crash
[2012/10/03 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\Tye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/10/03 21:48:21 | 000,000,000 | R--D | C] -- C:\Users\Tye\MegaCloud
[2012/10/03 21:40:16 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/10/03 18:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blacklight
[2012/10/03 11:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2011/12/09 02:11:24 | 086,405,736 | ---- | C] (K2 Network, Inc.) -- C:\Users\Tye\APB_Reloaded_Installer.exe
[2010/03/16 03:38:40 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Tye\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 12:46:41 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 12:46:41 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 12:39:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 12:38:58 | 3219,234,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 12:35:12 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/08 12:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/08 11:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tye\Desktop\OTL.exe
[2012/10/08 00:06:03 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 21:58:04 | 000,002,478 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/10/04 19:38:00 | 000,002,392 | ---- | M] () -- C:\Users\Tye\Desktop\PlanetSide 2 Beta.lnk
[2012/10/04 16:17:52 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/10/03 23:57:03 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/10/03 23:57:03 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/03 23:39:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/03 23:39:24 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/10/03 21:59:43 | 000,001,040 | ---- | M] () -- C:\Users\Tye\Desktop\Blacklight Retribution.lnk
[2012/10/02 01:37:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/02 01:37:57 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/02 01:37:57 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/01 20:18:11 | 000,002,008 | ---- | M] () -- C:\Users\Tye\AppData\Roaming\wklnhst.dat
[2012/09/30 12:59:14 | 000,796,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/08 00:06:03 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 21:58:04 | 000,002,478 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/10/04 19:38:00 | 000,002,422 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 Beta.lnk
[2012/10/04 19:38:00 | 000,002,392 | ---- | C] () -- C:\Users\Tye\Desktop\PlanetSide 2 Beta.lnk
[2012/10/03 21:59:43 | 000,001,040 | ---- | C] () -- C:\Users\Tye\Desktop\Blacklight Retribution.lnk
[2012/10/03 21:40:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/08/30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/08/12 14:56:19 | 000,000,268 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/07/25 16:49:30 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/02/02 01:51:35 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\bsrmgcv.dll
[2012/02/02 01:51:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\bsrmgps.dll
[2012/02/02 01:51:35 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\bsreffs.dll
[2012/02/02 01:51:35 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\bsrlback.dll
[2012/02/02 01:51:35 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\bsrgvas.dll
[2012/02/02 01:50:50 | 000,585,728 | ---- | C] () -- C:\Windows\SysWow64\bsratswf.dll
[2012/02/02 01:50:50 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\bsratwmv.dll
[2011/12/09 02:11:24 | 3830,088,838 | ---- | C] () -- C:\Users\Tye\Client1.5.3.569583.7z
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/17 02:21:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/12 01:28:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/02/17 02:26:22 | 000,000,600 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\winscp.rnd
[2010/12/29 20:27:55 | 000,781,494 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/05 00:18:33 | 000,130,850 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/11/05 00:09:33 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/10/17 21:39:39 | 000,028,140 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\OFMissionEditorConfig.xml
[2009/07/23 17:40:04 | 000,002,008 | ---- | C] () -- C:\Users\Tye\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2012/10/04 16:17:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$3da447917be5014b02fa72516726b9f3\L
[2012/10/04 16:17:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$3da447917be5014b02fa72516726b9f3\U
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-789600660-107216011-2290983713-1000\$3da447917be5014b02fa72516726b9f3\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$3da447917be5014b02fa72516726b9f3\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/12/29 21:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\.BitTornado
[2011/03/13 21:39:37 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\acccore
[2011/01/29 01:26:14 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\ArmA II Launcher
[2011/07/05 00:41:49 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Bioshock
[2010/12/29 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Civitas2
[2011/02/17 02:30:13 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\DiskAid
[2012/09/06 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Fatshark
[2010/12/29 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\FinalTorrent
[2011/09/30 19:55:15 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\ieSpell
[2010/12/29 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Leadertech
[2010/12/29 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Mount&Blade
[2011/05/30 09:33:38 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Mount&Blade Warband
[2011/07/18 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/08/09 21:52:49 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Origin
[2011/03/27 23:29:41 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Petroglyph
[2011/09/30 19:47:48 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Razer
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\SPORE
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Stardock
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\SystemRequirementsLab
[2010/12/29 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Template
[2011/02/28 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\The Creative Assembly
[2010/12/29 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Tropico 3 Demo
[2012/10/06 00:44:23 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\TS3Client
[2010/12/29 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Unity
[2012/04/10 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\wargaming.net
[2011/07/14 17:44:29 | 000,000,000 | ---D | M] -- C:\Users\Tye\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

