Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System32 Trojan horse Patched_c.LZI [Solved]

Started by mzimm003 , Dec 16 2012 03:25 PM

This topic is locked

#1
mzimm003

Posted 16 December 2012 - 03:25 PM

Member

Member
14 posts

I'm trying to help my brother out, so I don't know all the details. Essentially I know AVG won't stop exclaiming this threat yet seems unable to do anything about it. The computer will also start playing sounds, usually ads, despite there being no windows open. You also have to have the volume at full blast in order to discern what the sound is that it's playing. Access to services like Windows Update are also being denied. I've been trying to remove any anti-virus or computer clean-up program I didn't recognize but none of them were on your 'Index for the Malware removal guides' and they all uninstalled without issue. I also found a file called CouponAlert_2p in Program Files (x86) that seemed to be constantly running some process so I deleted that as well. That's about all I've managed and the AVG Resident Shield Alert is still coming up 'Infection: Trojan horse Patched_c.LZI; File: C:\Windows\System32\services.exe' every couple of minutes. Any help would be greatly appreciated, so thank you in advanced, I look forward to your input. Also here is the OTL report:

OTL logfile created on: 12/16/2012 3:59:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jack\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.50 Gb Available Physical Memory | 58.44% Memory free
12.19 Gb Paging File | 9.15 Gb Available in Paging File | 75.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 180.71 Gb Free Space | 26.42% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.11 Gb Free Space | 55.33% Space Free | Partition Type: NTFS

Computer Name: JACKSROOM | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/16 15:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Downloads\OTL.exe
PRC - [2012/12/16 15:13:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- c:\Users\Jack\Downloads\HijackThis.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/17 15:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/05/23 08:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/04/18 18:25:12 | 000,190,160 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009/10/22 14:22:55 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/04 20:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll

========== Services (SafeList) ==========

SRV:64bit: - [2009/04/30 16:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/01/13 05:33:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/02 02:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2012/12/11 15:50:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/10/13 10:31:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 15:20:09 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/17 15:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/05/23 08:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/14 17:47:38 | 000,103,336 | ---- | M] (stumbleupon.com) [Disabled | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/04/18 18:25:12 | 000,190,160 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/30 17:27:52 | 000,271,856 | ---- | M] (Turbine, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/11/30 17:27:52 | 000,218,608 | ---- | M] (Turbine, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/10/22 14:22:55 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/23 21:29:22 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 15:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/04/30 15:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/16 08:00:32 | 010,275,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/13 07:39:42 | 000,188,416 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/13 06:41:32 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/02 02:11:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/07/02 02:11:32 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/07/02 02:11:28 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/07/02 02:11:28 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/07/02 02:11:28 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 21:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/08/15 21:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/11/01 13:42:42 | 000,037,888 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV - [2010/06/30 21:07:22 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys -- (X4HSX32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
IE - HKLM\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {82A412CC-9087-44C8-A48C-6154C0FDD70C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.gobrs.com...=t&rls=6df7hrvA
IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000022753cdd0e
IE - HKCU\..\SearchScopes\{634CDA6C-0B15-4569-B961-9E440CD00CB7}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{6CA1356A-29D0-4C68-88A7-1F222A04DB00}: "URL" = http://search.condui...&ctid=CT3106777
IE - HKCU\..\SearchScopes\{82A412CC-9087-44C8-A48C-6154C0FDD70C}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{9C88EFA5-FEA2-4D26-AFCF-7A6EF9B809B2}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledAddons: 2pffxtbr@CouponAlert_2p.com:1.2
FF - prefs.js..extensions.enabledAddons: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.16.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: 2pffxtbr@CouponAlert_2p.com:1.2
FF - prefs.js..extensions.enabledItems: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.gobrs.com...ls=6df7hrvA&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jack\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jack\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jack\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/29 16:46:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 10:31:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 10:31:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 10:31:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 10:31:22 | 000,000,000 | ---D | M]

[2009/10/08 21:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2012/11/21 19:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions
[2012/08/18 20:09:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/11/21 19:22:02 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
[2011/11/23 19:01:43 | 000,000,000 | ---D | M] (CouponAlert) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions\2pffxtbr@CouponAlert_2p.com
[2012/09/26 17:10:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/20 16:43:28 | 000,000,921 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\searchplugins\conduit.xml
[2010/08/24 14:31:48 | 000,002,197 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\searchplugins\google-search.xml
[2012/10/13 10:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/13 10:31:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/13 10:31:20 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/10/13 10:31:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/07 13:35:22 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 10:31:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/?ilc=1
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.yahoo.com/?ilc=1
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Jack\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: American Flag Theme = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\cffpancacefppcpmpemfldeoojnppnha\2.4_0\
CHR - Extension: Google Search = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.51_0\
CHR - Extension: Skype Click to Call = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AVG Do Not Track = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll File not found
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Coupon Alert) - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Google Update] "C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemreq...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.game...apWebPlayer.cab (GameTap Player)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://archives.game...pWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3771354A-C8F1-4A08-9F7E-9CFBF38B5A9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60CF1F15-65C6-4944-9D71-9832331E3812}: DhcpNameServer = 192.168.0.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8235ED8B-EA9A-4A7B-B684-39BE8B18CD09}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B94D93D1-C663-4469-B4FA-9194D81A996B}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCD98F38-4B08-4F94-B1C9-CB8A0481EE01}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7b617281-f038-11de-9680-0024e8157073}\Shell - "" = AutoRun
O33 - MountPoints2\{7b617281-f038-11de-9680-0024e8157073}\Shell\AutoRun\command - "" = J:\LaunchBF.exe
O33 - MountPoints2\{e1698824-85f6-11de-bf15-0024e8157073}\Shell\AutoRun\command - "" = LinksysConnectPC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/15 01:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/12/15 01:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/11/19 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\Jack\jagexcache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/16 15:50:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/16 15:46:59 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113188925-1915786001-2252342238-1001UA.job
[2012/12/16 15:38:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 15:38:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 15:37:36 | 000,802,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/16 15:37:36 | 000,672,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/16 15:37:36 | 000,131,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/16 15:32:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/16 15:30:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/16 15:30:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/12/16 15:26:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113188925-1915786001-2252342238-1000UA.job
[2012/12/16 15:17:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/16 13:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113188925-1915786001-2252342238-1001Core.job
[2012/12/16 12:10:02 | 103,191,877 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/12/15 23:25:59 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113188925-1915786001-2252342238-1000Core.job
[2012/12/11 17:13:14 | 000,207,354 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/12/10 22:43:25 | 004,900,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/25 21:01:09 | 000,000,024 | ---- | M] () -- C:\Users\Jack\random.dat
[2012/11/25 20:38:20 | 000,000,032 | ---- | M] () -- C:\Users\Jack\jagex_cl_runescape_LIVE.dat
[2012/11/21 19:21:16 | 000,000,045 | ---- | M] () -- C:\Users\Jack\jagex_cl_loginapplet_LIVE.dat
[2012/11/20 17:46:46 | 000,000,117 | ---- | M] () -- C:\Users\Jack\jagex_runescape_preferences2.dat
[2012/11/20 17:46:12 | 000,000,044 | ---- | M] () -- C:\Users\Jack\jagex_cl_runescape_LIVE1.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/19 19:56:18 | 000,000,045 | ---- | C] () -- C:\Users\Jack\jagex_cl_loginapplet_LIVE.dat
[2012/11/19 19:56:18 | 000,000,024 | ---- | C] () -- C:\Users\Jack\random.dat
[2012/11/04 21:57:49 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/17 17:35:33 | 000,000,044 | ---- | C] () -- C:\Users\Jack\jagex_cl_runescape_LIVE1.dat
[2012/10/07 13:35:58 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/18 20:08:24 | 000,000,032 | ---- | C] () -- C:\Users\Jack\jagex_cl_runescape_LIVE.dat
[2012/01/28 09:05:50 | 000,000,000 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\wklnhst.dat
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/26 16:15:02 | 000,400,531 | ---- | C] () -- C:\Users\Jack\Forest Frontiers.SV4
[2011/05/31 01:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 01:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/03/21 20:05:46 | 000,011,052 | -HS- | C] () -- C:\Users\Jack\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 20:05:46 | 000,011,052 | -HS- | C] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/05 21:54:55 | 000,000,117 | ---- | C] () -- C:\Users\Jack\jagex_runescape_preferences2.dat
[2011/03/05 21:54:23 | 000,000,034 | ---- | C] () -- C:\Users\Jack\jagex_runescape_preferences.dat
[2009/09/21 16:21:46 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/08/16 23:49:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/16 23:49:33 | 000,005,216 | ---- | C] () -- C:\Users\Jack\AppData\Local\d3d9caps.dat
[2009/08/14 18:55:00 | 000,010,240 | ---- | C] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/11/18 15:55:05 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@
[2011/11/18 15:55:05 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L
[2012/11/08 15:55:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U
[2012/11/08 15:55:20 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\00000001.@
[2012/10/27 22:45:23 | 000,014,848 | ---- | M] () -- C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\80000000.@
[2012/09/23 02:46:23 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\800000cb.@
[2012/08/29 23:54:18 | 000,002,048 | -HS- | M] () -- C:\Users\Jack\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\@
[2011/11/18 15:55:05 | 000,000,000 | -HSD | M] -- C:\Users\Jack\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\L
[2012/08/29 16:10:51 | 000,000,000 | -HSD | M] -- C:\Users\Jack\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U
[2012/08/29 16:10:46 | 000,001,712 | ---- | M] () -- C:\Users\Jack\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\00000001.@
[2012/08/29 16:10:47 | 000,016,896 | ---- | M] () -- C:\Users\Jack\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\80000000.@
[2012/08/29 16:10:51 | 000,023,552 | ---- | M] () -- C:\Users\Jack\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\U\800000cb.@
[2004/09/29 11:41:58 | 000,037,464 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\AccessoryProperties.u
[2004/09/20 15:24:52 | 000,006,519 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\AnimPropProperties.u
[2004/10/25 14:57:38 | 000,041,872 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\AudioEnv.u
[2004/11/01 17:38:32 | 001,454,922 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\CTEffects.u
[2004/09/21 01:11:00 | 000,005,914 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\DeathProperties.u
[2004/09/23 20:20:34 | 000,010,048 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\FootstepProps.u
[2004/11/01 14:14:04 | 000,039,228 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\KarmaPropProperties.u
[2003/12/11 23:11:46 | 000,000,757 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\LightObjectProperties.u
[2004/10/11 06:44:20 | 000,022,449 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\MarkerProperties.u
[2004/05/17 15:15:10 | 000,001,015 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\MoverProperties.u
[2004/09/30 22:35:22 | 000,012,471 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\PhysicalMaterials.u
[2004/11/02 15:12:46 | 000,183,156 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\Properties.u
[2003/07/24 12:23:30 | 000,056,457 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\Reverb.u
[2004/10/11 13:37:00 | 000,011,163 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\StaticPropProperties.u
[2004/08/03 08:41:06 | 000,002,342 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\VoicePacks.u
[2005/01/25 18:13:12 | 000,061,136 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\Core.u
[2005/01/25 18:13:36 | 000,030,732 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTAudio.u
[2005/01/25 18:14:24 | 000,167,452 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTCharacters.u
[2005/01/25 18:13:44 | 000,383,873 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTGame.u
[2005/01/25 18:14:16 | 000,265,908 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTInventory.u
[2005/01/25 18:14:26 | 000,055,841 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTMarkers.u
[2005/01/25 18:13:22 | 000,281,936 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\Editor.u
[2005/01/25 18:13:22 | 002,241,853 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\Engine.u
[2005/01/25 18:13:36 | 000,181,571 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\GamePlay.u
[2005/01/25 18:13:26 | 000,045,806 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\IpDrv.u
[2005/01/25 18:14:08 | 000,439,514 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\MPGame.u
[2005/01/25 18:13:30 | 000,405,948 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\UDebugMenu.u
[2005/01/25 18:13:26 | 000,012,881 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\UnrealEd.u
[2005/01/25 18:13:26 | 000,645,460 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\UWindow.u
[2005/01/25 18:14:32 | 000,014,700 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XGame.u
[2005/01/25 18:14:40 | 000,154,639 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterface.u
[2005/01/25 18:14:48 | 000,369,338 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceCommon.u
[2005/01/25 18:15:02 | 000,773,162 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceCTMenus.u
[2005/01/25 18:15:02 | 000,110,572 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceGamespy.u
[2005/01/25 18:14:50 | 000,396,168 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceLive.u
[2005/01/25 18:14:58 | 000,109,165 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceMP.u
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Jack\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/21 19:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\.minecraft
[2012/04/29 16:41:21 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\.minecraft - Copy
[2010/10/10 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\.minecraft server
[2012/06/24 17:32:46 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\.techniclauncher
[2012/09/22 11:26:47 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\AVG
[2012/08/29 16:47:42 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\AVG2012
[2012/10/07 13:34:33 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Babylon
[2011/04/11 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\com.w3i.FlipToast
[2009/10/02 14:51:00 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/06/08 21:09:07 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\DAEMON Tools Lite
[2012/08/29 15:37:49 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\LolClient
[2012/04/29 17:05:26 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\minecraft mods
[2012/03/26 16:45:27 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\MTE
[2011/03/07 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\My Battle for Middle-earth™ II Files
[2012/07/07 21:22:11 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2012/11/04 21:50:51 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\PCCUStubInstaller
[2010/07/25 15:33:02 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\SPORE
[2012/02/16 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Spotify
[2012/01/28 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Template
[2012/06/10 20:08:20 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\uTorrent
[2011/09/24 21:26:47 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\WallpaperSS
[2010/08/31 16:21:55 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