#6
Tye14

Posted 08 October 2012 - 02:10 PM

New Member

Topic Starter
Member
9 posts

ComboFix 12-10-08.03 - Tye 08/10/2012 13:38:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4093.2079 [GMT -6:00]
Running from: c:\users\Tye\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\DealBulldog Toolbar
c:\program files (x86)\DealBulldog Toolbar\affid.dat
c:\program files (x86)\DealBulldog Toolbar\alert_plugin.dll
c:\program files (x86)\DealBulldog Toolbar\basis.xml
c:\program files (x86)\DealBulldog Toolbar\icons.bmp
c:\program files (x86)\DealBulldog Toolbar\info.txt
c:\program files (x86)\DealBulldog Toolbar\install.ico
c:\program files (x86)\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files (x86)\DealBulldog Toolbar\mbback.bmp
c:\program files (x86)\DealBulldog Toolbar\mbbigopen.bmp
c:\program files (x86)\DealBulldog Toolbar\mbclose.bmp
c:\program files (x86)\DealBulldog Toolbar\mbfwd.bmp
c:\program files (x86)\DealBulldog Toolbar\mbsep.bmp
c:\program files (x86)\DealBulldog Toolbar\nav1c.bmp
c:\program files (x86)\DealBulldog Toolbar\somoto.dll
c:\program files (x86)\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.inf
c:\program files (x86)\DealBulldog Toolbar\tbhelper.dll
c:\program files (x86)\DealBulldog Toolbar\TbHelper2.exe
c:\program files (x86)\DealBulldog Toolbar\uninstall.exe
c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files (x86)\DealBulldog Toolbar\update.exe
c:\program files (x86)\DealBulldog Toolbar\version.txt
c:\program files (x86)\moh
c:\program files (x86)\moh\autorun.dat
c:\program files (x86)\moh\AutoRun.exe
c:\program files (x86)\moh\Autorun.ico
c:\program files (x86)\moh\autorun.inf
c:\program files (x86)\moh\Autorun\AutoRun.bmp
c:\program files (x86)\moh\c0.cab
c:\program files (x86)\moh\changelist_data.txt
c:\program files (x86)\moh\d0.cab
c:\program files (x86)\moh\DirectX\Apr2005_d3dx9_25_x64.cab
c:\program files (x86)\moh\DirectX\Apr2005_d3dx9_25_x86.cab
c:\program files (x86)\moh\DirectX\Apr2006_d3dx9_30_x64.cab
c:\program files (x86)\moh\DirectX\Apr2006_d3dx9_30_x86.cab
c:\program files (x86)\moh\DirectX\Apr2006_MDX1_x86.cab
c:\program files (x86)\moh\DirectX\Apr2006_MDX1_x86_Archive.cab
c:\program files (x86)\moh\DirectX\Apr2006_XACT_x64.cab
c:\program files (x86)\moh\DirectX\Apr2006_XACT_x86.cab
c:\program files (x86)\moh\DirectX\Apr2006_xinput_x64.cab
c:\program files (x86)\moh\DirectX\Apr2006_xinput_x86.cab
c:\program files (x86)\moh\DirectX\APR2007_d3dx10_33_x64.cab
c:\program files (x86)\moh\DirectX\APR2007_d3dx10_33_x86.cab
c:\program files (x86)\moh\DirectX\APR2007_d3dx9_33_x64.cab
c:\program files (x86)\moh\DirectX\APR2007_d3dx9_33_x86.cab
c:\program files (x86)\moh\DirectX\APR2007_XACT_x64.cab
c:\program files (x86)\moh\DirectX\APR2007_XACT_x86.cab
c:\program files (x86)\moh\DirectX\APR2007_xinput_x64.cab
c:\program files (x86)\moh\DirectX\APR2007_xinput_x86.cab
c:\program files (x86)\moh\DirectX\Aug2005_d3dx9_27_x64.cab
c:\program files (x86)\moh\DirectX\Aug2005_d3dx9_27_x86.cab
c:\program files (x86)\moh\DirectX\AUG2006_XACT_x64.cab
c:\program files (x86)\moh\DirectX\AUG2006_XACT_x86.cab
c:\program files (x86)\moh\DirectX\AUG2006_xinput_x64.cab
c:\program files (x86)\moh\DirectX\AUG2006_xinput_x86.cab
c:\program files (x86)\moh\DirectX\AUG2007_d3dx10_35_x64.cab
c:\program files (x86)\moh\DirectX\AUG2007_d3dx10_35_x86.cab
c:\program files (x86)\moh\DirectX\AUG2007_d3dx9_35_x64.cab
c:\program files (x86)\moh\DirectX\AUG2007_d3dx9_35_x86.cab
c:\program files (x86)\moh\DirectX\AUG2007_XACT_x64.cab
c:\program files (x86)\moh\DirectX\AUG2007_XACT_x86.cab
c:\program files (x86)\moh\DirectX\Aug2008_d3dx10_39_x64.cab
c:\program files (x86)\moh\DirectX\Aug2008_d3dx10_39_x86.cab
c:\program files (x86)\moh\DirectX\Aug2008_d3dx9_39_x64.cab
c:\program files (x86)\moh\DirectX\Aug2008_d3dx9_39_x86.cab
c:\program files (x86)\moh\DirectX\Aug2008_XACT_x64.cab
c:\program files (x86)\moh\DirectX\Aug2008_XACT_x86.cab
c:\program files (x86)\moh\DirectX\Aug2008_XAudio_x64.cab
c:\program files (x86)\moh\DirectX\Aug2008_XAudio_x86.cab
c:\program files (x86)\moh\DirectX\Aug2009_D3DCompiler_42_x64.cab
c:\program files (x86)\moh\DirectX\Aug2009_D3DCompiler_42_x86.cab
c:\program files (x86)\moh\DirectX\Aug2009_d3dcsx_42_x64.cab
c:\program files (x86)\moh\DirectX\Aug2009_d3dcsx_42_x86.cab
c:\program files (x86)\moh\DirectX\Aug2009_d3dx10_42_x64.cab
c:\program files (x86)\moh\DirectX\Aug2009_d3dx10_42_x86.cab
c:\program files (x86)\moh\DirectX\Aug2009_d3dx11_42_x64.cab
c:\program files (x86)\moh\DirectX\Aug2009_d3dx11_42_x86.cab
c:\program files (x86)\moh\DirectX\Aug2009_d3dx9_42_x64.cab
c:\program files (x86)\moh\DirectX\Aug2009_d3dx9_42_x86.cab
c:\program files (x86)\moh\DirectX\Aug2009_XACT_x64.cab
c:\program files (x86)\moh\DirectX\Aug2009_XACT_x86.cab
c:\program files (x86)\moh\DirectX\Aug2009_XAudio_x64.cab
c:\program files (x86)\moh\DirectX\Aug2009_XAudio_x86.cab
c:\program files (x86)\moh\DirectX\BDANT.cab
c:\program files (x86)\moh\DirectX\BDAXP.cab
c:\program files (x86)\moh\DirectX\Dec2005_d3dx9_28_x64.cab
c:\program files (x86)\moh\DirectX\Dec2005_d3dx9_28_x86.cab
c:\program files (x86)\moh\DirectX\DEC2006_d3dx10_00_x64.cab
c:\program files (x86)\moh\DirectX\DEC2006_d3dx10_00_x86.cab
c:\program files (x86)\moh\DirectX\DEC2006_d3dx9_32_x64.cab
c:\program files (x86)\moh\DirectX\DEC2006_d3dx9_32_x86.cab
c:\program files (x86)\moh\DirectX\DEC2006_XACT_x64.cab
c:\program files (x86)\moh\DirectX\DEC2006_XACT_x86.cab
c:\program files (x86)\moh\DirectX\DSETUP.dll
c:\program files (x86)\moh\DirectX\dsetup32.dll
c:\program files (x86)\moh\DirectX\dxdllreg_x86.cab
c:\program files (x86)\moh\DirectX\dxnt.cab
c:\program files (x86)\moh\DirectX\DXSETUP.exe
c:\program files (x86)\moh\DirectX\dxupdate.cab
c:\program files (x86)\moh\DirectX\Feb2005_d3dx9_24_x64.cab
c:\program files (x86)\moh\DirectX\Feb2005_d3dx9_24_x86.cab
c:\program files (x86)\moh\DirectX\Feb2006_d3dx9_29_x64.cab
c:\program files (x86)\moh\DirectX\Feb2006_d3dx9_29_x86.cab
c:\program files (x86)\moh\DirectX\Feb2006_XACT_x64.cab
c:\program files (x86)\moh\DirectX\Feb2006_XACT_x86.cab
c:\program files (x86)\moh\DirectX\FEB2007_XACT_x64.cab
c:\program files (x86)\moh\DirectX\FEB2007_XACT_x86.cab
c:\program files (x86)\moh\DirectX\Jun2005_d3dx9_26_x64.cab
c:\program files (x86)\moh\DirectX\Jun2005_d3dx9_26_x86.cab
c:\program files (x86)\moh\DirectX\JUN2006_XACT_x64.cab
c:\program files (x86)\moh\DirectX\JUN2006_XACT_x86.cab
c:\program files (x86)\moh\DirectX\JUN2007_d3dx10_34_x64.cab
c:\program files (x86)\moh\DirectX\JUN2007_d3dx10_34_x86.cab
c:\program files (x86)\moh\DirectX\JUN2007_d3dx9_34_x64.cab
c:\program files (x86)\moh\DirectX\JUN2007_d3dx9_34_x86.cab
c:\program files (x86)\moh\DirectX\JUN2007_XACT_x64.cab
c:\program files (x86)\moh\DirectX\JUN2007_XACT_x86.cab
c:\program files (x86)\moh\DirectX\JUN2008_d3dx10_38_x64.cab
c:\program files (x86)\moh\DirectX\JUN2008_d3dx10_38_x86.cab
c:\program files (x86)\moh\DirectX\JUN2008_d3dx9_38_x64.cab
c:\program files (x86)\moh\DirectX\JUN2008_d3dx9_38_x86.cab
c:\program files (x86)\moh\DirectX\JUN2008_X3DAudio_x64.cab
c:\program files (x86)\moh\DirectX\JUN2008_X3DAudio_x86.cab
c:\program files (x86)\moh\DirectX\JUN2008_XACT_x64.cab
c:\program files (x86)\moh\DirectX\JUN2008_XACT_x86.cab
c:\program files (x86)\moh\DirectX\JUN2008_XAudio_x64.cab
c:\program files (x86)\moh\DirectX\JUN2008_XAudio_x86.cab
c:\program files (x86)\moh\DirectX\Mar2008_d3dx10_37_x64.cab
c:\program files (x86)\moh\DirectX\Mar2008_d3dx10_37_x86.cab
c:\program files (x86)\moh\DirectX\Mar2008_d3dx9_37_x64.cab
c:\program files (x86)\moh\DirectX\Mar2008_d3dx9_37_x86.cab
c:\program files (x86)\moh\DirectX\Mar2008_X3DAudio_x64.cab
c:\program files (x86)\moh\DirectX\Mar2008_X3DAudio_x86.cab
c:\program files (x86)\moh\DirectX\Mar2008_XACT_x64.cab
c:\program files (x86)\moh\DirectX\Mar2008_XACT_x86.cab
c:\program files (x86)\moh\DirectX\Mar2008_XAudio_x64.cab
c:\program files (x86)\moh\DirectX\Mar2008_XAudio_x86.cab
c:\program files (x86)\moh\DirectX\Mar2009_d3dx10_41_x64.cab
c:\program files (x86)\moh\DirectX\Mar2009_d3dx10_41_x86.cab
c:\program files (x86)\moh\DirectX\Mar2009_d3dx9_41_x64.cab
c:\program files (x86)\moh\DirectX\Mar2009_d3dx9_41_x86.cab
c:\program files (x86)\moh\DirectX\Mar2009_X3DAudio_x64.cab
c:\program files (x86)\moh\DirectX\Mar2009_X3DAudio_x86.cab
c:\program files (x86)\moh\DirectX\Mar2009_XACT_x64.cab
c:\program files (x86)\moh\DirectX\Mar2009_XACT_x86.cab
c:\program files (x86)\moh\DirectX\Mar2009_XAudio_x64.cab
c:\program files (x86)\moh\DirectX\Mar2009_XAudio_x86.cab
c:\program files (x86)\moh\DirectX\Nov2007_d3dx10_36_x64.cab
c:\program files (x86)\moh\DirectX\Nov2007_d3dx10_36_x86.cab
c:\program files (x86)\moh\DirectX\Nov2007_d3dx9_36_x64.cab
c:\program files (x86)\moh\DirectX\Nov2007_d3dx9_36_x86.cab
c:\program files (x86)\moh\DirectX\NOV2007_X3DAudio_x64.cab
c:\program files (x86)\moh\DirectX\NOV2007_X3DAudio_x86.cab
c:\program files (x86)\moh\DirectX\NOV2007_XACT_x64.cab
c:\program files (x86)\moh\DirectX\NOV2007_XACT_x86.cab
c:\program files (x86)\moh\DirectX\Nov2008_d3dx10_40_x64.cab
c:\program files (x86)\moh\DirectX\Nov2008_d3dx10_40_x86.cab
c:\program files (x86)\moh\DirectX\Nov2008_d3dx9_40_x64.cab
c:\program files (x86)\moh\DirectX\Nov2008_d3dx9_40_x86.cab
c:\program files (x86)\moh\DirectX\Nov2008_X3DAudio_x64.cab
c:\program files (x86)\moh\DirectX\Nov2008_X3DAudio_x86.cab
c:\program files (x86)\moh\DirectX\Nov2008_XACT_x64.cab
c:\program files (x86)\moh\DirectX\Nov2008_XACT_x86.cab
c:\program files (x86)\moh\DirectX\Nov2008_XAudio_x64.cab
c:\program files (x86)\moh\DirectX\Nov2008_XAudio_x86.cab
c:\program files (x86)\moh\DirectX\Oct2005_xinput_x64.cab
c:\program files (x86)\moh\DirectX\Oct2005_xinput_x86.cab
c:\program files (x86)\moh\DirectX\OCT2006_d3dx9_31_x64.cab
c:\program files (x86)\moh\DirectX\OCT2006_d3dx9_31_x86.cab
c:\program files (x86)\moh\DirectX\OCT2006_XACT_x64.cab
c:\program files (x86)\moh\DirectX\OCT2006_XACT_x86.cab
c:\program files (x86)\moh\o0.cab
c:\program files (x86)\moh\p0.cab
c:\program files (x86)\moh\PunkBuster\pbsvc_moh.exe
c:\program files (x86)\moh\Redistributable\x86\vcredis1.cab
c:\program files (x86)\moh\Redistributable\x86\vcredist.msi
c:\program files (x86)\moh\Setup.exe
c:\program files (x86)\moh\Support\AutoRun.bmp
c:\program files (x86)\moh\Support\EA Help\badge.gif
c:\program files (x86)\moh\Support\EA Help\Cz\Autorun.htm
c:\program files (x86)\moh\Support\EA Help\Cz\badge.gif
c:\program files (x86)\moh\Support\EA Help\Cz\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\Cz\black background.JPG
c:\program files (x86)\moh\Support\EA Help\Cz\Blue_Screen_.htm
c:\program files (x86)\moh\Support\EA Help\Cz\blueback.gif
c:\program files (x86)\moh\Support\EA Help\Cz\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\Cz\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\Cz\CD_DVD_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Cz\CD_DVD_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\Cz\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\Cz\check.jpg
c:\program files (x86)\moh\Support\EA Help\Cz\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\Cz\close.gif
c:\program files (x86)\moh\Support\EA Help\Cz\content_h.gif
c:\program files (x86)\moh\Support\EA Help\Cz\content_n.gif
c:\program files (x86)\moh\Support\EA Help\Cz\Copy of bookopen.gif
c:\program files (x86)\moh\Support\EA Help\Cz\Crash_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Crash_Issues3.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Crashes.htm
c:\program files (x86)\moh\Support\EA Help\Cz\default.css
c:\program files (x86)\moh\Support\EA Help\Cz\default_ns.css
c:\program files (x86)\moh\Support\EA Help\Cz\directional.gif
c:\program files (x86)\moh\Support\EA Help\Cz\DirectX.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Display_Settings.htm
c:\program files (x86)\moh\Support\EA Help\Cz\EA_HELP_CZ.htm
c:\program files (x86)\moh\Support\EA Help\Cz\EA_Help_UK.log
c:\program files (x86)\moh\Support\EA Help\Cz\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\Cz\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\Cz\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Error_message.htm
c:\program files (x86)\moh\Support\EA Help\Cz\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\Cz\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Cz\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\Cz\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\Cz\go.gif
c:\program files (x86)\moh\Support\EA Help\Cz\go.jpg
c:\program files (x86)\moh\Support\EA Help\Cz\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\Cz\index_h.gif
c:\program files (x86)\moh\Support\EA Help\Cz\index_n.gif
c:\program files (x86)\moh\Support\EA Help\Cz\install.jpg
c:\program files (x86)\moh\Support\EA Help\Cz\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Cz\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\Cz\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\Cz\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\Cz\My_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\Cz\page.gif
c:\program files (x86)\moh\Support\EA Help\Cz\r01.gif
c:\program files (x86)\moh\Support\EA Help\Cz\r02.gif
c:\program files (x86)\moh\Support\EA Help\Cz\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\Cz\search_h.gif
c:\program files (x86)\moh\Support\EA Help\Cz\search_n.gif
c:\program files (x86)\moh\Support\EA Help\Cz\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\Cz\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\Cz\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\Cz\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\Cz\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\Cz\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\Cz\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\Cz\urls.gif
c:\program files (x86)\moh\Support\EA Help\Cz\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\Cz\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\Da\autorun.htm
c:\program files (x86)\moh\Support\EA Help\Da\badge.gif
c:\program files (x86)\moh\Support\EA Help\Da\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\Da\black background.JPG
c:\program files (x86)\moh\Support\EA Help\Da\blue_screen_.htm
c:\program files (x86)\moh\Support\EA Help\Da\blueback.gif
c:\program files (x86)\moh\Support\EA Help\Da\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\Da\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\Da\cd_dvd_issues.htm
c:\program files (x86)\moh\Support\EA Help\Da\cd_dvd_issues2.htm
c:\program files (x86)\moh\Support\EA Help\Da\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\Da\check.jpg
c:\program files (x86)\moh\Support\EA Help\Da\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\Da\close.gif
c:\program files (x86)\moh\Support\EA Help\Da\content_h.gif
c:\program files (x86)\moh\Support\EA Help\Da\content_n.gif
c:\program files (x86)\moh\Support\EA Help\Da\crash_issues2.htm
c:\program files (x86)\moh\Support\EA Help\Da\crash_issues3.htm
c:\program files (x86)\moh\Support\EA Help\Da\crashes.htm
c:\program files (x86)\moh\Support\EA Help\Da\default.css
c:\program files (x86)\moh\Support\EA Help\Da\default_ns.css
c:\program files (x86)\moh\Support\EA Help\Da\directional.gif
c:\program files (x86)\moh\Support\EA Help\Da\directx.htm
c:\program files (x86)\moh\Support\EA Help\Da\display_settings.htm
c:\program files (x86)\moh\Support\EA Help\Da\EA_HELP_DA.htm
c:\program files (x86)\moh\Support\EA Help\Da\EA_Help_Da.log
c:\program files (x86)\moh\Support\EA Help\Da\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\Da\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\Da\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\Da\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\Da\error_message.htm
c:\program files (x86)\moh\Support\EA Help\Da\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\Da\gameplay_issues.htm
c:\program files (x86)\moh\Support\EA Help\Da\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\Da\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\Da\go.gif
c:\program files (x86)\moh\Support\EA Help\Da\go.jpg
c:\program files (x86)\moh\Support\EA Help\Da\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\Da\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\Da\index_h.gif
c:\program files (x86)\moh\Support\EA Help\Da\index_n.gif
c:\program files (x86)\moh\Support\EA Help\Da\install.jpg
c:\program files (x86)\moh\Support\EA Help\Da\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Da\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\Da\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\Da\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Da\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\Da\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\Da\my_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\Da\page.gif
c:\program files (x86)\moh\Support\EA Help\Da\r01.gif
c:\program files (x86)\moh\Support\EA Help\Da\r02.gif
c:\program files (x86)\moh\Support\EA Help\Da\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\Da\search_h.gif
c:\program files (x86)\moh\Support\EA Help\Da\search_n.gif
c:\program files (x86)\moh\Support\EA Help\Da\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\Da\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\Da\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\Da\starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Da\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\Da\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\Da\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\Da\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\Da\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\Da\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\Da\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\Da\urls.gif
c:\program files (x86)\moh\Support\EA Help\Da\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\Da\Warranty.htm
c:\program files (x86)\moh\Support\EA Help\Da\welcome.htm
c:\program files (x86)\moh\Support\EA Help\De\autorun.htm
c:\program files (x86)\moh\Support\EA Help\De\badge.gif
c:\program files (x86)\moh\Support\EA Help\De\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\De\black background.JPG
c:\program files (x86)\moh\Support\EA Help\De\blue_screen_.htm
c:\program files (x86)\moh\Support\EA Help\De\blueback.gif
c:\program files (x86)\moh\Support\EA Help\De\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\De\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\De\cd_dvd_issues.htm
c:\program files (x86)\moh\Support\EA Help\De\cd_dvd_issues2.htm
c:\program files (x86)\moh\Support\EA Help\De\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\De\check.jpg
c:\program files (x86)\moh\Support\EA Help\De\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\De\close.gif
c:\program files (x86)\moh\Support\EA Help\De\content_h.gif
c:\program files (x86)\moh\Support\EA Help\De\content_n.gif
c:\program files (x86)\moh\Support\EA Help\De\crash_issues2.htm
c:\program files (x86)\moh\Support\EA Help\De\crash_issues3.htm
c:\program files (x86)\moh\Support\EA Help\De\crashes.htm
c:\program files (x86)\moh\Support\EA Help\De\default.css
c:\program files (x86)\moh\Support\EA Help\De\default_ns.css
c:\program files (x86)\moh\Support\EA Help\De\directional.gif
c:\program files (x86)\moh\Support\EA Help\De\directx.htm
c:\program files (x86)\moh\Support\EA Help\De\display_settings.htm
c:\program files (x86)\moh\Support\EA Help\De\EA_HELP_DE.htm
c:\program files (x86)\moh\Support\EA Help\De\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\De\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\De\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\De\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\De\error_message.htm
c:\program files (x86)\moh\Support\EA Help\De\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\De\gameplay_issues.htm
c:\program files (x86)\moh\Support\EA Help\De\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\De\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\De\go.gif
c:\program files (x86)\moh\Support\EA Help\De\go.jpg
c:\program files (x86)\moh\Support\EA Help\De\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\De\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\De\index_h.gif
c:\program files (x86)\moh\Support\EA Help\De\index_n.gif
c:\program files (x86)\moh\Support\EA Help\De\install.jpg
c:\program files (x86)\moh\Support\EA Help\De\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\De\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\De\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\De\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\De\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\De\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\De\my_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\De\page.gif
c:\program files (x86)\moh\Support\EA Help\De\r01.gif
c:\program files (x86)\moh\Support\EA Help\De\r02.gif
c:\program files (x86)\moh\Support\EA Help\De\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\De\search_h.gif
c:\program files (x86)\moh\Support\EA Help\De\search_n.gif
c:\program files (x86)\moh\Support\EA Help\De\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\De\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\De\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\De\starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\De\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\De\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\De\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\De\TOP BA2.jpg
c:\program files (x86)\moh\Support\EA Help\De\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\De\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\De\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\De\urls.gif
c:\program files (x86)\moh\Support\EA Help\De\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\De\warranty.htm
c:\program files (x86)\moh\Support\EA Help\De\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\Electronic_Arts_Technical_Support.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Autorun.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\badge.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\en-uk\black background.JPG
c:\program files (x86)\moh\Support\EA Help\en-uk\Blue_Screen_.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\blueback.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\CD_DVD_Issues.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\CD_DVD_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\check.jpg
c:\program files (x86)\moh\Support\EA Help\en-uk\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\close.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\content_h.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\content_n.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\Crash_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Crash_Issues3.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Crashes.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\default.css
c:\program files (x86)\moh\Support\EA Help\en-uk\default_ns.css
c:\program files (x86)\moh\Support\EA Help\en-uk\directional.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\DirectX.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Display_Settings.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\EA_HELP_UK.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\EA_Help_UK.log
c:\program files (x86)\moh\Support\EA Help\en-uk\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\en-uk\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\en-uk\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Error_message.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\en-uk\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\go.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\go.jpg
c:\program files (x86)\moh\Support\EA Help\en-uk\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\index_h.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\index_n.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\install.jpg
c:\program files (x86)\moh\Support\EA Help\en-uk\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\My_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\page.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\r01.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\r02.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\search_h.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\search_n.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\en-uk\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\en-uk\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\en-uk\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\urls.gif
c:\program files (x86)\moh\Support\EA Help\en-uk\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Warranty.htm
c:\program files (x86)\moh\Support\EA Help\en-uk\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\en-us\book_open.gif
c:\program files (x86)\moh\Support\EA Help\en-us\bookclosed.gif
c:\program files (x86)\moh\Support\EA Help\en-us\close.gif
c:\program files (x86)\moh\Support\EA Help\en-us\content.gif
c:\program files (x86)\moh\Support\EA Help\en-us\Controller\Start_Controller_Issues.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Crash\Crashing_After_a_Full_Black_Screen.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Crash\Crashing_After_the_Splash_Screen.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Crash\Start_Crashes.htm
c:\program files (x86)\moh\Support\EA Help\en-us\cshdat_robohelp.htm
c:\program files (x86)\moh\Support\EA Help\en-us\default.css
c:\program files (x86)\moh\Support\EA Help\en-us\default_ns.css
c:\program files (x86)\moh\Support\EA Help\en-us\Direct_X\_Direct3D__or__D3D__Errors.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Direct_X\_GET_SETUP__Error_When_Installing_DirectX.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Direct_X\DirectX_Version_Does_not_Update_After_Installation.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Direct_X\Start_Direct_X.htm
c:\program files (x86)\moh\Support\EA Help\en-us\directional.gif
c:\program files (x86)\moh\Support\EA Help\en-us\EA Customer Service Tool v1.log
c:\program files (x86)\moh\Support\EA Help\en-us\eHelp.xml
c:\program files (x86)\moh\Support\EA Help\en-us\ehlpdhtm.js
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support.ews
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support.glo
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support.hhc
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support.hhk
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support.lng
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support.ppf
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support.stp
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support.syn
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support_hha.hhk
c:\program files (x86)\moh\Support\EA Help\en-us\Electronic_Arts_Technical_Support_rhc.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Error_Message\_Cannot_locate_CD_DVD-ROM_.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Error_Message\_CD_DVD_Emulation_Software_Detected_.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Error_Message\_Program_has_caused_an_error__or__Error_in__gamename_.exe_.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Error_Message\Start_Error.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Getting_More_Help_Online\Start_Getting_More_Help_Online.htm
c:\program files (x86)\moh\Support\EA Help\en-us\go.gif
c:\program files (x86)\moh\Support\EA Help\en-us\Graphics\Start_Graphics_Issues.htm
c:\program files (x86)\moh\Support\EA Help\en-us\gray-left.gif
c:\program files (x86)\moh\Support\EA Help\en-us\gray-rt.gif
c:\program files (x86)\moh\Support\EA Help\en-us\greyback.gif
c:\program files (x86)\moh\Support\EA Help\en-us\HtmlHelp.css
c:\program files (x86)\moh\Support\EA Help\en-us\index.gif
c:\program files (x86)\moh\Support\EA Help\en-us\Install\4_Digit_Error_Code.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Install\Autoplay_Screen_Does_not_Appear.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Install\INST_Start_Installation_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Install\Pre-Installation_Preparation.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Install\Transfer_or_File_Error_During_Installation.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Install\Virus_Warning_During_Installation.htm
c:\program files (x86)\moh\Support\EA Help\en-us\left-ar.gif
c:\program files (x86)\moh\Support\EA Help\en-us\Lock-up_and_Freeze\Locking_up_with_a_Repeating_Sound.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Lock-up_and_Freeze\Random_or_General_Lockups.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Lock-up_and_Freeze\Start_Locking_up_and_Freezing.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Online_Connectivity_and_Performance\Start_Online_Connectivity_and_Performance.htm
c:\program files (x86)\moh\Support\EA Help\en-us\other_index.gif
c:\program files (x86)\moh\Support\EA Help\en-us\page.gif
c:\program files (x86)\moh\Support\EA Help\en-us\Red_Book_Closed.gif
c:\program files (x86)\moh\Support\EA Help\en-us\Red_Browse_Right.gif
c:\program files (x86)\moh\Support\EA Help\en-us\Red_Page.gif
c:\program files (x86)\moh\Support\EA Help\en-us\right-ar.gif
c:\program files (x86)\moh\Support\EA Help\en-us\RoboHHRE.lng
c:\program files (x86)\moh\Support\EA Help\en-us\search.gif
c:\program files (x86)\moh\Support\EA Help\en-us\Sound\Start_Sound.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\en-us\urls.gif
c:\program files (x86)\moh\Support\EA Help\en-us\webhelp.cab
c:\program files (x86)\moh\Support\EA Help\en-us\webhelp.jar
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\book_open.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\bookclosed.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\close.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\content.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\directional.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\ealogo.GIF
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\easmall.JPG
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\go.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\gray-left.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\gray-rt.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\greyback.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\index.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\left-ar.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\other_index.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\page.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\right-ar.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\search.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\toplogo.JPG
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\urls.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\websearch.gif
c:\program files (x86)\moh\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\XP_Silver.skn
c:\program files (x86)\moh\Support\EA Help\en-us\websearch.gif
c:\program files (x86)\moh\Support\EA Help\en-us\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whftdata.js