#2
Essexboy

Posted 16 December 2012 - 03:56 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there, there is a lot to remove here. One of the infections is zero access which has password stealing capabilities

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {82A412CC-9087-44C8-A48C-6154C0FDD70C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.gobrs.com...=t&rls=6df7hrvA
IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000022753cdd0e
IE - HKCU\..\SearchScopes\{634CDA6C-0B15-4569-B961-9E440CD00CB7}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{6CA1356A-29D0-4C68-88A7-1F222A04DB00}: "URL" = http://search.condui...&ctid=CT3106777
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..extensions.enabledAddons: 2pffxtbr@CouponAlert_2p.com:1.2
FF - prefs.js..extensions.enabledAddons: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.16.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.15
FF - prefs.js..extensions.enabledItems: 2pffxtbr@CouponAlert_2p.com:1.2
FF - prefs.js..extensions.enabledItems: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=2&q="
FF - user.js..keyword.URL: "http://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=6df7hrvA&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
[2012/11/21 19:22:02 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
[2011/11/23 19:01:43 | 000,000,000 | ---D | M] (CouponAlert) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions\2pffxtbr@CouponAlert_2p.com
[2011/11/20 16:43:28 | 000,000,921 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\searchplugins\conduit.xml
[2012/10/13 10:31:20 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/10/07 13:35:22 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll File not found
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll File not found
O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Coupon Alert) - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files (x86)\WinZipBar\prxtbWin3.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa3.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe File not found

:Files
C:\Windows\Installer\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}
C:\Users\Jack\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}
C:\Program Files (x86)\WinZipBar
C:\Program Files (x86)\Swag_Bucks
C:\Program Files (x86)\CouponAlert_2p
C:\PROGRA~2\COUPON~2

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FOLLOWED BY

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

AND FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#3
mzimm003

Posted 16 December 2012 - 04:26 PM

Member

Topic Starter
Member
14 posts

Thank you for the prompt, and comprehensive response. Unfortunately while OTL is running the fix it stops working and forces me to close it. I've tried it twice and it seems to happen in the middle of [emptytemp]. Any ideas?

edit:
The temp file in appdata is empty, can I just run,

:Commands
[CREATERESTOREPOINT]
[Reboot]

and continue from there, or could that cause problems?

Edited by mzimm003, 16 December 2012 - 04:42 PM.

#4
Essexboy

Posted 17 December 2012 - 08:15 AM

GeekU Moderator

Retired Staff
69,964 posts

No continue on please, it is MBAM stopping it .. I will revisit after the combofix run

#5
mzimm003

Posted 17 December 2012 - 11:04 AM

Member

Topic Starter
Member
14 posts

I've completed everything, and the only other problem I ran into was ComboFix didn't produce a log. It seemed to exit correctly, no force quit, or stall, I did have to manually restart, but otherwise I think it completed it's doings. I ran AVG and it's detecting no threats, and Windows was able to update for the first time since June. So, thank you very much for that. Below are the other logs as per your request, and if you want me to re-scan with OTL in lieu of the ComboFix log I'd be happy to. You've been a great help, I just want to make sure the computer is really clean, and that it stays that way.

OTL:

OTL logfile created on: 12/17/2012 12:51:06 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Jack\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 13.72% Memory free
12.17 Gb Paging File | 9.60 Gb Available in Paging File | 78.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 196.24 Gb Free Space | 28.69% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.11 Gb Free Space | 55.33% Space Free | Partition Type: NTFS

Computer Name: JACKSROOM | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/16 15:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Jack\Downloads\OTL.exe
PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/17 15:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/05/23 08:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/04/18 18:25:12 | 000,190,160 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009/10/22 14:22:55 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll

========== Services (SafeList) ==========

SRV:64bit: - [2009/04/30 16:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/01/13 05:33:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/02 02:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2012/12/11 15:50:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/10/13 10:31:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 15:20:09 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/17 15:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/05/23 08:11:32 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/04/14 17:47:38 | 000,103,336 | ---- | M] (stumbleupon.com) [Disabled | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/04/18 18:25:12 | 000,190,160 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/30 17:27:52 | 000,271,856 | ---- | M] (Turbine, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/11/30 17:27:52 | 000,218,608 | ---- | M] (Turbine, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/10/22 14:22:55 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/23 21:29:22 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 15:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/04/30 15:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/16 08:00:32 | 010,275,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/13 07:39:42 | 000,188,416 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/13 06:41:32 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/02 02:11:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/07/02 02:11:32 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/07/02 02:11:28 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/07/02 02:11:28 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/07/02 02:11:28 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 21:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/08/15 21:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/11/01 13:42:42 | 000,037,888 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV - [2010/06/30 21:07:22 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys -- (X4HSX32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{82A412CC-9087-44C8-A48C-6154C0FDD70C}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{9C88EFA5-FEA2-4D26-AFCF-7A6EF9B809B2}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jack\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jack\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jack\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/29 16:46:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 10:31:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 10:31:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 10:31:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 10:31:22 | 000,000,000 | ---D | M]

[2009/10/08 21:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2012/12/16 17:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions
[2012/08/18 20:09:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/09/26 17:10:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/08/24 14:31:48 | 000,002,197 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\searchplugins\google-search.xml
[2012/12/16 17:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/13 10:31:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\JACK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJWC3DTS.DEFAULT\EXTENSIONS\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}
File not found (No name found) -- C:\USERS\JACK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJWC3DTS.DEFAULT\EXTENSIONS\2PFFXTBR@COUPONALERT_2P.COM
[2012/10/13 10:31:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 10:31:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/?ilc=1
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.yahoo.com/?ilc=1
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Jack\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: American Flag Theme = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\cffpancacefppcpmpemfldeoojnppnha\2.4_0\
CHR - Extension: Google Search = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.51_0\
CHR - Extension: Skype Click to Call = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AVG Do Not Track = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/16 20:34:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Google Update] "C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemreq...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.game...apWebPlayer.cab (GameTap Player)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://archives.game...pWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3771354A-C8F1-4A08-9F7E-9CFBF38B5A9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60CF1F15-65C6-4944-9D71-9832331E3812}: DhcpNameServer = 192.168.0.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8235ED8B-EA9A-4A7B-B684-39BE8B18CD09}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B94D93D1-C663-4469-B4FA-9194D81A996B}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCD98F38-4B08-4F94-B1C9-CB8A0481EE01}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7b617281-f038-11de-9680-0024e8157073}\Shell - "" = AutoRun
O33 - MountPoints2\{7b617281-f038-11de-9680-0024e8157073}\Shell\AutoRun\command - "" = J:\LaunchBF.exe
O33 - MountPoints2\{e1698824-85f6-11de-bf15-0024e8157073}\Shell\AutoRun\command - "" = LinksysConnectPC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/16 17:35:42 | 000,000,000 | ---D | C] -- C:\Users\Jack\Desk
[2012/12/16 16:59:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/15 01:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/12/15 01:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/11/19 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\Jack\jagexcache