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whftdata0.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whfts.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whfts.js
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whfwdata.js
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whfwdata0.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whgdata.js
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whglo.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whglo.js
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whidata.js
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whidata0.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whidx.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whidx.js
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whtdata.js
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whtdata0.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whtoc.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whdata\whtoc.js
c:\program files (x86)\moh\Support\EA Help\en-us\whestart.ico
c:\program files (x86)\moh\Support\EA Help\en-us\whfbody.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whfdhtml.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whfform.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whfhost.js
c:\program files (x86)\moh\Support\EA Help\en-us\whform.js
c:\program files (x86)\moh\Support\EA Help\en-us\whframes.js
c:\program files (x86)\moh\Support\EA Help\en-us\whgbody.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whgdef.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whgdhtml.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whghost.js
c:\program files (x86)\moh\Support\EA Help\en-us\whhost.js
c:\program files (x86)\moh\Support\EA Help\en-us\whibody.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whidhtml.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whiform.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whihost.js
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\CD_DVD-ROM_Troubleshooting_.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Changing_Desktop_Resolution.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Configuring_Routers_and_Firewalls.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Controller_Calibration.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Emptying_your_Temp_Folder.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Ending_Background_Tasks.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Finding_the_Minimum_System_Requirements.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Lowering_Sound_Acceleration.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Preparing_your_Hard_Drive_.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Reinstalling_DirectX.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\UO_Trace.htm
c:\program files (x86)\moh\Support\EA Help\en-us\Whitepages\Updating_Drivers.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whlang.js
c:\program files (x86)\moh\Support\EA Help\en-us\whmozemu.js
c:\program files (x86)\moh\Support\EA Help\en-us\whmsg.js
c:\program files (x86)\moh\Support\EA Help\en-us\whnjs.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whphost.js
c:\program files (x86)\moh\Support\EA Help\en-us\whproj.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whproj.js
c:\program files (x86)\moh\Support\EA Help\en-us\whproj.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whproxy.js
c:\program files (x86)\moh\Support\EA Help\en-us\whres.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whrstart.ico
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_banner.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_blank.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_ep_ins.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_ep_start.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_frmset01.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_frmset010.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_homepage.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_info.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_mbars.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_papplet.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_pdhtml.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_pickup.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_plist.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_tbars.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whskin_tw.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whst_topics.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whstart.ico
c:\program files (x86)\moh\Support\EA Help\en-us\whstart.js
c:\program files (x86)\moh\Support\EA Help\en-us\whstub.js
c:\program files (x86)\moh\Support\EA Help\en-us\wht_abge.jpg
c:\program files (x86)\moh\Support\EA Help\en-us\wht_abgi.jpg
c:\program files (x86)\moh\Support\EA Help\en-us\wht_abgw.jpg
c:\program files (x86)\moh\Support\EA Help\en-us\wht_abte.jpg
c:\program files (x86)\moh\Support\EA Help\en-us\wht_abti.jpg
c:\program files (x86)\moh\Support\EA Help\en-us\wht_abtw.jpg
c:\program files (x86)\moh\Support\EA Help\en-us\wht_fts_h.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_fts_n.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_glo_h.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_glo_n.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_go.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_hide.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_idx_h.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_idx_n.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_logo1.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_logo2.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_next.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_next_g.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_prev.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_prev_g.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_spac.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_sync.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_tab0.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_tab1.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_tab2.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_tab3.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_tab4.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_tab5.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_tab6.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_tab7.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_tab8.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_toc_h.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_toc_n.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_ws.gif
c:\program files (x86)\moh\Support\EA Help\en-us\wht_ws_g.gif
c:\program files (x86)\moh\Support\EA Help\en-us\whtbar.js
c:\program files (x86)\moh\Support\EA Help\en-us\whtdhtml.htm
c:\program files (x86)\moh\Support\EA Help\en-us\whthost.js
c:\program files (x86)\moh\Support\EA Help\en-us\whtopic.js
c:\program files (x86)\moh\Support\EA Help\en-us\whutils.js
c:\program files (x86)\moh\Support\EA Help\en-us\whver.js
c:\program files (x86)\moh\Support\EA Help\en-us\whxdata\whftdata0.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whxdata\whfts.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whxdata\whfwdata0.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whxdata\whglo.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whxdata\whidata0.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whxdata\whidx.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whxdata\whtdata0.xml
c:\program files (x86)\moh\Support\EA Help\en-us\whxdata\whtoc.xml
c:\program files (x86)\moh\Support\EA Help\Es\badge.gif
c:\program files (x86)\moh\Support\EA Help\Es\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\Es\black background.JPG
c:\program files (x86)\moh\Support\EA Help\Es\blue_screen_.htm
c:\program files (x86)\moh\Support\EA Help\Es\blueback.gif
c:\program files (x86)\moh\Support\EA Help\Es\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\Es\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\Es\CD_DVD_(Errores).htm
c:\program files (x86)\moh\Support\EA Help\Es\CD_DVD_(Errores)2.htm
c:\program files (x86)\moh\Support\EA Help\Es\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\Es\check.jpg
c:\program files (x86)\moh\Support\EA Help\Es\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\Es\close.gif
c:\program files (x86)\moh\Support\EA Help\Es\content_h.gif
c:\program files (x86)\moh\Support\EA Help\Es\content_n.gif
c:\program files (x86)\moh\Support\EA Help\Es\crash_issues3.htm
c:\program files (x86)\moh\Support\EA Help\Es\default.css
c:\program files (x86)\moh\Support\EA Help\Es\default_ns.css
c:\program files (x86)\moh\Support\EA Help\Es\directional.gif
c:\program files (x86)\moh\Support\EA Help\Es\directx.htm
c:\program files (x86)\moh\Support\EA Help\Es\Display_Settings.htm
c:\program files (x86)\moh\Support\EA Help\Es\EA_HELP_SP.htm
c:\program files (x86)\moh\Support\EA Help\Es\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\Es\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\Es\El_juego_no_se_inicia_.htm
c:\program files (x86)\moh\Support\EA Help\Es\El_juego_se_bloquea.htm
c:\program files (x86)\moh\Support\EA Help\Es\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\Es\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\Es\Error_message.htm
c:\program files (x86)\moh\Support\EA Help\Es\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\Es\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Es\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\Es\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\Es\go.gif
c:\program files (x86)\moh\Support\EA Help\Es\go.jpg
c:\program files (x86)\moh\Support\EA Help\Es\graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\Es\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\Es\index_h.gif
c:\program files (x86)\moh\Support\EA Help\Es\index_n.gif
c:\program files (x86)\moh\Support\EA Help\Es\Inicio_Del_Juego.htm
c:\program files (x86)\moh\Support\EA Help\Es\Instalaci_n_Del_Juego.htm
c:\program files (x86)\moh\Support\EA Help\Es\install.jpg
c:\program files (x86)\moh\Support\EA Help\Es\La_instalaci_n_se_bloquea_.htm
c:\program files (x86)\moh\Support\EA Help\Es\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\Es\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\Es\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Es\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\Es\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\Es\page.gif
c:\program files (x86)\moh\Support\EA Help\Es\r01.gif
c:\program files (x86)\moh\Support\EA Help\Es\r02.gif
c:\program files (x86)\moh\Support\EA Help\Es\Reproducci_n_autom_tica_.htm
c:\program files (x86)\moh\Support\EA Help\Es\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\Es\search_h.gif
c:\program files (x86)\moh\Support\EA Help\Es\search_n.gif
c:\program files (x86)\moh\Support\EA Help\Es\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\Es\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\Es\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\Es\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\Es\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\Es\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\Es\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\Es\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\Es\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\Es\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\Es\urls.gif
c:\program files (x86)\moh\Support\EA Help\Es\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\Es\Warranty.htm
c:\program files (x86)\moh\Support\EA Help\Es\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\Fi\autorun.htm
c:\program files (x86)\moh\Support\EA Help\Fi\badge.gif
c:\program files (x86)\moh\Support\EA Help\Fi\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\Fi\black background.JPG
c:\program files (x86)\moh\Support\EA Help\Fi\blue_screen_.htm
c:\program files (x86)\moh\Support\EA Help\Fi\blueback.gif
c:\program files (x86)\moh\Support\EA Help\Fi\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\Fi\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\Fi\cd_dvd_issues.htm
c:\program files (x86)\moh\Support\EA Help\Fi\cd_dvd_issues2.htm
c:\program files (x86)\moh\Support\EA Help\Fi\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\Fi\check.jpg
c:\program files (x86)\moh\Support\EA Help\Fi\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\Fi\close.gif
c:\program files (x86)\moh\Support\EA Help\Fi\content_h.gif
c:\program files (x86)\moh\Support\EA Help\Fi\content_n.gif
c:\program files (x86)\moh\Support\EA Help\Fi\crash_issues2.htm
c:\program files (x86)\moh\Support\EA Help\Fi\crash_issues3.htm
c:\program files (x86)\moh\Support\EA Help\Fi\crashes.htm
c:\program files (x86)\moh\Support\EA Help\Fi\default.css
c:\program files (x86)\moh\Support\EA Help\Fi\default_ns.css
c:\program files (x86)\moh\Support\EA Help\Fi\directional.gif
c:\program files (x86)\moh\Support\EA Help\Fi\directx.htm
c:\program files (x86)\moh\Support\EA Help\Fi\display_settings.htm
c:\program files (x86)\moh\Support\EA Help\Fi\EA_HELP_FI.htm
c:\program files (x86)\moh\Support\EA Help\Fi\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\Fi\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\Fi\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\Fi\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\Fi\error_message.htm
c:\program files (x86)\moh\Support\EA Help\Fi\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\Fi\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Fi\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\Fi\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\Fi\go.gif
c:\program files (x86)\moh\Support\EA Help\Fi\go.jpg
c:\program files (x86)\moh\Support\EA Help\Fi\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\Fi\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\Fi\index_h.gif
c:\program files (x86)\moh\Support\EA Help\Fi\index_n.gif
c:\program files (x86)\moh\Support\EA Help\Fi\install.jpg
c:\program files (x86)\moh\Support\EA Help\Fi\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Fi\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\Fi\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\Fi\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Fi\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\Fi\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\Fi\my_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\Fi\page.gif
c:\program files (x86)\moh\Support\EA Help\Fi\r01.gif
c:\program files (x86)\moh\Support\EA Help\Fi\r02.gif
c:\program files (x86)\moh\Support\EA Help\Fi\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\Fi\search_h.gif
c:\program files (x86)\moh\Support\EA Help\Fi\search_n.gif
c:\program files (x86)\moh\Support\EA Help\Fi\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\Fi\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\Fi\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\Fi\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Fi\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\Fi\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\Fi\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\Fi\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\Fi\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\Fi\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\Fi\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\Fi\urls.gif
c:\program files (x86)\moh\Support\EA Help\Fi\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\Fi\Warranty.htm
c:\program files (x86)\moh\Support\EA Help\Fi\welcome.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\autorun.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\badge.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\fr-fr\black background.JPG
c:\program files (x86)\moh\Support\EA Help\fr-fr\blue_screen_.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\blueback.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\cd_dvd_issues.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\cd_dvd_issues2.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\check.jpg
c:\program files (x86)\moh\Support\EA Help\fr-fr\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\close.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\content_h.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\content_n.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\crash_issues2.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\crash_issues3.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\crashes.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\default.css
c:\program files (x86)\moh\Support\EA Help\fr-fr\default_ns.css
c:\program files (x86)\moh\Support\EA Help\fr-fr\directional.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\directx.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\display_settings.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\EA_HELP_Fr.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\EA_Help_Fr.log
c:\program files (x86)\moh\Support\EA Help\fr-fr\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\fr-fr\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\fr-fr\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\error_message.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\fr-fr\gameplay_issues.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\go.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\go.jpg
c:\program files (x86)\moh\Support\EA Help\fr-fr\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\index_h.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\index_n.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\install.jpg
c:\program files (x86)\moh\Support\EA Help\fr-fr\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\my_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\page.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\r01.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\r02.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\search_h.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\search_n.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\fr-fr\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\fr-fr\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\fr-fr\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\urls.gif
c:\program files (x86)\moh\Support\EA Help\fr-fr\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\Warranty.htm
c:\program files (x86)\moh\Support\EA Help\fr-fr\welcome.htm
c:\program files (x86)\moh\Support\EA Help\Hu\autorun.htm
c:\program files (x86)\moh\Support\EA Help\Hu\badge.gif
c:\program files (x86)\moh\Support\EA Help\Hu\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\Hu\black background.JPG
c:\program files (x86)\moh\Support\EA Help\Hu\Blue_Screen_.htm
c:\program files (x86)\moh\Support\EA Help\Hu\blueback.gif
c:\program files (x86)\moh\Support\EA Help\Hu\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\Hu\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\Hu\CD_DVD_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Hu\CD_DVD_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\Hu\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\Hu\check.jpg
c:\program files (x86)\moh\Support\EA Help\Hu\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\Hu\close.gif
c:\program files (x86)\moh\Support\EA Help\Hu\content_h.gif
c:\program files (x86)\moh\Support\EA Help\Hu\content_n.gif
c:\program files (x86)\moh\Support\EA Help\Hu\Crash_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Crash_Issues3.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Crashes.htm
c:\program files (x86)\moh\Support\EA Help\Hu\default.css
c:\program files (x86)\moh\Support\EA Help\Hu\default_ns.css
c:\program files (x86)\moh\Support\EA Help\Hu\directional.gif
c:\program files (x86)\moh\Support\EA Help\Hu\DirectX.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Display_Settings.htm
c:\program files (x86)\moh\Support\EA Help\Hu\EA_HELP_HU.htm
c:\program files (x86)\moh\Support\EA Help\Hu\EA_Help_UK.log
c:\program files (x86)\moh\Support\EA Help\Hu\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\Hu\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\Hu\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Error_message.htm
c:\program files (x86)\moh\Support\EA Help\Hu\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\Hu\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Hu\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\Hu\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\Hu\go.gif
c:\program files (x86)\moh\Support\EA Help\Hu\go.jpg
c:\program files (x86)\moh\Support\EA Help\Hu\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\Hu\index_h.gif
c:\program files (x86)\moh\Support\EA Help\Hu\index_n.gif
c:\program files (x86)\moh\Support\EA Help\Hu\install.jpg
c:\program files (x86)\moh\Support\EA Help\Hu\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Hu\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\Hu\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\Hu\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\Hu\My_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\Hu\page.gif
c:\program files (x86)\moh\Support\EA Help\Hu\r01.gif
c:\program files (x86)\moh\Support\EA Help\Hu\r02.gif
c:\program files (x86)\moh\Support\EA Help\Hu\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\Hu\search_n.gif
c:\program files (x86)\moh\Support\EA Help\Hu\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\Hu\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\Hu\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\Hu\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\Hu\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\Hu\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\Hu\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Warranty.htm
c:\program files (x86)\moh\Support\EA Help\Hu\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\It\autorun.htm
c:\program files (x86)\moh\Support\EA Help\It\badge.gif
c:\program files (x86)\moh\Support\EA Help\It\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\It\black background.JPG
c:\program files (x86)\moh\Support\EA Help\It\Blue_Screen_.htm
c:\program files (x86)\moh\Support\EA Help\It\blueback.gif
c:\program files (x86)\moh\Support\EA Help\It\BLUEBACKGROUND.GIF
c:\program files (x86)\moh\Support\EA Help\It\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\It\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\It\CD_DVD_Issues.htm
c:\program files (x86)\moh\Support\EA Help\It\CD_DVD_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\It\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\It\check.jpg
c:\program files (x86)\moh\Support\EA Help\It\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\It\close.gif
c:\program files (x86)\moh\Support\EA Help\It\content_h.gif
c:\program files (x86)\moh\Support\EA Help\It\content_n.gif
c:\program files (x86)\moh\Support\EA Help\It\Crash_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\It\Crash_Issues3.htm
c:\program files (x86)\moh\Support\EA Help\It\Crashes.htm
c:\program files (x86)\moh\Support\EA Help\It\default.css
c:\program files (x86)\moh\Support\EA Help\It\default_ns.css
c:\program files (x86)\moh\Support\EA Help\It\directional.gif
c:\program files (x86)\moh\Support\EA Help\It\DirectX.htm
c:\program files (x86)\moh\Support\EA Help\It\Display_Settings.htm
c:\program files (x86)\moh\Support\EA Help\It\EA_HELP_IT.htm
c:\program files (x86)\moh\Support\EA Help\It\EA_Help_UK.log
c:\program files (x86)\moh\Support\EA Help\It\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\It\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\It\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\It\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\It\Error_message.htm
c:\program files (x86)\moh\Support\EA Help\It\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\It\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\It\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\It\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\It\go.gif
c:\program files (x86)\moh\Support\EA Help\It\go.jpg
c:\program files (x86)\moh\Support\EA Help\It\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\It\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\It\index_h.gif
c:\program files (x86)\moh\Support\EA Help\It\index_n.gif
c:\program files (x86)\moh\Support\EA Help\It\install.jpg
c:\program files (x86)\moh\Support\EA Help\It\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\It\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\It\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\It\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\It\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\It\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\It\My_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\It\page.gif
c:\program files (x86)\moh\Support\EA Help\It\r01.gif
c:\program files (x86)\moh\Support\EA Help\It\r02.gif
c:\program files (x86)\moh\Support\EA Help\It\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\It\search_h.gif
c:\program files (x86)\moh\Support\EA Help\It\search_n.gif
c:\program files (x86)\moh\Support\EA Help\It\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\It\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\It\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\It\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\It\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\It\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\It\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\It\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\It\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\It\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\It\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\It\urls.gif
c:\program files (x86)\moh\Support\EA Help\It\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\It\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\NL\autorun.htm
c:\program files (x86)\moh\Support\EA Help\NL\badge.gif
c:\program files (x86)\moh\Support\EA Help\NL\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\NL\black background.JPG
c:\program files (x86)\moh\Support\EA Help\NL\blue_screen_.htm
c:\program files (x86)\moh\Support\EA Help\NL\blueback.gif
c:\program files (x86)\moh\Support\EA Help\NL\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\NL\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\NL\cd_dvd_issues.htm
c:\program files (x86)\moh\Support\EA Help\NL\cd_dvd_issues2.htm
c:\program files (x86)\moh\Support\EA Help\NL\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\NL\check.jpg
c:\program files (x86)\moh\Support\EA Help\NL\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\NL\close.gif
c:\program files (x86)\moh\Support\EA Help\NL\content_h.gif
c:\program files (x86)\moh\Support\EA Help\NL\content_n.gif
c:\program files (x86)\moh\Support\EA Help\NL\crash_issues2.htm
c:\program files (x86)\moh\Support\EA Help\NL\crash_issues3.htm
c:\program files (x86)\moh\Support\EA Help\NL\crashes.htm
c:\program files (x86)\moh\Support\EA Help\NL\default.css
c:\program files (x86)\moh\Support\EA Help\NL\default_ns.css
c:\program files (x86)\moh\Support\EA Help\NL\directional.gif
c:\program files (x86)\moh\Support\EA Help\NL\directx.htm
c:\program files (x86)\moh\Support\EA Help\NL\display_settings.htm
c:\program files (x86)\moh\Support\EA Help\NL\EA_HELP_NL.htm
c:\program files (x86)\moh\Support\EA Help\NL\EA_Help_NL.log
c:\program files (x86)\moh\Support\EA Help\NL\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\NL\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\NL\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\NL\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\NL\error_message.htm
c:\program files (x86)\moh\Support\EA Help\NL\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\NL\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\NL\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\NL\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\NL\go.gif
c:\program files (x86)\moh\Support\EA Help\NL\go.jpg
c:\program files (x86)\moh\Support\EA Help\NL\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\NL\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\NL\index_h.gif
c:\program files (x86)\moh\Support\EA Help\NL\index_n.gif
c:\program files (x86)\moh\Support\EA Help\NL\install.jpg
c:\program files (x86)\moh\Support\EA Help\NL\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\NL\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\NL\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\NL\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\NL\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\NL\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\NL\my_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\NL\page.gif
c:\program files (x86)\moh\Support\EA Help\NL\r01.gif
c:\program files (x86)\moh\Support\EA Help\NL\r02.gif
c:\program files (x86)\moh\Support\EA Help\NL\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\NL\search_h.gif
c:\program files (x86)\moh\Support\EA Help\NL\search_n.gif
c:\program files (x86)\moh\Support\EA Help\NL\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\NL\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\NL\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\NL\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\NL\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\NL\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\NL\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\NL\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\NL\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\NL\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\NL\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\NL\urls.gif
c:\program files (x86)\moh\Support\EA Help\NL\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\NL\Warranty.htm
c:\program files (x86)\moh\Support\EA Help\NL\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\No\autorun.htm
c:\program files (x86)\moh\Support\EA Help\No\badge.gif
c:\program files (x86)\moh\Support\EA Help\No\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\No\black background.JPG
c:\program files (x86)\moh\Support\EA Help\No\Blue_Screen_.htm
c:\program files (x86)\moh\Support\EA Help\No\blueback.gif
c:\program files (x86)\moh\Support\EA Help\No\BLUEBACKGROUND.GIF
c:\program files (x86)\moh\Support\EA Help\No\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\No\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\No\CD_DVD_Issues.htm
c:\program files (x86)\moh\Support\EA Help\No\CD_DVD_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\No\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\No\check.jpg
c:\program files (x86)\moh\Support\EA Help\No\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\No\close.gif
c:\program files (x86)\moh\Support\EA Help\No\content_h.gif
c:\program files (x86)\moh\Support\EA Help\No\content_n.gif
c:\program files (x86)\moh\Support\EA Help\No\Crash_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\No\Crash_Issues3.htm