========== Files - Modified Within 30 Days ==========

[2012/12/17 00:50:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/17 00:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113188925-1915786001-2252342238-1001UA.job
[2012/12/17 00:26:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113188925-1915786001-2252342238-1000UA.job
[2012/12/17 00:17:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/17 00:10:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 00:10:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 23:26:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113188925-1915786001-2252342238-1000Core.job
[2012/12/16 18:17:01 | 000,802,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/16 18:17:01 | 000,672,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/16 18:17:01 | 000,131,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/16 18:10:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/16 18:10:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/16 18:10:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/12/16 13:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113188925-1915786001-2252342238-1001Core.job
[2012/12/16 12:10:02 | 103,191,877 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/12/11 17:13:14 | 000,207,354 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/12/10 22:43:25 | 004,900,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/25 21:01:09 | 000,000,024 | ---- | M] () -- C:\Users\Jack\random.dat
[2012/11/25 20:38:20 | 000,000,032 | ---- | M] () -- C:\Users\Jack\jagex_cl_runescape_LIVE.dat
[2012/11/21 19:21:16 | 000,000,045 | ---- | M] () -- C:\Users\Jack\jagex_cl_loginapplet_LIVE.dat
[2012/11/20 17:46:46 | 000,000,117 | ---- | M] () -- C:\Users\Jack\jagex_runescape_preferences2.dat
[2012/11/20 17:46:12 | 000,000,044 | ---- | M] () -- C:\Users\Jack\jagex_cl_runescape_LIVE1.dat

========== Files Created - No Company Name ==========

[2012/11/19 19:56:18 | 000,000,045 | ---- | C] () -- C:\Users\Jack\jagex_cl_loginapplet_LIVE.dat
[2012/11/19 19:56:18 | 000,000,024 | ---- | C] () -- C:\Users\Jack\random.dat
[2012/11/04 21:57:49 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/17 17:35:33 | 000,000,044 | ---- | C] () -- C:\Users\Jack\jagex_cl_runescape_LIVE1.dat
[2012/10/07 13:35:58 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/18 20:08:24 | 000,000,032 | ---- | C] () -- C:\Users\Jack\jagex_cl_runescape_LIVE.dat
[2012/01/28 09:05:50 | 000,000,000 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\wklnhst.dat
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/26 16:15:02 | 000,400,531 | ---- | C] () -- C:\Users\Jack\Forest Frontiers.SV4
[2011/05/31 01:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 01:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/03/21 20:05:46 | 000,011,052 | -HS- | C] () -- C:\Users\Jack\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 20:05:46 | 000,011,052 | -HS- | C] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/05 21:54:55 | 000,000,117 | ---- | C] () -- C:\Users\Jack\jagex_runescape_preferences2.dat
[2011/03/05 21:54:23 | 000,000,034 | ---- | C] () -- C:\Users\Jack\jagex_runescape_preferences.dat
[2009/09/21 16:21:46 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/08/16 23:49:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/16 23:49:33 | 000,005,216 | ---- | C] () -- C:\Users\Jack\AppData\Local\d3d9caps.dat
[2009/08/14 18:55:00 | 000,010,240 | ---- | C] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/09/29 11:41:58 | 000,037,464 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\AccessoryProperties.u
[2004/09/20 15:24:52 | 000,006,519 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\AnimPropProperties.u
[2004/10/25 14:57:38 | 000,041,872 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\AudioEnv.u
[2004/11/01 17:38:32 | 001,454,922 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\CTEffects.u
[2004/09/21 01:11:00 | 000,005,914 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\DeathProperties.u
[2004/09/23 20:20:34 | 000,010,048 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\FootstepProps.u
[2004/11/01 14:14:04 | 000,039,228 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\KarmaPropProperties.u
[2003/12/11 23:11:46 | 000,000,757 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\LightObjectProperties.u
[2004/10/11 06:44:20 | 000,022,449 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\MarkerProperties.u
[2004/05/17 15:15:10 | 000,001,015 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\MoverProperties.u
[2004/09/30 22:35:22 | 000,012,471 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\PhysicalMaterials.u
[2004/11/02 15:12:46 | 000,183,156 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\Properties.u
[2003/07/24 12:23:30 | 000,056,457 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\Reverb.u
[2004/10/11 13:37:00 | 000,011,163 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\StaticPropProperties.u
[2004/08/03 08:41:06 | 000,002,342 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\Properties\VoicePacks.u
[2005/01/25 18:13:12 | 000,061,136 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\Core.u
[2005/01/25 18:13:36 | 000,030,732 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTAudio.u
[2005/01/25 18:14:24 | 000,167,452 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTCharacters.u
[2005/01/25 18:13:44 | 000,383,873 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTGame.u
[2005/01/25 18:14:16 | 000,265,908 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTInventory.u
[2005/01/25 18:14:26 | 000,055,841 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\CTMarkers.u
[2005/01/25 18:13:22 | 000,281,936 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\Editor.u
[2005/01/25 18:13:22 | 002,241,853 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\Engine.u
[2005/01/25 18:13:36 | 000,181,571 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\GamePlay.u
[2005/01/25 18:13:26 | 000,045,806 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\IpDrv.u
[2005/01/25 18:14:08 | 000,439,514 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\MPGame.u
[2005/01/25 18:13:30 | 000,405,948 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\UDebugMenu.u
[2005/01/25 18:13:26 | 000,012,881 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\UnrealEd.u
[2005/01/25 18:13:26 | 000,645,460 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\UWindow.u
[2005/01/25 18:14:32 | 000,014,700 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XGame.u
[2005/01/25 18:14:40 | 000,154,639 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterface.u
[2005/01/25 18:14:48 | 000,369,338 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceCommon.u
[2005/01/25 18:15:02 | 000,773,162 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceCTMenus.u
[2005/01/25 18:15:02 | 000,110,572 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceGamespy.u
[2005/01/25 18:14:50 | 000,396,168 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceLive.u
[2005/01/25 18:14:58 | 000,109,165 | ---- | M] () -- C:\Users\Luke\Documents\Playstation\S.W Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\XInterfaceMP.u
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Jack\AppData\Local\{5cbbb43c-55e9-d992-a3af-aff90a8bd5c8}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/21 19:16:56 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\.minecraft
[2012/04/29 16:41:21 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\.minecraft - Copy
[2010/10/10 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\.minecraft server
[2012/06/24 17:32:46 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\.techniclauncher
[2012/09/22 11:26:47 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\AVG
[2012/08/29 16:47:42 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\AVG2012
[2012/10/07 13:34:33 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Babylon
[2011/04/11 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\com.w3i.FlipToast
[2009/10/02 14:51:00 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/06/08 21:09:07 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\DAEMON Tools Lite
[2012/08/29 15:37:49 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\LolClient
[2012/04/29 17:05:26 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\minecraft mods
[2012/03/26 16:45:27 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\MTE
[2011/03/07 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\My Battle for Middle-earth™ II Files
[2012/07/07 21:22:11 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2012/11/04 21:50:51 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\PCCUStubInstaller
[2010/07/25 15:33:02 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\SPORE
[2012/02/16 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Spotify
[2012/01/28 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Template
[2012/06/10 20:08:20 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\uTorrent
[2011/09/24 21:26:47 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\WallpaperSS
[2010/08/31 16:21:55 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

AdwCleaner:

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 01:07:52
# Updated 16/12/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Jack - JACKSROOM
# Boot Mode : Normal
# Running from : C:\Users\Jack\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : CouponAlert_2pService

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\GameTap Web Player
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\GameTap Web Player
Deleted on reboot : C:\Users\Jack\AppData\Local\Conduit
Deleted on reboot : C:\Users\Jack\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Jack\AppData\LocalLow\CouponAlert_2p
Deleted on reboot : C:\Users\Jack\AppData\LocalLow\Hotbar
Deleted on reboot : C:\Users\Jack\AppData\LocalLow\Swag_Bucks
Deleted on reboot : C:\Users\Jack\AppData\LocalLow\WinZipBar
Deleted on reboot : C:\Users\Jack\AppData\Roaming\Babylon
Deleted on reboot : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\ConduitCommon
Deleted on reboot : C:\Users\Luke\AppData\LocalLow\CouponAlert_2p
Deleted on reboot : C:\Users\Luke\AppData\LocalLow\Swag_Bucks
Deleted on reboot : C:\Users\Luke\AppData\LocalLow\WinZipBar
Deleted on reboot : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\r42q3eya.default\extensions\2pffxtbr@CouponAlert_2p.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKCU\Software\AppDataLow\Software\WinZipBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CouponAlert_2pbar Uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Swag_Bucks Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZipBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ToolbarPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ToolbarPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{20BCCE5A-C687-46FF-8DD2-AD8235F5F2B4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3276E8A8-A233-449B-A7EB-FCEE21246018}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{60FC9013-4A5A-4306-9695-FCE0A6617F22}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7924FD2B-877C-4395-A063-A88AB887EA6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79583DE9-D0C2-44EF-AE0D-CBFA16C2A785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8542E415-0E53-4261-8BE4-0D1598229D90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A4116F8C-A634-4536-B9EF-6B9EBCC5BAE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7CE22AF-CCB3-423F-84D5-4D77152181F3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EBAF2B4F-510A-47C7-86BA-E7D94D1162F6}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\CouponAlert_2p
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9280CAA3-237E-468E-A41C-43EADB5FF61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin
Key Deleted : HKLM\Software\Swag_Bucks
Key Deleted : HKLM\Software\WinZipBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1948934A-1C68-4B2B-9A1F-D12E2A062A1A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9280CAA3-237E-468E-A41C-43EADB5FF61A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1329D885-3343-491D-9C61-A8207DD2C7AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19E90560-7169-11DE-B24A-0002A5D5C51B}}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42C52A1E-2FB8-453F-9B6C-384C501DC5AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A69F0C87-E110-4439-A96C-51FAA2593A48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF0BEF62-107F-409C-8095-99C1AE00F485}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\r42q3eya.default\prefs.js