c:\program files (x86)\moh\Support\EA Help\No\Crashes.htm
c:\program files (x86)\moh\Support\EA Help\No\default.css
c:\program files (x86)\moh\Support\EA Help\No\default_ns.css
c:\program files (x86)\moh\Support\EA Help\No\directional.gif
c:\program files (x86)\moh\Support\EA Help\No\DirectX.htm
c:\program files (x86)\moh\Support\EA Help\No\Display_Settings.htm
c:\program files (x86)\moh\Support\EA Help\No\EA_HELP_NO.htm
c:\program files (x86)\moh\Support\EA Help\No\EA_Help_UK.log
c:\program files (x86)\moh\Support\EA Help\No\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\No\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\No\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\No\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\No\Error_message.htm
c:\program files (x86)\moh\Support\EA Help\No\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\No\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\No\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\No\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\No\go.gif
c:\program files (x86)\moh\Support\EA Help\No\go.jpg
c:\program files (x86)\moh\Support\EA Help\No\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\No\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\No\index_h.gif
c:\program files (x86)\moh\Support\EA Help\No\index_n.gif
c:\program files (x86)\moh\Support\EA Help\No\install.jpg
c:\program files (x86)\moh\Support\EA Help\No\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\No\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\No\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\No\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\No\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\No\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\No\My_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\No\page.gif
c:\program files (x86)\moh\Support\EA Help\No\r01.gif
c:\program files (x86)\moh\Support\EA Help\No\r02.gif
c:\program files (x86)\moh\Support\EA Help\No\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\No\search_h.gif
c:\program files (x86)\moh\Support\EA Help\No\search_n.gif
c:\program files (x86)\moh\Support\EA Help\No\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\No\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\No\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\No\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\No\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\No\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\No\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\No\top ba1.jpg
c:\program files (x86)\moh\Support\EA Help\No\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\No\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\No\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\No\urls.gif
c:\program files (x86)\moh\Support\EA Help\No\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\No\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Autorun.htm
c:\program files (x86)\moh\Support\EA Help\Pol\badge.gif
c:\program files (x86)\moh\Support\EA Help\Pol\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\Pol\black background.JPG
c:\program files (x86)\moh\Support\EA Help\Pol\Blue_Screen_.htm
c:\program files (x86)\moh\Support\EA Help\Pol\blueback.gif
c:\program files (x86)\moh\Support\EA Help\Pol\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\Pol\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\Pol\CD_DVD_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Pol\CD_DVD_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\Pol\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\Pol\check.jpg
c:\program files (x86)\moh\Support\EA Help\Pol\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\Pol\close.gif
c:\program files (x86)\moh\Support\EA Help\Pol\content_h.gif
c:\program files (x86)\moh\Support\EA Help\Pol\content_n.gif
c:\program files (x86)\moh\Support\EA Help\Pol\Crash_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Crash_Issues3.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Crashes.htm
c:\program files (x86)\moh\Support\EA Help\Pol\default.css
c:\program files (x86)\moh\Support\EA Help\Pol\default_ns.css
c:\program files (x86)\moh\Support\EA Help\Pol\directional.gif
c:\program files (x86)\moh\Support\EA Help\Pol\DirectX.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Display_Settings.htm
c:\program files (x86)\moh\Support\EA Help\Pol\EA_HELP_POL.htm
c:\program files (x86)\moh\Support\EA Help\Pol\EA_Help_UK.log
c:\program files (x86)\moh\Support\EA Help\Pol\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\Pol\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\Pol\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Error_message.htm
c:\program files (x86)\moh\Support\EA Help\Pol\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\Pol\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Pol\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\Pol\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\Pol\go.gif
c:\program files (x86)\moh\Support\EA Help\Pol\go.jpg
c:\program files (x86)\moh\Support\EA Help\Pol\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\Pol\index_h.gif
c:\program files (x86)\moh\Support\EA Help\Pol\index_n.gif
c:\program files (x86)\moh\Support\EA Help\Pol\install.jpg
c:\program files (x86)\moh\Support\EA Help\Pol\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Pol\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\Pol\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\Pol\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\Pol\My_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\Pol\page.gif
c:\program files (x86)\moh\Support\EA Help\Pol\r01.gif
c:\program files (x86)\moh\Support\EA Help\Pol\r02.gif
c:\program files (x86)\moh\Support\EA Help\Pol\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\Pol\search_h.gif
c:\program files (x86)\moh\Support\EA Help\Pol\search_n.gif
c:\program files (x86)\moh\Support\EA Help\Pol\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\Pol\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\Pol\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\Pol\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\Pol\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\Pol\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\Pol\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\Pol\urls.gif
c:\program files (x86)\moh\Support\EA Help\Pol\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\Pol\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\autorun.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\badge.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\pt-br\black background.JPG
c:\program files (x86)\moh\Support\EA Help\pt-br\blue_screen_.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\blueback.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\cd_dvd_issues.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\cd_dvd_issues2.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\check.jpg
c:\program files (x86)\moh\Support\EA Help\pt-br\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\close.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\content_h.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\content_n.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\crash_issues2.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\crash_issues3.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\crashes.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\default.css
c:\program files (x86)\moh\Support\EA Help\pt-br\default_ns.css
c:\program files (x86)\moh\Support\EA Help\pt-br\directional.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\directx.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\display_settings.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\EA_HELP_Bra-Pt.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\pt-br\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\pt-br\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\error_message.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\pt-br\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\go.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\go.jpg
c:\program files (x86)\moh\Support\EA Help\pt-br\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\index_h.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\index_n.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\install.jpg
c:\program files (x86)\moh\Support\EA Help\pt-br\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\my_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\page.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\r01.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\r02.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\search_h.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\search_n.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\pt-br\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\pt-br\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\pt-br\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\urls.gif
c:\program files (x86)\moh\Support\EA Help\pt-br\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\pt-br\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\pt\autorun.htm
c:\program files (x86)\moh\Support\EA Help\pt\badge.gif
c:\program files (x86)\moh\Support\EA Help\pt\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\pt\black background.JPG
c:\program files (x86)\moh\Support\EA Help\pt\blue_screen_.htm
c:\program files (x86)\moh\Support\EA Help\pt\blueback.gif
c:\program files (x86)\moh\Support\EA Help\pt\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\pt\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\pt\cd_dvd_issues.htm
c:\program files (x86)\moh\Support\EA Help\pt\cd_dvd_issues2.htm
c:\program files (x86)\moh\Support\EA Help\pt\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\pt\check.jpg
c:\program files (x86)\moh\Support\EA Help\pt\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\pt\close.gif
c:\program files (x86)\moh\Support\EA Help\pt\content_h.gif
c:\program files (x86)\moh\Support\EA Help\pt\content_n.gif
c:\program files (x86)\moh\Support\EA Help\pt\crash_issues2.htm
c:\program files (x86)\moh\Support\EA Help\pt\crash_issues3.htm
c:\program files (x86)\moh\Support\EA Help\pt\crashes.htm
c:\program files (x86)\moh\Support\EA Help\pt\default.css
c:\program files (x86)\moh\Support\EA Help\pt\default_ns.css
c:\program files (x86)\moh\Support\EA Help\pt\directional.gif
c:\program files (x86)\moh\Support\EA Help\pt\directx.htm
c:\program files (x86)\moh\Support\EA Help\pt\display_settings.htm
c:\program files (x86)\moh\Support\EA Help\pt\EA_HELP_PT.htm
c:\program files (x86)\moh\Support\EA Help\pt\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\pt\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\pt\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\pt\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\pt\error_message.htm
c:\program files (x86)\moh\Support\EA Help\pt\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\pt\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\pt\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\pt\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\pt\go.gif
c:\program files (x86)\moh\Support\EA Help\pt\go.jpg
c:\program files (x86)\moh\Support\EA Help\pt\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\pt\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\pt\index_h.gif
c:\program files (x86)\moh\Support\EA Help\pt\index_n.gif
c:\program files (x86)\moh\Support\EA Help\pt\install.jpg
c:\program files (x86)\moh\Support\EA Help\pt\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\pt\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\pt\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\pt\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\pt\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\pt\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\pt\my_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\pt\page.gif
c:\program files (x86)\moh\Support\EA Help\pt\r01.gif
c:\program files (x86)\moh\Support\EA Help\pt\r02.gif
c:\program files (x86)\moh\Support\EA Help\pt\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\pt\search_h.gif
c:\program files (x86)\moh\Support\EA Help\pt\search_n.gif
c:\program files (x86)\moh\Support\EA Help\pt\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\pt\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\pt\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\pt\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\pt\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\pt\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\pt\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\pt\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\pt\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\pt\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\pt\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\pt\urls.gif
c:\program files (x86)\moh\Support\EA Help\pt\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\pt\Warranty.htm
c:\program files (x86)\moh\Support\EA Help\pt\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Autorun.htm
c:\program files (x86)\moh\Support\EA Help\Ru\badge.gif
c:\program files (x86)\moh\Support\EA Help\Ru\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\Ru\black background.JPG
c:\program files (x86)\moh\Support\EA Help\Ru\Blue_Screen_.htm
c:\program files (x86)\moh\Support\EA Help\Ru\blueback.gif
c:\program files (x86)\moh\Support\EA Help\Ru\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\Ru\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\Ru\CD_DVD_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Ru\CD_DVD_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\Ru\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\Ru\check.jpg
c:\program files (x86)\moh\Support\EA Help\Ru\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\Ru\close.gif
c:\program files (x86)\moh\Support\EA Help\Ru\content_h.gif
c:\program files (x86)\moh\Support\EA Help\Ru\content_n.gif
c:\program files (x86)\moh\Support\EA Help\Ru\Crash_Issues2.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Crash_Issues3.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Crashes.htm
c:\program files (x86)\moh\Support\EA Help\Ru\default.css
c:\program files (x86)\moh\Support\EA Help\Ru\default_ns.css
c:\program files (x86)\moh\Support\EA Help\Ru\directional.gif
c:\program files (x86)\moh\Support\EA Help\Ru\DirectX.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Display_Settings.htm
c:\program files (x86)\moh\Support\EA Help\Ru\EA_HELP_RU.htm
c:\program files (x86)\moh\Support\EA Help\Ru\EA_Help_UK.log
c:\program files (x86)\moh\Support\EA Help\Ru\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\Ru\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\Ru\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Error_message.htm
c:\program files (x86)\moh\Support\EA Help\Ru\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\Ru\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Ru\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\Ru\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\Ru\go.gif
c:\program files (x86)\moh\Support\EA Help\Ru\go.jpg
c:\program files (x86)\moh\Support\EA Help\Ru\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\Ru\index_h.gif
c:\program files (x86)\moh\Support\EA Help\Ru\index_n.gif
c:\program files (x86)\moh\Support\EA Help\Ru\install.jpg
c:\program files (x86)\moh\Support\EA Help\Ru\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Ru\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\Ru\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\Ru\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\Ru\My_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\Ru\page.gif
c:\program files (x86)\moh\Support\EA Help\Ru\r01.gif
c:\program files (x86)\moh\Support\EA Help\Ru\r02.gif
c:\program files (x86)\moh\Support\EA Help\Ru\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\Ru\search_h.gif
c:\program files (x86)\moh\Support\EA Help\Ru\search_n.gif
c:\program files (x86)\moh\Support\EA Help\Ru\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\Ru\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\Ru\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\Ru\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\Ru\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\Ru\Top ba1.jpg
c:\program files (x86)\moh\Support\EA Help\Ru\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\Ru\urls.gif
c:\program files (x86)\moh\Support\EA Help\Ru\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\Ru\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\Sv\autorun.htm
c:\program files (x86)\moh\Support\EA Help\Sv\badge.gif
c:\program files (x86)\moh\Support\EA Help\Sv\bgrd_main.jpg
c:\program files (x86)\moh\Support\EA Help\Sv\black background.JPG
c:\program files (x86)\moh\Support\EA Help\Sv\blue_screen_.htm
c:\program files (x86)\moh\Support\EA Help\Sv\blueback.gif
c:\program files (x86)\moh\Support\EA Help\Sv\book_closed.gif
c:\program files (x86)\moh\Support\EA Help\Sv\bookopen.gif
c:\program files (x86)\moh\Support\EA Help\Sv\cd_dvd_issues.htm
c:\program files (x86)\moh\Support\EA Help\Sv\cd_dvd_issues2.htm
c:\program files (x86)\moh\Support\EA Help\Sv\CD_DVD_Troubleshooting.htm
c:\program files (x86)\moh\Support\EA Help\Sv\check.jpg
c:\program files (x86)\moh\Support\EA Help\Sv\Cleaning_your_CD_DVD.htm
c:\program files (x86)\moh\Support\EA Help\Sv\close.gif
c:\program files (x86)\moh\Support\EA Help\Sv\content_h.gif
c:\program files (x86)\moh\Support\EA Help\Sv\content_n.gif
c:\program files (x86)\moh\Support\EA Help\Sv\crash_issues2.htm
c:\program files (x86)\moh\Support\EA Help\Sv\crash_issues3.htm
c:\program files (x86)\moh\Support\EA Help\Sv\crashes.htm
c:\program files (x86)\moh\Support\EA Help\Sv\default.css
c:\program files (x86)\moh\Support\EA Help\Sv\default_ns.css
c:\program files (x86)\moh\Support\EA Help\Sv\directional.gif
c:\program files (x86)\moh\Support\EA Help\Sv\directx.htm
c:\program files (x86)\moh\Support\EA Help\Sv\display_settings.htm
c:\program files (x86)\moh\Support\EA Help\Sv\EA_HELP_SV.htm
c:\program files (x86)\moh\Support\EA Help\Sv\EA_logo(Silver).jpg
c:\program files (x86)\moh\Support\EA Help\Sv\EA_Logo_White.GIF
c:\program files (x86)\moh\Support\EA Help\Sv\Emptying_Temporary_Files.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Ending_background_tasks.htm
c:\program files (x86)\moh\Support\EA Help\Sv\error_message.htm
c:\program files (x86)\moh\Support\EA Help\Sv\gameplay.jpg
c:\program files (x86)\moh\Support\EA Help\Sv\Gameplay_Issues.htm
c:\program files (x86)\moh\Support\EA Help\Sv\glossary_h.gif
c:\program files (x86)\moh\Support\EA Help\Sv\glossary_n.gif
c:\program files (x86)\moh\Support\EA Help\Sv\go.gif
c:\program files (x86)\moh\Support\EA Help\Sv\go.jpg
c:\program files (x86)\moh\Support\EA Help\Sv\Graphic_corruption.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Hard_Drive_space.htm
c:\program files (x86)\moh\Support\EA Help\Sv\index_h.gif
c:\program files (x86)\moh\Support\EA Help\Sv\index_n.gif
c:\program files (x86)\moh\Support\EA Help\Sv\install.jpg
c:\program files (x86)\moh\Support\EA Help\Sv\Installing_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Sv\LEFT HAND INDEX.htm
c:\program files (x86)\moh\Support\EA Help\Sv\leftarrow.gif
c:\program files (x86)\moh\Support\EA Help\Sv\Manually_starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Minimum_requirements.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Monitor.htm
c:\program files (x86)\moh\Support\EA Help\Sv\my_game_fails_to_start.htm
c:\program files (x86)\moh\Support\EA Help\Sv\page.gif
c:\program files (x86)\moh\Support\EA Help\Sv\r01.gif
c:\program files (x86)\moh\Support\EA Help\Sv\r02.gif
c:\program files (x86)\moh\Support\EA Help\Sv\rightarrow.gif
c:\program files (x86)\moh\Support\EA Help\Sv\search_h.gif
c:\program files (x86)\moh\Support\EA Help\Sv\search_n.gif
c:\program files (x86)\moh\Support\EA Help\Sv\searchweb_h.gif
c:\program files (x86)\moh\Support\EA Help\Sv\searchweb_n.gif
c:\program files (x86)\moh\Support\EA Help\Sv\Sound_card.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Starting_the_game.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Starting_the_installation_manually.htm
c:\program files (x86)\moh\Support\EA Help\Sv\startomg.jpg
c:\program files (x86)\moh\Support\EA Help\Sv\Thumbs.db
c:\program files (x86)\moh\Support\EA Help\Sv\TOP BA1.jpg
c:\program files (x86)\moh\Support\EA Help\Sv\TOP BANNER.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Updating_your_sound_driver.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Updating_your_video_driver.htm
c:\program files (x86)\moh\Support\EA Help\Sv\urls.gif
c:\program files (x86)\moh\Support\EA Help\Sv\Video_Card.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Warranty.htm
c:\program files (x86)\moh\Support\EA Help\Sv\Welcome.htm
c:\program files (x86)\moh\Support\EA Help\Thumbs.db
c:\program files (x86)\moh\Support\EAEula\de_eula.rtf
c:\program files (x86)\moh\Support\EAEula\en-uk_eula.rtf
c:\program files (x86)\moh\Support\EAEula\en-us_eula.rtf
c:\program files (x86)\moh\Support\EAEula\es_eula.rtf
c:\program files (x86)\moh\Support\EAEula\eula_de.rtf
c:\program files (x86)\moh\Support\EAEula\eula_en-uk.rtf
c:\program files (x86)\moh\Support\EAEula\eula_en-us.rtf
c:\program files (x86)\moh\Support\EAEula\eula_es.rtf
c:\program files (x86)\moh\Support\EAEula\eula_fr-fr.rtf
c:\program files (x86)\moh\Support\EAEula\eula_it.rtf
c:\program files (x86)\moh\Support\EAEula\eula_ja.rtf
c:\program files (x86)\moh\Support\EAEula\eula_pl.rtf
c:\program files (x86)\moh\Support\EAEula\eula_ru.rtf
c:\program files (x86)\moh\Support\EAEula\fr-fr_eula.rtf
c:\program files (x86)\moh\Support\EAEula\it_eula.rtf
c:\program files (x86)\moh\Support\EAEula\ja_eula.rtf
c:\program files (x86)\moh\Support\EAEula\pl_eula.rtf
c:\program files (x86)\moh\Support\EAEula\ru_eula.rtf
c:\program files (x86)\moh\Support\leeme.txt
c:\program files (x86)\moh\Support\Leggimi.it.txt
c:\program files (x86)\moh\Support\Lisezmoi.txt
c:\program files (x86)\moh\Support\loc\de\GDFBinary.dll
c:\program files (x86)\moh\Support\loc\en-uk\GDFBinary.dll
c:\program files (x86)\moh\Support\loc\en-us\GDFBinary.dll
c:\program files (x86)\moh\Support\loc\es\GDFBinary.dll
c:\program files (x86)\moh\Support\loc\fr-fr\GDFBinary.dll
c:\program files (x86)\moh\Support\loc\it\GDFBinary.dll
c:\program files (x86)\moh\Support\loc\ja\GDFBinary.dll
c:\program files (x86)\moh\Support\loc\pl\GDFBinary.dll
c:\program files (x86)\moh\Support\loc\ru\GDFBinary.dll
c:\program files (x86)\moh\Support\localization.ini
c:\program files (x86)\moh\Support\Medal of Honor MP Beta_code.exe
c:\program files (x86)\moh\Support\Medal of Honor MP Beta_uninst.exe
c:\program files (x86)\moh\Support\Przeczytaj.txt
c:\program files (x86)\moh\Support\readme.de.txt
c:\program files (x86)\moh\Support\readme.en-uk.txt
c:\program files (x86)\moh\Support\readme.ja.txt
c:\program files (x86)\moh\Support\Readme.ru.txt
c:\program files (x86)\moh\Support\readme.txt
c:\users\Tye\322996645_trainerv64
c:\users\Tye\322996645_trainerv64\changes.txt
c:\users\Tye\322996645_trainerv64\readme.doc
c:\users\Tye\322996645_trainerv64\ScriptHook-LICENSE.txt
c:\users\Tye\322996645_trainerv64\ScriptHook.dll - OLD PATCHES
c:\users\Tye\322996645_trainerv64\ScriptHook.dll
c:\users\Tye\322996645_trainerv64\Trainer.asi
c:\users\Tye\322996645_trainerv64\trainer.ini
c:\users\Tye\322996645_trainerv64\Trainertbogt.asi
c:\users\Tye\322996645_trainerv64\trainertbogt.ini
c:\users\Tye\322996645_trainerv64\Trainertlad.asi
c:\users\Tye\322996645_trainerv64\trainertlad.ini
c:\users\Tye\AppData\Local\TempDIR
c:\users\Tye\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 18:35 . 2012-10-08 18:35 -------- d-----w- C:\_OTL
2012-10-08 17:23 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE2FA8EC-CF79-4BA9-9788-EE77DE867CAE}\mpengine.dll
2012-10-08 07:49 . 2012-10-08 07:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-08 07:49 . 2012-10-08 07:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-08 06:06 . 2012-10-08 06:06 -------- d-----w- c:\users\Tye\AppData\Roaming\Malwarebytes
2012-10-08 06:05 . 2012-10-08 06:05 -------- d-----w- c:\programdata\Malwarebytes
2012-10-08 06:05 . 2012-10-08 06:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-08 06:05 . 2012-09-07 23:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-08 05:56 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-08 03:37 . 2012-10-08 03:37 -------- d-----w- c:\program files\HitmanPro
2012-10-08 03:33 . 2012-10-08 03:58 -------- d-----w- c:\programdata\HitmanPro
2012-10-07 02:54 . 2012-10-07 02:54 -------- d-----w- c:\windows\SysWow64\default
2012-10-07 02:54 . 2012-10-07 02:54 -------- d-----w- c:\programdata\Hotspot Shield
2012-10-07 02:48 . 2012-10-07 02:48 -------- d-----w- c:\users\Tye\AppData\Local\{609FE45E-1029-11E2-8271-B8AC6F996F26}
2012-10-05 01:38 . 2012-10-05 01:38 -------- d-----w- c:\users\Tye\AppData\Local\SCE
2012-10-05 01:38 . 2012-10-05 01:38 -------- d-----w- C:\Crash
2012-10-05 01:37 . 2012-10-05 01:37 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-10-04 03:48 . 2012-10-08 02:21 -------- d-----r- c:\users\Tye\MegaCloud
2012-10-04 03:41 . 2012-10-04 03:41 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-10-04 03:40 . 2011-12-19 22:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-10-04 03:40 . 2012-10-04 03:40 -------- d-----w- C:\Perfect World Entertainment
2012-10-04 00:14 . 2012-10-04 00:14 -------- d-----w- c:\program files (x86)\Blacklight
2012-10-03 17:33 . 2012-10-03 17:33 -------- d-----w- c:\programdata\Web Installer
2012-10-03 05:02 . 2012-10-03 05:02 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D92568A-6AB2-4AFC-A749-6BCC7298A2B8}\gapaengine.dll
2012-09-28 02:23 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-11 19:57 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 19:57 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:57 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:57 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:57 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:57 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:57 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 07:49 . 2012-08-20 04:03 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-04 05:57 . 2010-01-17 18:41 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-04 05:57 . 2010-01-17 18:23 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-04 05:39 . 2010-01-17 18:23 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-04 05:39 . 2010-01-17 18:23 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-22 02:08 . 2012-07-29 06:42 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-22 02:08 . 2011-05-18 05:54 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 07:49 . 2011-01-02 06:39 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 04:03 . 2012-08-31 04:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 04:03 . 2010-10-25 04:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 19:14 . 2011-07-30 05:30 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2011-02-23 14:28 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2010-07-10 12:38 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2009-07-13 21:59 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 16:40 . 2012-08-30 16:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-30 16:18 . 2010-07-09 23:27 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2010-07-09 23:27 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2010-07-09 23:27 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2010-07-09 23:27 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2010-07-09 23:27 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-24 21:30 . 2012-08-24 21:30 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2012-07-25 22:49 . 2012-07-25 22:49 42440 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-07-25 22:49 . 2012-07-25 22:49 28104 ----a-w- c:\windows\system32\xfcodec64.dll
2012-07-18 18:15 . 2012-08-15 01:46 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files (x86)\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-07-02 16:18 2215960 ----a-w- c:\program files (x86)\Hotspot_Shield\tbHots.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-05-24 23:41 233288 ----a-w- c:\program files (x86)\Hotspot Shield\hssie\HssIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files (x86)\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2009-08-20 232960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-12-01 271856]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-12-01 218608]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-31 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-10 41704]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-07-13 471408]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-07-10 385392]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 Arctosa;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [2009-08-19 19840]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2007-08-16 688640]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 02:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-18 6440480]
"Skytel"="Skytel.exe" [2008-08-18 1833504]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtD0F0FtCyCtA0D0A0Fzy0B0AtBtB0CtBtN0D0TzutBtDtCtCtDzztCtB&cr=827958695
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-orvcpr - c:\users\Tye\AppData\Roaming\orvcpr.dll
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
AddRemove-BattlEye - c:\program files (x86)\Bohemia Interactive\ArmA IIExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Bohemia Interactive\ArmA IIBattlEye\UnInstallBE.exe
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{8AB8D458-939E-403F-0097-9BA1C1F013D5} - c:\program files (x86)\EA GAMES\The Sims 2\EAUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789600660-107216011-2290983713-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-789600660-107216011-2290983713-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-789600660-107216011-2290983713-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-789600660-107216011-2290983713-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-789600660-107216011-2290983713-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,77,27,03,ba,a8,05,63,2a,2e,a3,48,c3,46,58,3d,2d,58,2f,f8,87,ae,ff,
c9,b0,c0,44,c1,50,93,c7,2f,ec,cc,c4,08,02,bc,dc,e1,5f,03,ff,13,78,1a,01,00,\
"??"=hex:e5,e5,df,33,dd,9f,0d,d3,c0,eb,87,8b,65,d8,6e,09
.
[HKEY_USERS\S-1-5-21-789600660-107216011-2290983713-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,47,5e,31,40,d4,a0,06,8f,21,ed,8a,06,a3,2f,50,fb,24,c2,a2,a6,
9f,8d,06,11,a1,0d,d5,6a,fc,b7,02,4a,6f,97,e4,31,a2,04,31,99,b8,ee,db,7a,ee,\
"rkeysecu"=hex:94,24,8a,05,be,8a,ee,57,8e,06,f6,0e,3b,c4,ac,5d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-10-08 13:58:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-08 19:58
.
Pre-Run: 44,447,252,480 bytes free
Post-Run: 56,380,387,328 bytes free
.
- - End Of File - - FACFD8D5B6177FC5A7ED4D579D8FBC1C