C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\r42q3eya.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default
File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\kjwc3dts.default\prefs.js

Deleted : user_pref("CT3106777..clientLogIsEnabled", false);
Deleted : user_pref("CT3106777..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3106777..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3106777.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3106777.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3106777.AppTrackingLastCheckTime", "Sun Dec 11 2011 01:16:07 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT3106777.CTID", "CT3106777");
Deleted : user_pref("CT3106777.CurrentServerDate", "26-11-2012");
Deleted : user_pref("CT3106777.DSInstall", true);
Deleted : user_pref("CT3106777.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3106777.DialogsGetterLastCheckTime", "Sun Nov 25 2012 18:20:01 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT3106777.DownloadReferralCookieData", "");
Deleted : user_pref("CT3106777.EMailNotifierPollDate", "Sun Dec 11 2011 01:20:56 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT3106777.FirstServerDate", "11-12-2011");
Deleted : user_pref("CT3106777.FirstTime", true);
Deleted : user_pref("CT3106777.FirstTimeFF3", true);
Deleted : user_pref("CT3106777.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3106777.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3106777.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3106777.HPInstall", true);
Deleted : user_pref("CT3106777.HasUserGlobalKeys", true);
Deleted : user_pref("CT3106777.HomePageProtectorEnabled", true);
Deleted : user_pref("CT3106777.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=[...]
Deleted : user_pref("CT3106777.Initialize", true);
Deleted : user_pref("CT3106777.InitializeCommonPrefs", true);
Deleted : user_pref("CT3106777.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3106777.InstallationId", "ConduitStubGeneric");
Deleted : user_pref("CT3106777.InstallationType", "ConduitStubIntegration");
Deleted : user_pref("CT3106777.InstalledDate", "Sun Dec 11 2011 01:15:54 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT3106777.IsGrouping", false);
Deleted : user_pref("CT3106777.IsInitSetupIni", true);
Deleted : user_pref("CT3106777.IsMulticommunity", false);
Deleted : user_pref("CT3106777.IsOpenThankYouPage", false);
Deleted : user_pref("CT3106777.IsOpenUninstallPage", false);
Deleted : user_pref("CT3106777.IsProtectorsInit", true);
Deleted : user_pref("CT3106777.LanguagePackLastCheckTime", "Sun Nov 25 2012 18:20:01 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT3106777.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3106777.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3106777.LastLogin_3.15.1.0", "Mon Nov 19 2012 18:25:42 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT3106777.LastLogin_3.16.0.3", "Sun Nov 25 2012 18:20:00 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT3106777.LastLogin_3.8.1.0", "Sun Dec 11 2011 01:15:56 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT3106777.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT3106777.Locale", "en");
Deleted : user_pref("CT3106777.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3106777.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3106777.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3106777.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3106777.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT3106777.SavedHomepage", "hxxp://www.yahoo.com/");
Deleted : user_pref("CT3106777.SearchCaption", "WinZipBar Customized Web Search");
Deleted : user_pref("CT3106777.SearchEngineBeforeUnload", "WinZipBar Customized Web Search");
Deleted : user_pref("CT3106777.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3106777.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT310[...]
Deleted : user_pref("CT3106777.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3106777.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3106777.SearchInNewTabLastCheckTime", "Sun Nov 25 2012 18:20:01 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT3106777.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3106777.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3106777.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT3106777.SearchProtectorEnabled", true);
Deleted : user_pref("CT3106777.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3106777.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3106777.ServiceMapLastCheckTime", "Sun Nov 25 2012 18:19:58 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT3106777.SettingsLastCheckTime", "Sun Nov 25 2012 18:19:56 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT3106777.SettingsLastUpdate", "1352142344");
Deleted : user_pref("CT3106777.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");
Deleted : user_pref("CT3106777.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3106777.ThirdPartyComponentsLastCheck", "Sun Dec 11 2011 01:15:52 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT3106777.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3106777.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3106777.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3106777");
Deleted : user_pref("CT3106777.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3106777.UserID", "UN85692931119243558");
Deleted : user_pref("CT3106777.alertChannelId", "1500748");
Deleted : user_pref("CT3106777.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3106777.globalFirstTimeInfoLastCheckTime", "Sun Dec 11 2011 01:15:52 GMT-0500 (Eastern [...]
Deleted : user_pref("CT3106777.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3106777.initDone", true);
Deleted : user_pref("CT3106777.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3106777.myStuffEnabled", true);
Deleted : user_pref("CT3106777.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3106777.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3106777.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3106777.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3106777.revertSettingsEnabled", false);
Deleted : user_pref("CT3106777.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3106777.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3106777.testingCtid", "");
Deleted : user_pref("CT3106777.toolbarAppMetaDataLastCheckTime", "Sun Nov 25 2012 18:20:01 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT3106777.toolbarContextMenuLastCheckTime", "Sun Dec 11 2011 01:15:56 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT3106777.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3106777&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "WinZipBar Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500748/1496227/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5cd[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jack\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.gobrs.com/search/?ie=UTF-8&oe[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3106777");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3106777");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3106777");
Deleted : user_pref("CommunityToolbar.globalUserId", "ae2de407-593c-4e50-ab39-cfdaf3591fb3");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106777");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Dec 11 2011 01:15:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Dec 11 2011 01:16:06 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Dec 11 2011 01:15:54 GMT-0500 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "205784db-52a7-4e6a-adb6-c43f0adc01ed");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search");
Deleted : user_pref("playsushi.position.button", true);

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [27184 octets] - [17/12/2012 01:07:52]

########## EOF - C:\AdwCleaner[S2].txt - [27245 octets] ##########

TDSS:

01:15:41.0745 4364 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:15:42.0306 4364 ============================================================
01:15:42.0306 4364 Current date / time: 2012/12/17 01:15:42.0306
01:15:42.0306 4364 SystemInfo:
01:15:42.0306 4364
01:15:42.0306 4364 OS Version: 6.0.6002 ServicePack: 2.0
01:15:42.0306 4364 Product type: Workstation
01:15:42.0306 4364 ComputerName: JACKSROOM
01:15:42.0306 4364 UserName: Jack
01:15:42.0306 4364 Windows directory: C:\Windows
01:15:42.0306 4364 System windows directory: C:\Windows
01:15:42.0306 4364 Running under WOW64
01:15:42.0306 4364 Processor architecture: Intel x64
01:15:42.0306 4364 Number of processors: 2
01:15:42.0306 4364 Page size: 0x1000
01:15:42.0306 4364 Boot type: Normal boot
01:15:42.0306 4364 ============================================================
01:15:44.0007 4364 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:15:44.0022 4364 ============================================================
01:15:44.0022 4364 \Device\Harddisk0\DR0:
01:15:44.0022 4364 MBR partitions:
01:15:44.0022 4364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
01:15:44.0022 4364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x557E5EF0
01:15:44.0022 4364 ============================================================
01:15:44.0085 4364 C: <-> \Device\Harddisk0\DR0\Partition2
01:15:44.0116 4364 D: <-> \Device\Harddisk0\DR0\Partition1
01:15:44.0116 4364 ============================================================
01:15:44.0116 4364 Initialize success
01:15:44.0116 4364 ============================================================
01:16:04.0265 3196 ============================================================
01:16:04.0265 3196 Scan started
01:16:04.0265 3196 Mode: Manual; SigCheck; TDLFS;
01:16:04.0265 3196 ============================================================
01:16:08.0257 3196 ================ Scan system memory ========================
01:16:08.0257 3196 System memory - ok
01:16:08.0257 3196 ================ Scan services =============================
01:16:08.0890 3196 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
01:16:08.0971 3196 ACPI - ok
01:16:09.0496 3196 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:16:09.0559 3196 AdobeFlashPlayerUpdateSvc - ok
01:16:09.0793 3196 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:16:09.0808 3196 adp94xx - ok
01:16:09.0824 3196 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:16:09.0855 3196 adpahci - ok
01:16:09.0871 3196 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
01:16:09.0886 3196 adpu160m - ok
01:16:09.0933 3196 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:16:09.0949 3196 adpu320 - ok
01:16:10.0011 3196 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:16:10.0074 3196 AeLookupSvc - ok
01:16:10.0198 3196 [ 7394641611EF3AB2D041F104F1E8C1B9 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
01:16:10.0448 3196 AERTFilters - ok
01:16:10.0573 3196 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
01:16:10.0635 3196 AFD - ok
01:16:10.0682 3196 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:16:10.0698 3196 agp440 - ok
01:16:10.0713 3196 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
01:16:10.0729 3196 aic78xx - ok
01:16:10.0760 3196 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
01:16:10.0791 3196 ALG - ok
01:16:10.0807 3196 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
01:16:10.0822 3196 aliide - ok
01:16:10.0838 3196 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
01:16:10.0838 3196 amdide - ok
01:16:10.0854 3196 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:16:10.0932 3196 AmdK8 - ok
01:16:11.0010 3196 [ 3402C8C41655BC78615716AA5C515C44 ] AmdLLD64 C:\Windows\system32\DRIVERS\AmdLLD64.sys
01:16:11.0072 3196 AmdLLD64 - ok
01:16:11.0212 3196 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
01:16:11.0275 3196 Appinfo - ok
01:16:11.0587 3196 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:16:11.0602 3196 Apple Mobile Device - ok
01:16:11.0649 3196 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
01:16:11.0712 3196 arc - ok
01:16:11.0727 3196 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:16:11.0758 3196 arcsas - ok
01:16:12.0055 3196 aspnet_state - ok
01:16:12.0070 3196 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:16:12.0164 3196 AsyncMac - ok
01:16:12.0211 3196 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
01:16:12.0211 3196 atapi - ok
01:16:12.0289 3196 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:16:12.0351 3196 AudioEndpointBuilder - ok
01:16:12.0367 3196 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:16:12.0414 3196 AudioSrv - ok
01:16:12.0726 3196 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
01:16:12.0975 3196 AVGIDSAgent - ok
01:16:13.0038 3196 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
01:16:13.0053 3196 AVGIDSDriver - ok
01:16:13.0069 3196 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
01:16:13.0084 3196 AVGIDSFilter - ok
01:16:13.0131 3196 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
01:16:13.0178 3196 AVGIDSHA - ok
01:16:13.0287 3196 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
01:16:13.0303 3196 Avgldx64 - ok
01:16:13.0365 3196 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
01:16:13.0365 3196 Avgmfx64 - ok
01:16:13.0396 3196 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
01:16:13.0443 3196 Avgrkx64 - ok
01:16:13.0521 3196 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
01:16:13.0615 3196 Avgtdia - ok
01:16:13.0693 3196 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
01:16:13.0693 3196 avgwd - ok
01:16:13.0958 3196 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
01:16:14.0020 3196 BBSvc - ok
01:16:14.0067 3196 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
01:16:14.0083 3196 BBUpdate - ok
01:16:14.0114 3196 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:16:14.0161 3196 blbdrive - ok
01:16:14.0395 3196 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
01:16:14.0473 3196 Bonjour Service - ok
01:16:14.0535 3196 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:16:14.0598 3196 bowser - ok
01:16:14.0629 3196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:16:14.0676 3196 BrFiltLo - ok
01:16:14.0707 3196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:16:14.0769 3196 BrFiltUp - ok
01:16:14.0800 3196 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
01:16:14.0894 3196 Browser - ok
01:16:14.0910 3196 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
01:16:15.0050 3196 Brserid - ok
01:16:15.0128 3196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:16:15.0175 3196 BrSerWdm - ok
01:16:15.0190 3196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:16:15.0253 3196 BrUsbMdm - ok
01:16:15.0268 3196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:16:15.0331 3196 BrUsbSer - ok
01:16:15.0346 3196 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:16:15.0393 3196 BTHMODEM - ok
01:16:15.0440 3196 [ 6C2DD66A3DB32450D661BA89B18B1941 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
01:16:15.0487 3196 CAXHWBS2 - ok
01:16:15.0502 3196 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:16:15.0549 3196 cdfs - ok
01:16:15.0612 3196 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:16:15.0674 3196 cdrom - ok
01:16:15.0705 3196 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
01:16:15.0736 3196 CertPropSvc - ok
01:16:15.0752 3196 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
01:16:15.0799 3196 circlass - ok
01:16:15.0846 3196 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
01:16:15.0892 3196 CLFS - ok
01:16:15.0908 3196 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:16:15.0908 3196 clr_optimization_v2.0.50727_32 - ok
01:16:15.0986 3196 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:16:16.0002 3196 clr_optimization_v2.0.50727_64 - ok
01:16:16.0111 3196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:16:16.0345 3196 clr_optimization_v4.0.30319_32 - ok
01:16:16.0392 3196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:16:16.0454 3196 clr_optimization_v4.0.30319_64 - ok
01:16:16.0470 3196 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:16:16.0470 3196 cmdide - ok
01:16:16.0485 3196 [ 34A6AA82AA36C87FC8816F2097EFA345 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:16:16.0501 3196 Compbatt - ok
01:16:16.0516 3196 COMSysApp - ok
01:16:16.0579 3196 cpuz134 - ok
01:16:16.0579 3196 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:16:16.0594 3196 crcdisk - ok
01:16:16.0688 3196 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:16:16.0735 3196 CryptSvc - ok
01:16:16.0782 3196 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
01:16:16.0844 3196 DcomLaunch - ok
01:16:16.0906 3196 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:16:16.0969 3196 DfsC - ok
01:16:17.0359 3196 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
01:16:17.0593 3196 DFSR - ok
01:16:17.0624 3196 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:16:17.0655 3196 Dhcp - ok
01:16:17.0702 3196 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
01:16:17.0718 3196 disk - ok
01:16:17.0811 3196 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:16:17.0874 3196 Dnscache - ok
01:16:18.0076 3196 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
01:16:18.0108 3196 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
01:16:18.0108 3196 DockLoginService - detected UnsignedFile.Multi.Generic (1)
01:16:18.0170 3196 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
01:16:18.0217 3196 dot3svc - ok
01:16:18.0248 3196 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
01:16:18.0279 3196 DPS - ok
01:16:18.0310 3196 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:16:18.0357 3196 drmkaud - ok
01:16:18.0401 3196 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:16:18.0473 3196 DXGKrnl - ok
01:16:18.0548 3196 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
01:16:18.0596 3196 e1express - ok
01:16:18.0649 3196 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
01:16:18.0717 3196 E1G60 - ok
01:16:18.0721 3196 EagleX64 - ok
01:16:18.0758 3196 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
01:16:18.0818 3196 EapHost - ok
01:16:18.0865 3196 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
01:16:18.0879 3196 Ecache - ok
01:16:18.0942 3196 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:16:18.0960 3196 ehRecvr - ok
01:16:18.0973 3196 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
01:16:19.0008 3196 ehSched - ok
01:16:19.0061 3196 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
01:16:19.0089 3196 ehstart - ok
01:16:19.0200 3196 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:16:19.0247 3196 elxstor - ok
01:16:19.0295 3196 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:16:19.0519 3196 EMDMgmt - ok
01:16:19.0535 3196 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:16:19.0551 3196 ErrDev - ok
01:16:19.0629 3196 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
01:16:19.0691 3196 EventSystem - ok
01:16:19.0753 3196 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
01:16:19.0831 3196 exfat - ok
01:16:19.0878 3196 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:16:19.0941 3196 fastfat - ok
01:16:19.0956 3196 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:16:19.0987 3196 fdc - ok
01:16:20.0019 3196 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
01:16:20.0065 3196 fdPHost - ok
01:16:20.0081 3196 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
01:16:20.0112 3196 FDResPub - ok
01:16:20.0143 3196 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:16:20.0159 3196 FileInfo - ok
01:16:20.0175 3196 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:16:20.0206 3196 Filetrace - ok
01:16:20.0221 3196 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:16:20.0253 3196 flpydisk - ok
01:16:20.0284 3196 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:16:20.0315 3196 FltMgr - ok
01:16:20.0424 3196 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
01:16:20.0502 3196 FontCache - ok
01:16:20.0580 3196 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:16:20.0580 3196 FontCache3.0.0.0 - ok
01:16:20.0627 3196 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:16:20.0689 3196 Fs_Rec - ok
01:16:20.0705 3196 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:16:20.0721 3196 gagp30kx - ok
01:16:20.0752 3196 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:16:20.0767 3196 GEARAspiWDM - ok
01:16:20.0783 3196 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
01:16:20.0814 3196 gpsvc - ok
01:16:20.0877 3196 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:16:20.0892 3196 gupdate - ok
01:16:20.0908 3196 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:16:20.0908 3196 gupdatem - ok
01:16:20.0955 3196 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
01:16:20.0955 3196 hamachi - ok
01:16:21.0079 3196 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
01:16:21.0235 3196 Hamachi2Svc - ok
01:16:21.0579 3196 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:16:21.0750 3196 HDAudBus - ok
01:16:21.0797 3196 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:16:21.0859 3196 HidBth - ok
01:16:21.0875 3196 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:16:21.0953 3196 HidIr - ok
01:16:22.0000 3196 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
01:16:22.0047 3196 hidserv - ok
01:16:22.0093 3196 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:16:22.0140 3196 HidUsb - ok
01:16:22.0171 3196 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
01:16:22.0203 3196 hkmsvc - ok
01:16:22.0249 3196 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:16:22.0265 3196 HpCISSs - ok
01:16:22.0312 3196 [ 60F1D0EDE7AE2B92B3A8886E825B7147 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
01:16:22.0385 3196 HSF_DPV - ok
01:16:22.0483 3196 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:16:22.0738 3196 HTTP - ok
01:16:22.0772 3196 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:16:22.0784 3196 i2omp - ok
01:16:22.0874 3196 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:16:22.0895 3196 i8042prt - ok
01:16:22.0971 3196 [ 756879FA65978DF948437CE3FD1EACCD ] iaStor C:\Windows\system32\drivers\iastor.sys
01:16:22.0989 3196 iaStor - ok
01:16:23.0015 3196 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:16:23.0035 3196 iaStorV - ok
01:16:23.0126 3196 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:16:23.0131 3196 IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:16:23.0131 3196 IDriverT - detected UnsignedFile.Multi.Generic (1)
01:16:23.0194 3196 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:16:23.0224 3196 idsvc - ok
01:16:23.0818 3196 [ F7AB8285BBECFAA5ED4050CCB89E073D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
01:16:24.0520 3196 igfx - ok
01:16:24.0551 3196 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:16:24.0551 3196 iirsp - ok
01:16:24.0629 3196 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
01:16:24.0676 3196 IKEEXT - ok
01:16:24.0722 3196 [ 49A1C3833AF724B2555C0689347DCD05 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:16:24.0832 3196 IntcAzAudAddService - ok
01:16:24.0863 3196 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\DRIVERS\intelide.sys
01:16:24.0878 3196 intelide - ok
01:16:24.0910 3196 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:16:24.0956 3196 intelppm - ok
01:16:25.0019 3196 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:16:25.0066 3196 IPBusEnum - ok
01:16:25.0112 3196 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:16:25.0159 3196 IpFilterDriver - ok
01:16:25.0159 3196 IpInIp - ok
01:16:25.0175 3196 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:16:25.0206 3196 IPMIDRV - ok
01:16:25.0346 3196 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:16:25.0424 3196 IPNAT - ok
01:16:25.0502 3196 [ A9E53E1A9C4274EEBC00D36AE5ED40DE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:16:25.0565 3196 iPod Service - ok
01:16:25.0596 3196 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:16:25.0658 3196 IRENUM - ok
01:16:25.0705 3196 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:16:25.0721 3196 isapnp - ok
01:16:25.0799 3196 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:16:25.0814 3196 iScsiPrt - ok
01:16:25.0861 3196 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:16:25.0908 3196 iteatapi - ok
01:16:25.0955 3196 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:16:25.0986 3196 iteraid - ok
01:16:26.0017 3196 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:16:26.0017 3196 kbdclass - ok
01:16:26.0080 3196 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:16:26.0095 3196 kbdhid - ok
01:16:26.0142 3196 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
01:16:26.0158 3196 KeyIso - ok
01:16:26.0189 3196 [ 2758D174604F597BBC8A217FF667913D ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:16:26.0298 3196 KSecDD - ok
01:16:26.0298 3196 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:16:26.0345 3196 ksthunk - ok
01:16:26.0407 3196 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
01:16:26.0454 3196 KtmRm - ok
01:16:26.0516 3196 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:16:26.0563 3196 LanmanServer - ok
01:16:26.0626 3196 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:16:26.0688 3196 LanmanWorkstation - ok
01:16:26.0860 3196 [ AD36B5F8AC7C2BAFB32973B743A65265 ] LiveTurbineMessageService C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe
01:16:26.0922 3196 LiveTurbineMessageService - ok
01:16:26.0953 3196 [ FFDFF7E4D8FDA5C1BFA50F9DBFB780CE ] LiveTurbineNetworkService C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe
01:16:27.0000 3196 LiveTurbineNetworkService - ok
01:16:27.0016 3196 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:16:27.0062 3196 lltdio - ok
01:16:27.0094 3196 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:16:27.0140 3196 lltdsvc - ok
01:16:27.0172 3196 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:16:27.0218 3196 lmhosts - ok
01:16:27.0250 3196 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:16:27.0265 3196 LSI_FC - ok
01:16:27.0296 3196 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:16:27.0312 3196 LSI_SAS - ok
01:16:27.0343 3196 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:16:27.0359 3196 LSI_SCSI - ok
01:16:27.0374 3196 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
01:16:27.0421 3196 luafv - ok
01:16:27.0484 3196 [ 7717A2CB550267860D3933F3FBA0216F ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
01:16:27.0499 3196 LVPr2M64 - ok
01:16:27.0499 3196 [ 7717A2CB550267860D3933F3FBA0216F ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
01:16:27.0515 3196 LVPr2Mon - ok
01:16:27.0577 3196 [ 8EBEB7E7A0C3D295CA6BBCFA942C6AA8 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
01:16:27.0624 3196 LVPrcS64 - ok
01:16:27.0764 3196 [ EF586B959F747E74C76603FF16AE417B ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
01:16:27.0780 3196 LVRS64 - ok
01:16:27.0905 3196 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
01:16:28.0326 3196 LVUVC64 - ok
01:16:28.0389 3196 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:16:28.0397 3196 Mcx2Svc - ok
01:16:28.0475 3196 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
01:16:28.0516 3196 mdmxsdk - ok
01:16:28.0570 3196 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
01:16:28.0582 3196 megasas - ok
01:16:28.0615 3196 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
01:16:28.0636 3196 MegaSR - ok
01:16:28.0658 3196 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
01:16:28.0686 3196 MMCSS - ok
01:16:28.0769 3196 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
01:16:28.0829 3196 Modem - ok
01:16:28.0872 3196 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:16:28.0899 3196 monitor - ok
01:16:28.0923 3196 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:16:28.0935 3196 mouclass - ok
01:16:28.0946 3196 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:16:28.0998 3196 mouhid - ok
01:16:29.0002 3196 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:16:29.0014 3196 MountMgr - ok
01:16:29.0057 3196 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:16:29.0070 3196 MozillaMaintenance - ok
01:16:29.0094 3196 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
01:16:29.0106 3196 mpio - ok
01:16:29.0132 3196 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:16:29.0173 3196 mpsdrv - ok
01:16:29.0214 3196 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:16:29.0225 3196 Mraid35x - ok
01:16:29.0281 3196 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:16:29.0296 3196 MRxDAV - ok
01:16:29.0343 3196 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:16:29.0438 3196 mrxsmb - ok
01:16:29.0579 3196 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:16:29.0641 3196 mrxsmb10 - ok
01:16:29.0672 3196 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:16:29.0688 3196 mrxsmb20 - ok
01:16:29.0704 3196 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
01:16:29.0719 3196 msahci - ok
01:16:29.0735 3196 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:16:29.0750 3196 msdsm - ok
01:16:29.0766 3196 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
01:16:29.0813 3196 MSDTC - ok
01:16:29.0844 3196 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:16:29.0891 3196 Msfs - ok
01:16:29.0922 3196 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:16:29.0938 3196 msisadrv - ok
01:16:29.0969 3196 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:16:30.0016 3196 MSiSCSI - ok
01:16:30.0016 3196 msiserver - ok
01:16:30.0047 3196 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:16:30.0078 3196 MSKSSRV - ok
01:16:30.0109 3196 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:16:30.0156 3196 MSPCLOCK - ok
01:16:30.0172 3196 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:16:30.0218 3196 MSPQM - ok
01:16:30.0250 3196 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:16:30.0343 3196 MsRPC - ok
01:16:30.0421 3196 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:16:30.0421 3196 mssmbios - ok
01:16:30.0452 3196 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:16:30.0499 3196 MSTEE - ok
01:16:30.0515 3196 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
01:16:30.0530 3196 Mup - ok
01:16:30.0577 3196 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
01:16:30.0640 3196 napagent - ok
01:16:30.0718 3196 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:16:30.0749 3196 NativeWifiP - ok
01:16:30.0827 3196 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:16:31.0045 3196 NDIS - ok
01:16:31.0076 3196 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:16:31.0123 3196 NdisTapi - ok
01:16:31.0139 3196 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:16:31.0186 3196 Ndisuio - ok
01:16:31.0248 3196 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:16:31.0310 3196 NdisWan - ok
01:16:31.0326 3196 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:16:31.0373 3196 NDProxy - ok
01:16:31.0404 3196 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:16:31.0435 3196 NetBIOS - ok
01:16:31.0466 3196 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:16:31.0513 3196 netbt - ok
01:16:31.0544 3196 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
01:16:31.0544 3196 Netlogon - ok
01:16:31.0576 3196 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
01:16:31.0638 3196 Netman - ok
01:16:31.0669 3196 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
01:16:31.0700 3196 netprofm - ok
01:16:31.0778 3196 [ C553716F6F7BCA3444CEE52DFB7C9016 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
01:16:31.0841 3196 netr28ux - ok
01:16:31.0872 3196 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:16:31.0872 3196 NetTcpPortSharing - ok
01:16:31.0919 3196 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:16:31.0934 3196 nfrd960 - ok
01:16:31.0966 3196 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
01:16:31.0997 3196 NlaSvc - ok
01:16:32.0044 3196 Norton PC Checkup Application Launcher - ok
01:16:32.0122 3196 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:16:32.0168 3196 Npfs - ok
01:16:32.0215 3196 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
01:16:32.0293 3196 nsi - ok
01:16:32.0340 3196 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:16:32.0387 3196 nsiproxy - ok
01:16:32.0512 3196 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:16:32.0761 3196 Ntfs - ok
01:16:32.0792 3196 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
01:16:32.0839 3196 Null - ok
01:16:32.0870 3196 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:16:32.0902 3196 nvraid - ok
01:16:32.0948 3196 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:16:32.0964 3196 nvstor - ok
01:16:32.0995 3196 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:16:33.0011 3196 nv_agp - ok
01:16:33.0026 3196 NwlnkFlt - ok
01:16:33.0026 3196 NwlnkFwd - ok
01:16:33.0073 3196 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:16:33.0136 3196 ohci1394 - ok
01:16:33.0229 3196 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:16:33.0245 3196 ose - ok
01:16:33.0401 3196 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:16:33.0728 3196 osppsvc - ok
01:16:33.0806 3196 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:16:33.0869 3196 p2pimsvc - ok
01:16:33.0884 3196 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
01:16:33.0931 3196 p2psvc - ok
01:16:33.0962 3196 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
01:16:34.0025 3196 Parport - ok
01:16:34.0072 3196 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:16:34.0118 3196 partmgr - ok
01:16:34.0150 3196 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
01:16:34.0165 3196 PcaSvc - ok
01:16:34.0212 3196 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
01:16:34.0228 3196 pci - ok
01:16:34.0273 3196 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
01:16:34.0286 3196 pciide - ok
01:16:34.0371 3196 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:16:34.0404 3196 pcmcia - ok
01:16:34.0432 3196 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:16:34.0506 3196 PEAUTH - ok
01:16:34.0666 3196 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:16:34.0713 3196 PerfHost - ok
01:16:34.0782 3196 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
01:16:34.0871 3196 pla - ok
01:16:34.0906 3196 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:16:34.0945 3196 PlugPlay - ok
01:16:34.0949 3196 PnkBstrA - ok
01:16:34.0969 3196 PnkBstrB - ok
01:16:34.0993 3196 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:16:35.0015 3196 PNRPAutoReg - ok
01:16:35.0026 3196 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:16:35.0129 3196 PNRPsvc - ok
01:16:35.0170 3196 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:16:35.0219 3196 PolicyAgent - ok
01:16:35.0285 3196 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:16:35.0334 3196 PptpMiniport - ok
01:16:35.0373 3196 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
01:16:35.0402 3196 Processor - ok
01:16:35.0464 3196 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
01:16:35.0490 3196 ProfSvc - ok
01:16:35.0520 3196 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
01:16:35.0532 3196 ProtectedStorage - ok
01:16:35.0597 3196 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:16:35.0651 3196 PSched - ok
01:16:35.0720 3196 [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
01:16:35.0735 3196 PxHlpa64 - ok
01:16:35.0782 3196 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:16:35.0876 3196 ql2300 - ok
01:16:35.0907 3196 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:16:35.0938 3196 ql40xx - ok
01:16:35.0969 3196 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
01:16:36.0016 3196 QWAVE - ok
01:16:36.0063 3196 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:16:36.0094 3196 QWAVEdrv - ok
01:16:36.0203 3196 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
01:16:36.0344 3196 R300 - ok
01:16:36.0375 3196 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:16:36.0406 3196 RasAcd - ok
01:16:36.0437 3196 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
01:16:36.0500 3196 RasAuto - ok
01:16:36.0562 3196 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:16:36.0578 3196 Rasl2tp - ok
01:16:36.0609 3196 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
01:16:36.0656 3196 RasMan - ok
01:16:36.0702 3196 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:16:36.0749 3196 RasPppoe - ok
01:16:36.0796 3196 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:16:36.0812 3196 RasSstp - ok
01:16:36.0858 3196 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:16:36.0890 3196 rdbss - ok
01:16:36.0890 3196 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:16:36.0921 3196 RDPCDD - ok
01:16:36.0952 3196 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
01:16:37.0061 3196 rdpdr - ok
01:16:37.0092 3196 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:16:37.0139 3196 RDPENCDD - ok
01:16:37.0202 3196 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:16:37.0233 3196 RDPWD - ok
01:16:37.0248 3196 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:16:37.0280 3196 RemoteAccess - ok
01:16:37.0358 3196 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:16:37.0404 3196 RemoteRegistry - ok
01:16:37.0436 3196 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
01:16:37.0467 3196 RpcLocator - ok
01:16:37.0514 3196 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
01:16:37.0545 3196 RpcSs - ok
01:16:37.0592 3196 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:16:37.0623 3196 rspndr - ok
01:16:37.0763 3196 [ 335352091ACC9884B9C527EDCDD643BB ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
01:16:37.0810 3196 RTL8169 - ok
01:16:37.0841 3196 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
01:16:37.0857 3196 SamSs - ok
01:16:37.0872 3196 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:16:37.0904 3196 sbp2port - ok
01:16:37.0950 3196 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:16:37.0982 3196 SCardSvr - ok
01:16:38.0060 3196 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
01:16:38.0184 3196 Schedule - ok
01:16:38.0247 3196 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:16:38.0262 3196 SCPolicySvc - ok
01:16:38.0356 3196 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:16:38.0403 3196 SDRSVC - ok
01:16:38.0405 3196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:16:38.0488 3196 secdrv - ok
01:16:38.0529 3196 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
01:16:38.0557 3196 seclogon - ok
01:16:38.0570 3196 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
01:16:38.0625 3196 SENS - ok
01:16:38.0652 3196 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
01:16:38.0736 3196 Serenum - ok
01:16:38.0760 3196 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
01:16:38.0832 3196 Serial - ok
01:16:38.0859 3196 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:16:38.0929 3196 sermouse - ok
01:16:38.0964 3196 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
01:16:39.0012 3196 SessionEnv - ok
01:16:39.0028 3196 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:16:39.0070 3196 sffdisk - ok
01:16:39.0091 3196 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:16:39.0119 3196 sffp_mmc - ok
01:16:39.0133 3196 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:16:39.0161 3196 sffp_sd - ok
01:16:39.0171 3196 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:16:39.0229 3196 sfloppy - ok
01:16:39.0278 3196 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:16:39.0311 3196 ShellHWDetection - ok
01:16:39.0325 3196 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:16:39.0338 3196 SiSRaid2 - ok
01:16:39.0355 3196 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:16:39.0368 3196 SiSRaid4 - ok
01:16:39.0688 3196 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
01:16:39.0859 3196 slsvc - ok
01:16:39.0906 3196 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:16:39.0969 3196 SLUINotify - ok
01:16:40.0047 3196 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:16:40.0078 3196 Smb - ok
01:16:40.0109 3196 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:16:40.0125 3196 SNMPTRAP - ok
01:16:40.0171 3196 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
01:16:40.0187 3196 spldr - ok
01:16:40.0234 3196 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
01:16:40.0249 3196 Spooler - ok
01:16:40.0312 3196 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
01:16:40.0312 3196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
01:16:40.0312 3196 sptd ( LockedFile.Multi.Generic ) - warning
01:16:40.0312 3196 sptd - detected LockedFile.Multi.Generic (1)
01:16:40.0390 3196 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
01:16:40.0515 3196 srv - ok
01:16:40.0577 3196 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:16:40.0639 3196 srv2 - ok
01:16:40.0639 3196 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:16:40.0671 3196 srvnet - ok
01:16:40.0717 3196 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:16:40.0780 3196 SSDPSRV - ok
01:16:40.0811 3196 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:16:40.0842 3196 SstpSvc - ok
01:16:40.0905 3196 Steam Client Service - ok
01:16:40.0967 3196 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
01:16:40.0998 3196 StillCam - ok
01:16:41.0107 3196 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
01:16:41.0170 3196 stisvc - ok
01:16:41.0263 3196 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
01:16:41.0279 3196 stllssvr - ok
01:16:41.0357 3196 [ F3D556210187393278CADA312E0411DB ] StumbleUponUpdateService C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe
01:16:41.0388 3196 StumbleUponUpdateService - ok
01:16:41.0419 3196 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:16:41.0435 3196 swenum - ok
01:16:41.0747 3196 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:16:41.0794 3196 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
01:16:41.0794 3196 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
01:16:41.0841 3196 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
01:16:41.0887 3196 swprv - ok
01:16:41.0903 3196 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:16:41.0919 3196 Symc8xx - ok
01:16:41.0950 3196 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:16:41.0965 3196 Sym_hi - ok
01:16:41.0997 3196 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:16:41.0997 3196 Sym_u3 - ok
01:16:42.0059 3196 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
01:16:42.0137 3196 SysMain - ok
01:16:42.0199 3196 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:16:42.0277 3196 TabletInputService - ok
01:16:42.0402 3196 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:16:42.0465 3196 TapiSrv - ok
01:16:42.0496 3196 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
01:16:42.0543 3196 TBS - ok
01:16:42.0621 3196 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:16:42.0714 3196 Tcpip - ok
01:16:42.0834 3196 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:16:42.0896 3196 Tcpip6 - ok
01:16:42.0953 3196 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:16:43.0014 3196 tcpipreg - ok
01:16:43.0045 3196 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:16:43.0083 3196 TDPIPE - ok
01:16:43.0106 3196 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:16:43.0159 3196 TDTCP - ok
01:16:43.0189 3196 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:16:43.0242 3196 tdx - ok
01:16:43.0280 3196 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:16:43.0292 3196 TermDD - ok
01:16:43.0375 3196 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
01:16:43.0539 3196 TermService - ok
01:16:43.0605 3196 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
01:16:43.0619 3196 Themes - ok
01:16:43.0651 3196 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
01:16:43.0678 3196 THREADORDER - ok
01:16:43.0704 3196 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
01:16:43.0759 3196 TrkWks - ok
01:16:43.0857 3196 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:16:43.0912 3196 TrustedInstaller - ok
01:16:43.0920 3196 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:16:43.0978 3196 tssecsrv - ok
01:16:44.0063 3196 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:16:44.0173 3196 tunmp - ok
01:16:44.0257 3196 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:16:44.0332 3196 tunnel - ok
01:16:44.0367 3196 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:16:44.0402 3196 uagp35 - ok
01:16:44.0462 3196 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:16:44.0509 3196 udfs - ok
01:16:44.0545 3196 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:16:44.0608 3196 UI0Detect - ok
01:16:44.0653 3196 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:16:44.0696 3196 uliagpkx - ok
01:16:44.0727 3196 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:16:44.0743 3196 uliahci - ok
01:16:44.0774 3196 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:16:44.0790 3196 UlSata - ok
01:16:44.0805 3196 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:16:44.0821 3196 ulsata2 - ok
01:16:44.0836 3196 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:16:44.0868 3196 umbus - ok
01:16:44.0883 3196 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
01:16:44.0930 3196 UMPass - ok
01:16:44.0977 3196 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
01:16:45.0039 3196 upnphost - ok
01:16:45.0070 3196 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:16:45.0102 3196 USBAAPL64 - ok
01:16:45.0148 3196 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:16:45.0242 3196 usbaudio - ok
01:16:45.0273 3196 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:16:45.0336 3196 usbccgp - ok
01:16:45.0367 3196 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:16:45.0460 3196 usbcir - ok
01:16:45.0507 3196 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:16:45.0554 3196 usbehci - ok
01:16:45.0601 3196 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:16:45.0663 3196 usbhub - ok
01:16:45.0694 3196 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:16:45.0741 3196 usbohci - ok
01:16:45.0757 3196 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:16:45.0804 3196 usbprint - ok
01:16:45.0866 3196 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:16:45.0928 3196 USBSTOR - ok
01:16:45.0960 3196 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:16:45.0975 3196 usbuhci - ok
01:16:46.0006 3196 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
01:16:46.0038 3196 usbvideo - ok
01:16:46.0100 3196 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
01:16:46.0147 3196 UxSms - ok
01:16:46.0256 3196 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
01:16:46.0381 3196 vds - ok
01:16:46.0412 3196 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:16:46.0459 3196 vga - ok
01:16:46.0506 3196 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
01:16:46.0584 3196 VgaSave - ok
01:16:46.0630 3196 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
01:16:46.0630 3196 viaide - ok
01:16:46.0693 3196 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:16:46.0708 3196 volmgr - ok
01:16:46.0755 3196 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:16:46.0771 3196 volmgrx - ok
01:16:46.0849 3196 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:16:46.0864 3196 volsnap - ok
01:16:46.0896 3196 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:16:46.0911 3196 vsmraid - ok
01:16:46.0958 3196 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
01:16:47.0098 3196 VSS - ok
01:16:47.0161 3196 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
01:16:47.0223 3196 W32Time - ok
01:16:47.0270 3196 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:16:47.0317 3196 WacomPen - ok
01:16:47.0364 3196 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:16:47.0395 3196 Wanarp - ok
01:16:47.0410 3196 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:16:47.0426 3196 Wanarpv6 - ok
01:16:47.0707 3196 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:16:47.0894 3196 wcncsvc - ok
01:16:47.0972 3196 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:16:48.0034 3196 WcsPlugInService - ok
01:16:48.0081 3196 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
01:16:48.0112 3196 Wd - ok
01:16:48.0159 3196 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
01:16:48.0190 3196 WDC_SAM - ok
01:16:48.0237 3196 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:16:48.0300 3196 Wdf01000 - ok
01:16:48.0331 3196 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:16:48.0378 3196 WdiServiceHost - ok
01:16:48.0378 3196 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:16:48.0409 3196 WdiSystemHost - ok
01:16:48.0441 3196 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
01:16:48.0562 3196 WebClient - ok
01:16:48.0613 3196 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:16:48.0671 3196 Wecsvc - ok
01:16:48.0714 3196 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:16:48.0776 3196 wercplsupport - ok
01:16:48.0809 3196 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
01:16:48.0867 3196 WerSvc - ok
01:16:48.0915 3196 [ A53CDE6BEEA165FE9B430476EEDE3C54 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
01:16:48.0939 3196 winachsf - ok
01:16:48.0944 3196 WinHttpAutoProxySvc - ok
01:16:49.0025 3196 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:16:49.0117 3196 Winmgmt - ok
01:16:49.0407 3196 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
01:16:49.0522 3196 WinRM - ok
01:16:49.0585 3196 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:16:49.0600 3196 Wlansvc - ok
01:16:50.0053 3196 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:16:50.0131 3196 wlidsvc - ok
01:16:50.0177 3196 [ 7999DFB1C555EFC0DB69576F70027867 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:16:50.0209 3196 WmiAcpi - ok
01:16:50.0255 3196 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:16:50.0271 3196 wmiApSrv - ok
01:16:50.0302 3196 WMPNetworkSvc - ok
01:16:50.0333 3196 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:16:50.0365 3196 WPCSvc - ok
01:16:50.0411 3196 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:16:50.0489 3196 WPDBusEnum - ok
01:16:50.0536 3196 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
01:16:50.0583 3196 WpdUsb - ok
01:16:50.0879 3196 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:16:51.0191 3196 WPFFontCache_v0400 - ok
01:16:51.0223 3196 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:16:51.0238 3196 ws2ifsl - ok
01:16:51.0285 3196 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
01:16:51.0379 3196 WSDPrintDevice - ok
01:16:51.0394 3196 WSearch - ok
01:16:51.0457 3196 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:16:51.0503 3196 WUDFRd - ok
01:16:51.0550 3196 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:16:51.0566 3196 wudfsvc - ok
01:16:51.0581 3196 X4HSX32 - ok
01:16:51.0613 3196 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
01:16:51.0613 3196 XAudio - ok
01:16:51.0644 3196 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
01:16:51.0659 3196 XAudioService - ok
01:16:51.0706 3196 [ DA1C23F65EF1894AB5B6FF79D81F544A ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
01:16:51.0831 3196 xnacc - ok
01:16:51.0893 3196 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
01:16:51.0909 3196 xusb21 - ok
01:16:52.0127 3196 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:16:52.0330 3196 YahooAUService - ok
01:16:52.0455 3196 [ DEA75CC1F40E2BFD24A5DE96E4786107 ] YNanoService C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
01:16:52.0471 3196 YNanoService - ok
01:16:52.0502 3196 ================ Scan global ===============================
01:16:52.0533 3196 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
01:16:52.0611 3196 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:16:52.0642 3196 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:16:52.0783 3196 [ BC81150939BD52DBC7A08C245F1FB229 ] C:\Windows\system32\services.exe
01:16:52.0783 3196 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
01:16:52.0783 3196 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
01:16:52.0783 3196 ================ Scan MBR ==================================
01:16:52.0798 3196 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
01:16:53.0547 3196 \Device\Harddisk0\DR0 - ok
01:16:53.0547 3196 ================ Scan VBR ==================================
01:16:53.0578 3196 [ F7B3D4355901439C142A635E5E09771E ] \Device\Harddisk0\DR0\Partition1
01:16:53.0609 3196 \Device\Harddisk0\DR0\Partition1 - ok
01:16:53.0609 3196 [ 03FF3B6FADDDBA8B46CC06B9759EAB41 ] \Device\Harddisk0\DR0\Partition2
01:16:53.0625 3196 \Device\Harddisk0\DR0\Partition2 - ok
01:16:53.0625 3196 ============================================================
01:16:53.0625 3196 Scan finished
01:16:53.0625 3196 ============================================================
01:16:53.0641 2848 Detected object count: 5
01:16:53.0641 2848 Actual detected object count: 5
01:17:14.0406 2848 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
01:17:14.0406 2848 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:17:14.0406 2848 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:17:14.0406 2848 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:17:14.0406 2848 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:17:14.0406 2848 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:17:14.0406 2848 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
01:17:14.0406 2848 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:17:14.0687 2848 C:\Windows\system32\services.exe - copied to quarantine
01:17:55.0646 2848 Backup copy found, using it..
01:17:55.0739 2848 C:\Windows\system32\services.exe - will be cured on reboot
01:17:55.0739 2848 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure

#6
Essexboy

Posted 17 December 2012 - 12:20 PM

GeekU Moderator

Retired Staff
69,964 posts

TDSSKiller replaced the bad file and Combofix repaired the broken services, so it looks good... Lets run a final sweep for orphans

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

#7
mzimm003

Posted 17 December 2012 - 01:45 PM

Member

Topic Starter
Member
14 posts

Don't know if this is related, but I'm having trouble with the firewall. It says Windows Firewall isn't using the recommended settings and suggests I update settings, but when I click on that it just says there's an unidentified problem and nothing happens. The same occurs when I click on the turn firewall on or off button, and the allow program button. Here is the log for MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.17.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jack :: JACKSROOM [administrator]

12/17/2012 1:26:44 PM
mbam-log-2012-12-17 (13-26-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 301095
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Luke\AppData\Roaming\MinecraftSP.exe (Backdoor.Agent.DC) -> Quarantined and deleted successfully.

(end)

#8
Essexboy

Posted 17 December 2012 - 01:50 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets check it out

Download and run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#9
mzimm003

Posted 17 December 2012 - 02:00 PM

Member

Topic Starter
Member
14 posts

Farbar Service Scanner Version: 10-12-2012
Ran by Jack (administrator) on 17-12-2012 at 14:59:35
Running from "C:\Users\Jack\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 00:19] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:21] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 19:59] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-03 15:15] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-03 15:13] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-03 15:15] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-12-17 02:41] - [2012-06-01 19:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-03 15:15] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

#10
Essexboy

Posted 17 December 2012 - 02:03 PM

GeekU Moderator

Retired Staff
69,964 posts

Download the two attached reg files to your desktop
[attachment=62027:MpsSvc.reg]
[attachment=62028:SharedAccess.reg]
Double click each in turn and allow to merge

Reboot and try the firewall again

#11
mzimm003

Posted 17 December 2012 - 02:18 PM

Member

Topic Starter
Member
14 posts

Now when I click Update settings there's a loading mouse for a few seconds and then nothing happens. When I click on anything else it says 'Windows Firewall settings cannot be displayed because the associated service is not running, Do you want to start the Windows Firewall service?' I click yes. It says, 'Windows cannot start the Windows Firewall service.'

#12
Essexboy

Posted 17 December 2012 - 02:55 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you run FSS again please

#13
mzimm003

Posted 17 December 2012 - 03:14 PM

Member

Topic Starter
Member
14 posts

Farbar Service Scanner Version: 10-12-2012
Ran by Jack (administrator) on 17-12-2012 at 16:13:57
Running from "C:\Users\Jack\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 00:19] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:21] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 19:59] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-03 15:15] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-03 15:13] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-03 15:15] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-12-17 02:41] - [2012-06-01 19:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-03 15:15] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

#14
Essexboy

Posted 17 December 2012 - 03:19 PM

GeekU Moderator

Retired Staff
69,964 posts

Another reg fix to run

Same routine download the reg file to the desktop
[attachment=62033:iphlpsvc.reg]
Double click and allow to merge
Reboot and try again

#15
mzimm003

Posted 17 December 2012 - 04:16 PM

Member

Topic Starter
Member
14 posts

Same thing is happening. I tried to find LEGACY_MpsSvc.reg but I'm kind of afraid to download anything not submitted by you now.

Farbar Service Scanner Version: 10-12-2012
Ran by Jack (administrator) on 17-12-2012 at 16:45:07
Running from "C:\Users\Jack\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 00:19] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:21] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 19:59] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-03 15:15] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-03 15:13] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-03 15:15] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-03 15:14] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-12-17 02:41] - [2012-06-01 19:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-03 15:15] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****