#7
Tye14

Posted 08 October 2012 - 02:11 PM

New Member

Topic Starter
Member
9 posts

Farbar Service Scanner Version: 07-10-2012
Ran by Tye (administrator) on 08-10-2012 at 14:09:25
Running from "C:\Users\Tye\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#8
Essexboy

Posted 08 October 2012 - 03:27 PM

GeekU Moderator

Retired Staff
69,964 posts

OK this may be the final run, on completion could you let me know what problems remain

Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

#9
Tye14

Posted 09 October 2012 - 09:20 AM

New Member

Topic Starter
Member
9 posts

1-

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tye [Admin rights]
Mode : Remove -- Date : 10/09/2012 09:10:29

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] FSS.exe -- C:\Users\Tye\Desktop\FSS.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> REPLACED (Explorer.exe)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] 70244c4accac8f09da95642aa33339e5
[BSP] 7f74d5ea8afb0c76626a81171dd67a8f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 145408 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31602688 | Size: 461508 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

2-

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tye [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/09/2012 09:13:45

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] FSS.exe -- C:\Users\Tye\Desktop\FSS.exe -> KILLED [TermProc]

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 945 / Fail 0
My documents: Success 57 / Fail 57
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 1478 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 448 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#10
Essexboy

Posted 09 October 2012 - 11:02 AM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer running now, any problems ?

#11
Tye14

Posted 09 October 2012 - 12:08 PM

New Member

Topic Starter
Member
9 posts

Seems to have done the trick

I haven't run into anymore problems at all.

#12
Essexboy

Posted 09 October 2012 - 12:19 PM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#13
Tye14

Posted 09 October 2012 - 05:11 PM

New Member

Topic Starter
Member
9 posts

Done and Done! I'll keep my figers crossed that everything will stay fixed in the next 24hrs or so.

Thank you so much for your help and time I really appreciate it all.
:notworthy: