Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Got infected with pceu virus, want to make sure it's gone [Solved]


  • This topic is locked This topic is locked

#1
Casper_aa

Casper_aa

    Member

  • Member
  • PipPip
  • 57 posts
Our pc was recently infected with the pceu virus. It only seemed to really affect my dads user logon(I guess because he was the one that got it infected) and it would lock up his screen with some fake message.

I used a combination of Malwarebytes, Avast and Spybot to scan and remove anything they found and it seems to have gotten rid of the problem with the fake message.

As I am well aware from past experiences with infections though, there can often be remnants left over so I was just wanting some help making sure our pc is clean again. Kind of frustrating as I had posted a thread a couple of weeks ago and got some great help cleaning the pc and then my dad goes and gets it infected again. I have asked him to speak to me before installing anything in future and gave him some advice when searching the web, though any other tips you think I could give him would be welcome.

Also, I should note that before I knew it was infected I did connect my external harddrive to the system so if you think there is any chance that it could be infected then we might have to deal with that also.

I was also planning on posting a thread about way's to speed up the system but that can wait for now and this is probably not even the right section for hardware queries.

Thanks!

Edited by Casper_aa, 26 December 2012 - 05:46 AM.

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Also, I should note that before I knew it was infected I did connect my external harddrive to the system so if you think there is any chance that it could be infected then we might have to deal with that also.

We can check this/inoculate as follows...

Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the Desktop of your machine.

  • Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installtion wizard.
  • At the configuration screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected.
  • Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> click on Finish.
  • Insert/connect your External Hard-Drive in your machine...it will be automatically vaccinated.
  • Close Panda USB Vaccine via right-clicking on the Panda USB Vaccine system tray icon and selecting Exit.
  • Panda USB Vaccine will auto start with every system reboot and if left running when any USB drive is connected, it will in turn be inoculated.
Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advice would be to keep it installed.

Scan with aswMBR:

Please download aswMBR.exe to your Desktop.

  • Right-click the aswMBR.exe and select Run as Administrator to launch the application.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • aswMBR Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I haven't noticed any difference but there wasn't anything abnormal going on anyway.

aswMBR didn't ask about the avast! scan but here is the log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-02 15:37:55
-----------------------------
15:37:55.312 OS Version: Windows x64 6.0.6002 Service Pack 2
15:37:55.312 Number of processors: 4 586 0xF0B
15:37:55.312 ComputerName: HOME-PC UserName: Ally
15:37:57.449 Initialize success
15:38:00.912 AVAST engine defs: 13010200
15:38:16.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
15:38:16.637 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
15:38:16.662 Disk 0 MBR read successfully
15:38:16.665 Disk 0 MBR scan
15:38:16.668 Disk 0 Windows VISTA default MBR code
15:38:16.682 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
15:38:16.741 Disk 0 scanning C:\Windows\system32\drivers
15:38:30.537 Service scanning
15:38:46.312 Modules scanning
15:38:46.317 Disk 0 trace - called modules:
15:38:46.339 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
15:38:46.342 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049c93a0]
15:38:46.345 3 CLASSPNP.SYS[fffffa6000dcac33] -> nt!IofCallDriver -> [0xfffffa800462f720]
15:38:46.349 5 acpi.sys[fffffa60008e8fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800464c060]
15:38:48.331 AVAST engine scan C:\Windows
15:40:21.263 AVAST engine scan C:\Windows\system32
15:42:53.035 AVAST engine scan C:\Windows\system32\drivers
15:43:11.287 AVAST engine scan C:\Users\Ally
16:01:28.741 AVAST engine scan C:\ProgramData
16:06:38.740 Scan finished successfully
16:45:05.699 Disk 0 MBR has been saved successfully to "C:\Users\Ally\Desktop\MBR.dat"
16:45:05.715 The log file has been saved successfully to "C:\Users\Ally\Desktop\aswMBR.txt"

Edited by Casper_aa, 02 January 2013 - 11:23 AM.

  • 0

#4
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OTL logfile created on: 02/01/2013 16:46:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ally\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 44.18% Memory free
8.22 Gb Paging File | 5.84 Gb Available in Paging File | 71.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Ally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ally\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\Drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\DRIVERS\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\DRIVERS\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\DRIVERS\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearsh...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E FB 37 FE E2 45 CB 01 [binary data]
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@BringMeSports_1c.com/Plugin: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ally\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_1c.com: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/23 18:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 18:12:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 18:12:20 | 000,000,000 | ---D | M]

[2010/08/25 16:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Extensions
[2010/08/25 16:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/11 18:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions
[2010/08/22 15:08:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/03 10:17:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/21 12:30:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/12/11 18:22:01 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/23 11:16:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/04/30 20:09:55 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2011/11/08 10:43:40 | 000,002,586 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\amazon-united-kingdom-search-suggestions.xml
[2010/08/24 10:58:52 | 000,004,569 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\dailymotion.xml
[2011/09/04 21:27:09 | 000,000,914 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\dictionarycom.xml
[2011/12/26 20:45:15 | 000,000,931 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\ebay-uk.xml
[2010/08/24 18:29:10 | 000,005,603 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\final-fantasy-wiki-en.xml
[2010/11/16 18:19:39 | 000,001,922 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\hmv-search.xml
[2011/02/11 20:51:19 | 000,001,959 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\lastfm.xml
[2010/09/15 10:26:26 | 000,002,282 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\left-4-dead-wiki-en.xml
[2010/09/08 13:03:46 | 000,006,285 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\mass-effect-wiki-en.xml
[2011/06/26 10:49:18 | 000,002,276 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\minecraft-wiki-en.xml
[2011/10/11 20:56:21 | 000,002,291 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\one-piece-encyclopedia-en.xml
[2012/02/07 22:29:17 | 000,002,282 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\stalker-wiki-en.xml
[2010/10/30 12:08:54 | 000,002,262 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\the-vault-en.xml
[2011/01/10 19:21:11 | 000,001,202 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\uespwiki-en.xml
[2010/12/05 17:04:22 | 000,000,659 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\ufopaedia-en.xml
[2010/08/25 17:41:06 | 000,002,006 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\urban-dictionary.xml
[2011/02/10 10:16:57 | 000,001,051 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\wikidsouls-en.xml
[2010/08/22 15:22:54 | 000,002,057 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\youtube-video-search.xml
[2012/12/05 18:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 18:12:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/05 18:12:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/05 18:12:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 14:01:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/19 16:18:10 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - Extension: avast! WebRep = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\

O1 HOSTS File: ([2012/11/28 13:00:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1577025235-2190829945-115672839-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01BB4992-AC35-4158-94A7-1E3E7DDF0B6F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ally\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ally\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/02 15:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/01/02 15:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/01/02 15:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/01/02 15:19:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ally\Desktop\OTL.exe
[2013/01/02 15:19:09 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Ally\Desktop\aswMBR.exe
[2013/01/02 15:18:38 | 000,865,272 | ---- | C] (Panda Security ) -- C:\Users\Ally\Desktop\USBVaccine.exe
[2012/12/31 23:06:05 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{0F3DD662-0C95-48F5-9ABE-2DE17658D43F}
[2012/12/27 16:04:37 | 000,000,000 | ---D | C] -- C:\Users\Ally\Documents\Amazon MP3
[2012/12/27 16:04:37 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\Amazon
[2012/12/27 16:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/12/27 16:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/12/25 22:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012/12/25 22:09:39 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\PunkBuster
[2012/12/25 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/12/22 15:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{8CFAAB66-2DB4-4B46-A0CA-03081B631708}
[2012/12/21 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{A49315D0-09AF-4162-A9C1-01CA5D35EE0D}
[2012/12/21 14:49:41 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 14:49:41 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 14:49:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 14:49:37 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/21 09:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2012/12/18 10:43:22 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{78002C75-565F-469F-8970-FF51B7C0B8F9}
[2012/12/17 18:50:51 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{584A475A-DBCF-4E23-BAF0-C582274423F2}
[2012/12/13 11:12:57 | 000,000,000 | ---D | C] -- C:\GOG.com
[2012/12/12 21:04:20 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\To the Moon - Freebird Games
[2012/12/12 20:08:49 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/12 20:08:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/12 20:08:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012/12/12 20:08:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/12 20:08:28 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/12 20:08:28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/12 20:08:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/12 20:07:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 20:07:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 20:07:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 20:07:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 20:07:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 20:07:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 20:07:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 20:07:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 20:07:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 20:07:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 20:07:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 20:07:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 20:07:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 20:07:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 20:07:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 11:46:10 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 11:45:47 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 11:45:47 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 11:45:47 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012/12/12 11:45:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012/12/12 11:45:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2012/12/05 18:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/02 16:45:05 | 000,000,512 | ---- | M] () -- C:\Users\Ally\Desktop\MBR.dat
[2013/01/02 16:44:37 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 16:44:37 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 16:33:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/02 16:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/02 15:33:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/02 15:24:50 | 000,756,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/02 15:24:50 | 000,645,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/02 15:24:50 | 000,123,360 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/02 15:20:07 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Ally\Desktop\aswMBR.exe
[2013/01/02 15:19:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ally\Desktop\OTL.exe
[2013/01/02 15:18:42 | 000,865,272 | ---- | M] (Panda Security ) -- C:\Users\Ally\Desktop\USBVaccine.exe
[2013/01/02 10:57:08 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/01/02 10:57:08 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/02 10:54:24 | 000,002,361 | ---- | M] () -- C:\Users\Ally\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2013/01/02 10:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/31 16:21:45 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/29 11:24:24 | 000,098,816 | ---- | M] () -- C:\Users\Ally\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/25 22:21:25 | 000,002,852 | ---- | M] () -- C:\Users\Ally\Desktop\InputUserActionMap.xml
[2012/12/25 21:48:53 | 000,206,917 | ---- | M] () -- C:\Users\Ally\bookmarks-2012-12-25
[2012/12/25 15:11:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/25 15:11:02 | 000,001,036 | ---- | M] () -- C:\Users\Ally\Desktop\Uplay.lnk
[2012/12/24 23:20:03 | 000,003,007 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/22 16:30:29 | 000,002,194 | ---- | M] () -- C:\Users\Ally\Documents\cc_20121222_163025.reg
[2012/12/21 14:52:44 | 000,276,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 14:07:24 | 000,002,948 | ---- | M] () -- C:\Users\Ally\Documents\cc_20121220_140715.reg
[2012/12/18 13:50:07 | 000,037,072 | ---- | M] () -- C:\Users\Ally\Documents\cc_20121218_134913.reg
[2012/12/17 20:10:23 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/12/17 20:04:38 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake American Nightmare.lnk
[2012/12/17 14:49:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/16 14:08:51 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Gemini Rue.lnk
[2012/12/16 13:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 13:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/16 11:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 10:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/12 12:15:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 12:15:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/02 15:40:19 | 000,000,512 | ---- | C] () -- C:\Users\Ally\Desktop\MBR.dat
[2012/12/28 21:38:25 | 000,002,852 | ---- | C] () -- C:\Users\Ally\Desktop\InputUserActionMap.xml
[2012/12/25 22:09:49 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/25 21:48:53 | 000,206,917 | ---- | C] () -- C:\Users\Ally\bookmarks-2012-12-25
[2012/12/25 15:11:14 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/25 15:11:14 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/25 15:11:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/25 15:11:02 | 000,001,036 | ---- | C] () -- C:\Users\Ally\Desktop\Uplay.lnk
[2012/12/24 23:20:03 | 000,003,007 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/22 16:30:27 | 000,002,194 | ---- | C] () -- C:\Users\Ally\Documents\cc_20121222_163025.reg
[2012/12/20 14:07:18 | 000,002,948 | ---- | C] () -- C:\Users\Ally\Documents\cc_20121220_140715.reg
[2012/12/18 13:49:15 | 000,037,072 | ---- | C] () -- C:\Users\Ally\Documents\cc_20121218_134913.reg
[2012/12/17 20:10:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/17 20:04:38 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake American Nightmare.lnk
[2012/12/16 14:08:51 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Gemini Rue.lnk
[2012/12/12 20:08:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 20:08:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/09/01 18:03:10 | 000,000,288 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/08/10 13:42:50 | 000,210,147 | ---- | C] () -- C:\Users\Ally\bookmarks-2012-08-10.json
[2012/05/10 19:01:49 | 000,173,608 | ---- | C] () -- C:\Users\Ally\bookmarks-2012-05-10.json
[2012/05/06 16:04:47 | 000,000,000 | ---- | C] () -- C:\Users\Ally\format
[2012/02/29 20:26:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble
[2012/02/29 20:26:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Comparison
[2012/02/29 20:26:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/02/29 20:26:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/02/29 20:26:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Textures
[2012/02/29 20:26:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Techno Kit
[2012/02/29 20:26:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Stingers
[2012/02/29 20:26:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/02/29 20:26:58 | 000,000,012 | RH-- | C] () -- C:\ProgramData\SystemConfiguration
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/11 19:39:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/31 19:01:12 | 000,742,694 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/05 20:45:25 | 000,000,370 | ---- | C] () -- C:\Users\Ally\Documents - Shortcut.lnk
[2011/08/02 09:13:15 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/06 20:54:40 | 000,000,680 | ---- | C] () -- C:\Users\Ally\AppData\Local\d3d9caps.dat
[2010/08/27 23:00:00 | 000,098,816 | ---- | C] () -- C:\Users\Ally\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 18:13:14 | 000,000,000 | ---- | C] () -- C:\Users\Ally\AppData\Local\prvlcl.dat
[2010/08/20 12:12:34 | 000,000,732 | ---- | C] () -- C:\Users\Ally\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 15:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 17:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 07:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 02:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#5
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OTL Extras logfile created on: 02/01/2013 16:46:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ally\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 44.18% Memory free
8.22 Gb Paging File | 5.84 Gb Available in Paging File | 71.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Ally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = C8 BF EF D1 89 40 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{281B9D4B-505B-4710-9220-C64C2B3BD255}" = lport=2869 | protocol=6 | dir=in | app=system |
"{64ABA5F4-4879-44A2-81CF-00CF5B46D817}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6EDBD400-09F2-4CB8-850D-0F8FB725CAA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DAE16F27-2C60-4A8B-AE7E-98A0F3BD2652}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04ABB297-F7CA-4C03-9EF3-D6201F7447FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{04BAD16A-AFCA-4FB8-93E5-17C91678C302}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\noitu love 2 devolution\config.exe |
"{063B518B-3374-462D-92B2-4C00FC7452E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed corp\game.exe |
"{08C6A0E9-73A1-464E-91CD-0614644312EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{0BBE1904-2240-4C1F-B65F-D1C415F895A9}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{0C1E7BDF-D4B5-4C15-9CB2-F5B84AF7CF96}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0F432B07-9628-457C-9F13-77C584124621}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{1133EE6E-A0BC-414F-8C15-ADC38B46CD55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{1388AE93-D7B4-4231-98F4-1AF840E73BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{1D7F807A-CB71-4843-B53B-1EA717CC521C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{1EC03AAC-778E-41FF-B4D1-14DC8F9BD76C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{24A58122-542C-43DD-891F-2BEE1F9BECB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{26555F4D-576D-451D-8C23-D71023137E03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{26A876B8-6441-4510-805E-FECF88238BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\noitu love 2 devolution\nl2.exe |
"{2AAACBB6-FF1F-4282-A193-EAEDC36506FE}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{2BC4CC02-C916-4FC3-A2FD-B63107BC8CDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{2C378DC9-F90B-491B-ADE1-039E00EB4BA9}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011\fm.exe |
"{2D4AD4AF-4F55-4A64-9F37-0E2C98FA5E9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{2D7A7D32-BC71-460A-8450-17034E11720F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{2E75BA9D-D8CC-456F-81CA-D9588A277332}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{2F5277C1-A075-4821-B365-C03144424624}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{315EF79C-5208-4479-8DEE-4D70ADED61A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{32DBF966-ED50-405E-9B53-9816ED8AE21A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{36ED9C10-477C-4BC8-B7CC-C32E0B7C7C83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{3894126A-BE9F-442C-B1F1-65A362B911CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{391A12E0-9153-47F1-A183-3803C827984D}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{398F38C6-0800-467F-AF20-CF2C082AB058}" = protocol=17 | dir=in | app=c:\users\mike.home-pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{3B4A72A9-6AEB-451D-9A6D-D4D917F34A32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{3C2692C0-A0AD-454E-A238-A1B79710C4DD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{3D7E58D5-8ED0-4308-831B-E781C5E4D395}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen deathkings of the dark citadel\hexendk.bat |
"{3FA4CA9F-8D6F-43B1-A31B-ECE15B7D071E}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{42EB8A1B-02FF-41B3-B079-9F7B18BA4771}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{431B25BE-D636-4722-ACC9-BE0890E8967A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{4665B744-65CF-4010-BADD-5C481751C7F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ball demo\binaries\win32\theball.exe |
"{4BCECBA6-339D-4C57-A5ED-E7C8613C2ADC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2011\fm.exe |
"{4D618C0A-7C94-4731-B610-C29B2FE71089}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom apocalypse\dosbox.exe |
"{4E651C82-36D6-41C4-BEE7-94CC3F59F41E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2011\fm.exe |
"{52A3A52A-D1F5-470D-B6B2-FF193E95CD53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\reckoning.bat |
"{5328BC9C-5C44-404B-B445-39DACFF71999}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heretic shadow of the serpent riders\heretic.bat |
"{53397677-414B-465E-B4A6-B5D0BB869E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{575EBA3A-18EE-4701-BA8E-53118EC949D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{57A89438-6357-48F6-A4B6-922BF1EA9027}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{592F7089-71B0-479F-B033-990A45907CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hoard\win32\reuben.exe |
"{599D6AB2-B843-4C4B-BA24-E8C10477DC72}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{660962AA-FD3F-4677-8D87-9D8DFE475C11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom apocalypse\dosbox.exe |
"{668D8DE2-F3C9-450D-925E-D0BD11432AC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{6BC888AA-FB4E-443D-8E79-5BEDC0DF9191}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{719081B9-150C-4A5C-A4E4-645EAF2BDE63}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011\fm.exe |
"{7200DDEB-7AA9-4225-A933-8229308C4447}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{73B46923-BB5C-437E-B6CA-823643A7F7EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{77A2EF4C-A373-4062-8082-E894FDE3915E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{7ABC1A74-7436-45B3-A66E-953CC41095FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7F1D233F-3A5A-4592-B9B4-5CE31C82B289}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{7F3E1C6D-F242-4CA5-88D8-1432DA7CA2B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{7F94A452-986C-4BF5-9D0D-920EF49ABE98}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{82516BE9-AB18-4E1C-88D5-59BAB5674EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{83700B84-B07E-4DE5-B557-D5188BE11272}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen\hexen.bat |
"{86B77449-836C-4038-8C1E-E0AB7A37B695}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate of the world\bin\fotw.exe |
"{8835A9B6-B53F-4706-A29A-9603CB44099A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{8A021C67-987F-4792-BC4B-290043F89C29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{8DAD28A2-B134-4233-A8EF-29E2F3AF2DA8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\ground_zero.bat |
"{8E1B9095-23F6-4D7A-9FA6-91D4A22EB9A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\noitu love 2 devolution\nl2.exe |
"{8E91F0B8-A8A2-4C7E-A3BA-7E6BA15B620E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ball demo\binaries\win32\theball.exe |
"{8F0E0C20-01A4-4FAC-8DF7-E484150FDC54}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{8F2F841A-C6D5-4E9A-B9F5-C55D9DF3211D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{93843144-CD4E-4B88-BD44-04A8712080A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{957D6F58-C7D8-4ADA-9E0D-8539081CAA63}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{979FEAF4-FF3C-4488-A6ED-31268B7318E1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{97DE426A-35C1-40E0-AD3A-697FA880DCC7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{990CE9FE-1AFB-4664-A888-41BA3B7B714B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{994E8ED1-05B3-46F8-A92F-2EF2E887C8F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jambojames\source sdk base 2007\hl2.exe |
"{99BDF507-B142-42A1-96FF-FEE0A4A33EFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{9A413DE3-EEA4-4AEB-AE5D-EE1947938584}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\noitu love 2 devolution\config.exe |
"{9B6F5946-5148-4707-B0BA-84310EE65B3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fate of the world\bin\fotw.exe |
"{9EDAA4AC-2E0F-465E-945E-DA48FE327DAA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{9F70740F-11ED-4EF8-A9B3-1463497D50A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{9F89F743-E1A1-4A41-B1FB-FBC08143E63A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{A1BE7A8F-77A4-4210-AE6E-A20527012435}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thepolynomial\polynomial.exe |
"{A27BE780-4432-44D6-9ACA-1B54F213527D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thepolynomial\polynomial.exe |
"{A4135DF0-6E4A-4EF5-8044-C735176AE0C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{A4B14DCA-1F8B-4E57-9DEC-04CF01509F35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{A50F5A08-179F-4DA5-961D-5A9C98ACC8E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{A5CB40C1-550F-40F4-9AD4-3EB4F1DF03AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen deathkings of the dark citadel\hexendk.bat |
"{A9F35DDC-F166-4BFD-BAB2-B04BE662BCBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{ADE35637-8EEB-4DAB-84D0-B7C4AA0A7F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen\hexen.bat |
"{B64BCD8D-3AE1-4FEB-9B14-99AC2E483934}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{B72210D8-700C-43F8-8C2F-9DFEB367301D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{B7A3A609-2145-4689-B545-0BE31F34BC64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heretic shadow of the serpent riders\heretic.bat |
"{BB076FD8-A4A0-4B06-B67F-1E9D6766064D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{BBEBAC58-93E6-421A-9352-3430FE34ADC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hoard\win32\reuben.exe |
"{BDBBBDB0-9607-487F-93E7-3E54B379E6C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{C0842505-722A-4A3F-9EF4-1A57B40957D7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C46DA4A0-A109-44DE-9584-48F7099EAEFA}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{C718777F-1B60-4AE3-B14E-1AA4EA04F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{C85B8A7A-1476-43D6-B3E3-2A60E9CA0FC3}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{CA258F74-26EB-406E-B64A-A56560EEAF92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{CB2B503A-806A-4DD2-AFC4-DFF86C427C57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{CE3BF869-4C72-4CE9-87F2-91051F978627}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{CFAFC12C-A603-494E-A77D-58DA8FD2497B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{D551F019-E088-479F-90E0-7391C8C58906}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\ground_zero.bat |
"{D5937C2D-BE79-460D-A08C-259B6C54CC70}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D5D129B1-0781-47A4-81A7-2A7C9A8B6558}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{D690C9E5-9A30-4A5F-A919-BF77CF55063F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{D8EA30EF-6535-4F9D-B8C2-20838A68AD70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{DA74944D-854C-465F-94F2-FD3DD4B1D1CE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{E1A18234-A0F0-4F1F-AED8-D4D979A697B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E762BB81-6FA4-45F5-AA4F-08F3B5274D41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{E892985B-013C-4A7E-99AE-1AF1B7D13D9F}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{EBF575D0-97E7-484C-ABD3-D219265336C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EC370722-8E4A-42F8-B601-A484395ED4F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jambojames\source sdk base 2007\hl2.exe |
"{EE0387E5-FE11-46CB-B578-B27A359B4AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\reckoning.bat |
"{EF976BB3-C472-4532-9D18-2A09FBBD1F86}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{F16A02C9-3F62-4B59-84A2-1499FB05B0A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{F17D41C2-7D62-442D-A15F-46FC65AD9540}" = protocol=6 | dir=in | app=c:\users\mike.home-pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{F43CE673-50C6-4FF2-8B1D-2F97664DF063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed corp\game.exe |
"{F56257B5-B72B-4F48-B853-4822FCF36DFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{F77F7523-A346-4477-B173-BF48CAE9856A}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{FDE76A54-69B4-48D4-ABCB-9064CA5F0369}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{FE28FECB-7ADC-4C06-8DF2-E29B92439179}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{FFF13D84-E084-4ED3-A155-8F0D87398CB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"TCP Query User{06D0BD84-9B9F-4269-99EC-D9223482E2AB}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"TCP Query User{0DB0A940-47E1-41BB-A25D-B9412EBC7131}C:\program files (x86)\gog.com\unreal gold\system\unreal.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\unreal gold\system\unreal.exe |
"TCP Query User{0E1C7C92-09D7-4D82-8C71-640A902FED65}C:\program files (x86)\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mohaa\mohaa.exe |
"TCP Query User{1A52F478-14A9-439B-8064-1BA30C3420FA}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"TCP Query User{1ACEA762-0A2F-4868-B022-195F30AE4AA9}C:\users\mike.home-pc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mike.home-pc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2B643674-21D0-478D-AF34-AC355B29BB0A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{30262D48-49F7-4154-AB0B-D6A205985899}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{3175F76F-CC27-472D-9E39-4E5BB5265CC2}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{35A86858-ED96-4A06-87ED-B71261FA98A6}C:\users\ally\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\ally\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{3C8AC3A4-F8AE-4C4C-8A6F-2FE5B44C03C0}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{59ED06CE-AD57-40B7-9703-BB75342B0C94}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{6B2458EB-CF01-41E7-808D-A66446216E01}D:\eden.exe" = protocol=6 | dir=in | app=d:\eden.exe |
"TCP Query User{7F0EA1E9-6759-490B-ABCB-3F484F2E3D2F}C:\team17\worms armageddon\wa.exe" = protocol=6 | dir=in | app=c:\team17\worms armageddon\wa.exe |
"TCP Query User{856B9E8A-D4FB-4781-9EDF-83F2DBA6F2DB}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{85B5569F-0BBB-4D63-8936-8ACD5A463D12}C:\program files (x86)\ea games\american mcgee's alice\alice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\american mcgee's alice\alice.exe |
"TCP Query User{87626A7C-3492-4237-9213-5A1DADECFED8}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{92E1AE57-3ECA-4F59-9CF3-53E253E2FB20}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{A8F76545-8B4B-4999-9183-30654BC49382}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{AC92CF49-BEE4-4858-B874-B48A9FE174E3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B2361021-2F3B-440F-BC9F-40C79E2506CB}C:\program files (x86)\ea games\medal of honor pacific assault™ demo\mohpa_demo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\medal of honor pacific assault™ demo\mohpa_demo.exe |
"TCP Query User{B4EC1B42-3C29-4A42-8350-72B1E600D929}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{B8123D02-99A2-42D3-A4D5-048040D5CFDF}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{BA674C26-CCEE-42E0-A177-EF601EF16C49}C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mohaa\moh_breakthrough.exe |
"TCP Query User{BD790BEC-C8B2-4432-97B3-6E8EC25FFD4D}C:\gog games\evolva\evolva.exe" = protocol=6 | dir=in | app=c:\gog games\evolva\evolva.exe |
"TCP Query User{BE224B59-B791-4CFE-AFB9-45877CF3EE2B}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{BEEBE1DE-64BC-4ED5-B466-97D37A6DBB26}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"TCP Query User{CBB736EA-3D0A-4FBC-BA7E-3213506C5ADD}C:\users\ally\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ally\appdata\roaming\spotify\spotify.exe |
"TCP Query User{DBBF6FD5-2403-42C6-90DB-CD9EAB379625}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{DC17D14B-42AE-421A-A751-2194D0FBC34C}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{DC93B1A7-EC11-48E5-9C11-73B872FA90BD}C:\program files (x86)\steam\steamapps\jambojames\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jambojames\team fortress 2\hl2.exe |
"TCP Query User{EF4C83BE-3047-4142-A468-78A5E7EFCCC4}C:\program files (x86)\ea games\mohaa\moh_spearhead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mohaa\moh_spearhead.exe |
"TCP Query User{FDA194E1-1205-483F-81C2-15467069DA09}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{015824BD-DA20-47E8-A560-2411B4B07DD2}C:\program files (x86)\ea games\mohaa\moh_spearhead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mohaa\moh_spearhead.exe |
"UDP Query User{01AA9859-70AF-43B4-A966-AE8CB326A503}C:\program files (x86)\ea games\american mcgee's alice\alice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\american mcgee's alice\alice.exe |
"UDP Query User{0C2ED6BE-44AF-41DB-9CF7-45BF67D47EDD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{0FE0B896-05BA-4ED4-93D9-7F8C30563A9B}C:\program files (x86)\gog.com\unreal gold\system\unreal.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\unreal gold\system\unreal.exe |
"UDP Query User{1471F76D-7CB0-4852-88A6-6F64633D93EE}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{1809400C-DD05-46B3-B64E-658E35E2EA71}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{1A927AA6-C6E2-4214-927E-9A46E07FE0B4}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{1EE19B8D-FBF8-4D10-A394-4ED373ED23C6}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{277DE1A9-4100-4BCF-973A-09EEB156D132}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{291B5ACB-6F9F-41D0-8AFB-27BE4615D782}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{2E445C42-36EC-4215-9B45-33EFFDCFB757}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"UDP Query User{38BA6775-F26C-4109-865F-B51C3548543F}C:\users\ally\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\ally\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{3E985343-C124-49A8-8DBB-A72EBE50EC8E}D:\eden.exe" = protocol=17 | dir=in | app=d:\eden.exe |
"UDP Query User{3ECDE40A-944B-49E3-8182-5F8A26B5F55B}C:\users\ally\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ally\appdata\roaming\spotify\spotify.exe |
"UDP Query User{65D5CD7A-5AA1-48C3-9F9B-9651FB56B414}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6B176150-4028-40CE-A93E-5D0CC6AEEC09}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{78692C99-6F27-486F-82DE-A48EBC46F658}C:\program files (x86)\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mohaa\mohaa.exe |
"UDP Query User{7EDF83A8-3E52-4904-9200-000FF8393FFB}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{8E1F7C1D-98DF-464B-BF8E-EA303D387BEB}C:\program files (x86)\ea games\medal of honor pacific assault™ demo\mohpa_demo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\medal of honor pacific assault™ demo\mohpa_demo.exe |
"UDP Query User{97186862-C1BB-4E02-A42E-7E44BAE001FB}C:\team17\worms armageddon\wa.exe" = protocol=17 | dir=in | app=c:\team17\worms armageddon\wa.exe |
"UDP Query User{9BC2118A-E936-4DBD-923D-808EA97B3C55}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{9EC5AE55-2556-40FA-B34A-5897741B8BA6}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{A9A1892F-49FF-40AF-B264-0843D823D5BE}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{AEDE33AA-361A-439A-8257-B0B15050C96C}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{BA6DA32C-3D4D-4E16-9BEF-3CE6692AA9CF}C:\program files (x86)\steam\steamapps\jambojames\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jambojames\team fortress 2\hl2.exe |
"UDP Query User{C283FAE1-9227-487E-84D4-62C4272FD67F}C:\users\mike.home-pc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mike.home-pc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{CB966153-DD59-4CA2-B655-0D05A64F7384}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{CCAEC4F2-1EC9-4A18-B902-ACF785489C62}C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mohaa\moh_breakthrough.exe |
"UDP Query User{CEF023F2-8E4C-45DF-8CB0-FA513A5B1226}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{D3D8E2F0-9C39-42AA-AC58-2221E40BD6C5}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{F134FE01-4EBB-4BB5-B0C3-852361727A38}C:\gog games\evolva\evolva.exe" = protocol=17 | dir=in | app=c:\gog games\evolva\evolva.exe |
"UDP Query User{F90268C8-ACDB-4B1D-9AEB-611F6C0F9875}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{146EF662-0071-4EF5-A1FC-3143C56B7FF1}" = Sid Meier's Civilization Chronicles
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = Video Grabber Device Driver
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = Catalyst Control Center
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{40CB0D72-3B19-9BFE-F1B9-896BC4022145}" = HydraVision
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{45184324-E8A6-4C38-B020-85D359EDF9FC}" = COWON J3 User's Guide
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.16
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A6113AD1-8DB3-490D-8872-667759A396B4}" = UT3_Model_Skaarj_VERSION1.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}" = UT3 Domination (CBP Edition)
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alan Wake American Nightmare_is1" = Alan Wake American Nightmare
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Call of Pripyat Complete_is1" = Call of Pripyat Complete v1.0.2
"Canon MP190 series User Registration" = Canon MP190 series User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Civilization V" = Sid Meier's Civilization V
"Desperados Wanted Dead or Alive_is1" = Desperados Wanted Dead or Alive
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Football Manager 2011" = Football Manager 2011
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Gemini Rue_is1" = Gemini Rue
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"NSIS" = Nullsoft Install System
"OpenAL" = OpenAL
"Origin" = Origin
"Outcast_is1" = Outcast
"PunkBusterSvc" = PunkBuster Services
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"RollerCoaster Tycoon Setup" = Roll
"ST5UNST #1" = Visual Basic 5.0
"Steam App 107100" = Bastion
"Steam App 113200" = The Binding Of Isaac
"Steam App 1250" = Killing Floor
"Steam App 200900" = Cave Story+
"Steam App 207530" = Noitu Love 2 Devolution
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 218" = Source SDK Base 2007
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 22380" = Fallout: New Vegas
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 34220" = Football Manager 2011
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 440" = Team Fortress 2
"Steam App 48950" = Greed Corp
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 67000" = The Polynomial
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 7760" = X-COM: UFO Defense
"Steam App 80200" = Fate of the World
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91200" = Anomaly Warzone Earth
"Steam App 93200" = Revenge of the Titans
"Uninstall_is1" = Uninstall 1.0.0.1
"UnrealTournament" = Unreal Tournament
"Uplay" = Uplay
"UT2004" = Unreal Tournament 2004
"UT3 CBP3 Vol 2" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 2
"UT3 HOLP2" = Unreal Tournament 3 - HOLP2
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"Worms Armageddon" = Worms Armageddon
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"UnityWebPlayer" = Unity Web Player
"UT3 CBP3 Vol 3" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3
"UT3 HOLP2" = Unreal Tournament 3 - HOLP2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/12/2011 06:03:13 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/12/2011 15:29:09 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

Error - 20/12/2011 15:56:28 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

Error - 20/12/2011 16:14:05 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

Error - 21/12/2011 06:21:04 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/12/2011 06:40:35 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 21/12/2011 06:40:36 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 21/12/2011 13:02:58 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

Error - 21/12/2011 16:02:28 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

Error - 21/12/2011 16:04:47 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 30/12/2012 11:58:24 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 31/12/2012 06:54:22 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 31/12/2012 06:54:22 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 01/01/2013 06:18:57 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 01/01/2013 06:20:21 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 01/01/2013 06:20:21 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/01/2013 06:35:36 | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 01/01/2013 14:35:19 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 02/01/2013 06:46:04 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 02/01/2013 06:52:31 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

aswMBR didn't ask about the avast!

Strange, just double checked myself and it did...ah well not a problem in the great scheme of things anyway as it will have only scanned with the same detection database used by your presently installed Anti-Virus etc.

I haven't noticed any difference but there wasn't anything abnormal going on anyway.

OK though this is of concern:-

Drive C: | 931.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

I am surprised the machine is able to boot up at all, though I suspect this is probably due to malware. Though entirely feasible merely full and or the Vista shadow service has taken up so much for example.

So before manually freeing up some Hard-Drive free space carry out the following please...

Download unhide to the desktop.

  • Right-click on unhide.exe and select select Run as Administrator.
  • A command window will open whilst the application is processing.
  • Click on OK at the prompt >> the application will now close >> reboot your machine.
  • There will now be a log on the desktop named unhide.txt, post the contents of this in your next reply.
PunkBuster Advice:

There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

  • Right-click on pbsvc.exe and select select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.
Re-scan with OTL:

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, post the contents of the new OTL log in your next reply.

  • 0

#7
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Odd that it said my harddrive was full, I haven't even used up 50% of it's space.

Punkbuster was installed along with a game recently and I wasn't originally planning on removing it until the game was finished in case it messed with it somehow. I have done what you asked however.

Here are the logs:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html

Program started at: 01/03/2013 11:09:03 AM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 352122 files processed.

The C:\Users\Ally\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingc...opic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 01/03/2013 11:21:24 AM
Execution time: 0 hours(s), 12 minute(s), and 21 seconds(s)
  • 0

#8
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OTL logfile created on: 03/01/2013 11:32:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ally\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.87% Memory free
8.17 Gb Paging File | 6.62 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 488.62 Gb Free Space | 52.45% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Ally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ally\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\Drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\DRIVERS\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\DRIVERS\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\DRIVERS\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearsh...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E FB 37 FE E2 45 CB 01 [binary data]
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube Video Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@BringMeSports_1c.com/Plugin: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ally\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_1c.com: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/23 18:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 18:12:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 18:12:20 | 000,000,000 | ---D | M]

[2010/08/25 16:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Extensions
[2010/08/25 16:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/11 18:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions
[2010/08/22 15:08:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/03 10:17:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/21 12:30:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/12/11 18:22:01 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/23 11:16:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/04/30 20:09:55 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2011/11/08 10:43:40 | 000,002,586 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\amazon-united-kingdom-search-suggestions.xml
[2010/08/24 10:58:52 | 000,004,569 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\dailymotion.xml
[2011/09/04 21:27:09 | 000,000,914 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\dictionarycom.xml
[2011/12/26 20:45:15 | 000,000,931 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\ebay-uk.xml
[2010/08/24 18:29:10 | 000,005,603 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\final-fantasy-wiki-en.xml
[2010/11/16 18:19:39 | 000,001,922 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\hmv-search.xml
[2011/02/11 20:51:19 | 000,001,959 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\lastfm.xml
[2010/09/15 10:26:26 | 000,002,282 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\left-4-dead-wiki-en.xml
[2010/09/08 13:03:46 | 000,006,285 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\mass-effect-wiki-en.xml
[2011/06/26 10:49:18 | 000,002,276 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\minecraft-wiki-en.xml
[2011/10/11 20:56:21 | 000,002,291 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\one-piece-encyclopedia-en.xml
[2012/02/07 22:29:17 | 000,002,282 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\stalker-wiki-en.xml
[2010/10/30 12:08:54 | 000,002,262 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\the-vault-en.xml
[2011/01/10 19:21:11 | 000,001,202 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\uespwiki-en.xml
[2010/12/05 17:04:22 | 000,000,659 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\ufopaedia-en.xml
[2010/08/25 17:41:06 | 000,002,006 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\urban-dictionary.xml
[2011/02/10 10:16:57 | 000,001,051 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\wikidsouls-en.xml
[2010/08/22 15:22:54 | 000,002,057 | ---- | M] () -- C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\searchplugins\youtube-video-search.xml
[2012/12/05 18:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 18:12:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/05 18:12:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/05 18:12:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 14:01:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/19 16:18:10 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - Extension: avast! WebRep = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\

O1 HOSTS File: ([2012/11/28 13:00:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1577025235-2190829945-115672839-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ally\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01BB4992-AC35-4158-94A7-1E3E7DDF0B6F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ally\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ally\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/03 11:07:44 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ally\Desktop\unhide.exe
[2013/01/02 15:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/01/02 15:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/01/02 15:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/01/02 15:19:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ally\Desktop\OTL.exe
[2013/01/02 15:19:09 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Ally\Desktop\aswMBR.exe
[2013/01/02 15:18:38 | 000,865,272 | ---- | C] (Panda Security ) -- C:\Users\Ally\Desktop\USBVaccine.exe
[2012/12/31 23:06:05 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{0F3DD662-0C95-48F5-9ABE-2DE17658D43F}
[2012/12/27 16:04:37 | 000,000,000 | ---D | C] -- C:\Users\Ally\Documents\Amazon MP3
[2012/12/27 16:04:37 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\Amazon
[2012/12/27 16:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/12/27 16:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/12/25 22:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012/12/25 22:09:39 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\PunkBuster
[2012/12/25 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/12/22 15:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{8CFAAB66-2DB4-4B46-A0CA-03081B631708}
[2012/12/21 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{A49315D0-09AF-4162-A9C1-01CA5D35EE0D}
[2012/12/21 14:49:41 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 14:49:41 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 14:49:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 14:49:37 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/21 09:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2012/12/18 10:43:22 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{78002C75-565F-469F-8970-FF51B7C0B8F9}
[2012/12/17 18:50:51 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{584A475A-DBCF-4E23-BAF0-C582274423F2}
[2012/12/13 11:12:57 | 000,000,000 | ---D | C] -- C:\GOG.com
[2012/12/12 21:04:20 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Roaming\To the Moon - Freebird Games
[2012/12/12 20:08:49 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/12 20:08:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/12 20:08:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012/12/12 20:08:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/12 20:08:28 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/12 20:08:28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/12 20:08:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/12 20:07:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 20:07:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 20:07:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 20:07:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 20:07:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 20:07:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 20:07:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 20:07:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 20:07:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 20:07:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 20:07:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 20:07:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 20:07:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 20:07:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 20:07:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 11:46:10 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 11:45:47 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 11:45:47 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 11:45:47 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012/12/12 11:45:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012/12/12 11:45:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2012/12/05 18:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/03 11:33:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 11:29:30 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/03 11:29:21 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 11:29:20 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 11:29:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/03 11:17:17 | 000,840,264 | ---- | M] () -- C:\Users\Ally\Desktop\pbsvc.exe
[2013/01/03 11:15:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/03 11:07:47 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ally\Desktop\unhide.exe
[2013/01/02 22:31:51 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/01/02 18:28:05 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/01/02 16:45:05 | 000,000,512 | ---- | M] () -- C:\Users\Ally\Desktop\MBR.dat
[2013/01/02 15:24:50 | 000,756,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/02 15:24:50 | 000,645,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/02 15:24:50 | 000,123,360 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/02 15:20:07 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Ally\Desktop\aswMBR.exe
[2013/01/02 15:19:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ally\Desktop\OTL.exe
[2013/01/02 15:18:42 | 000,865,272 | ---- | M] (Panda Security ) -- C:\Users\Ally\Desktop\USBVaccine.exe
[2013/01/02 10:54:24 | 000,002,361 | ---- | M] () -- C:\Users\Ally\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2012/12/29 11:24:24 | 000,098,816 | ---- | M] () -- C:\Users\Ally\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/25 22:21:25 | 000,002,852 | ---- | M] () -- C:\Users\Ally\Desktop\InputUserActionMap.xml
[2012/12/25 21:48:53 | 000,206,917 | ---- | M] () -- C:\Users\Ally\bookmarks-2012-12-25
[2012/12/25 15:11:02 | 000,001,036 | ---- | M] () -- C:\Users\Ally\Desktop\Uplay.lnk
[2012/12/24 23:20:03 | 000,003,007 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/22 16:30:29 | 000,002,194 | ---- | M] () -- C:\Users\Ally\Documents\cc_20121222_163025.reg
[2012/12/21 14:52:44 | 000,276,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 14:07:24 | 000,002,948 | ---- | M] () -- C:\Users\Ally\Documents\cc_20121220_140715.reg
[2012/12/18 13:50:07 | 000,037,072 | ---- | M] () -- C:\Users\Ally\Documents\cc_20121218_134913.reg
[2012/12/17 20:10:23 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/12/17 20:04:38 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake American Nightmare.lnk
[2012/12/17 14:49:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/16 14:08:51 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Gemini Rue.lnk
[2012/12/16 13:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 13:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/16 11:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 10:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/12 12:15:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 12:15:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/03 11:17:13 | 000,840,264 | ---- | C] () -- C:\Users\Ally\Desktop\pbsvc.exe
[2013/01/02 15:40:19 | 000,000,512 | ---- | C] () -- C:\Users\Ally\Desktop\MBR.dat
[2012/12/28 21:38:25 | 000,002,852 | ---- | C] () -- C:\Users\Ally\Desktop\InputUserActionMap.xml
[2012/12/25 22:09:49 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/25 21:48:53 | 000,206,917 | ---- | C] () -- C:\Users\Ally\bookmarks-2012-12-25
[2012/12/25 15:11:14 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/25 15:11:02 | 000,001,036 | ---- | C] () -- C:\Users\Ally\Desktop\Uplay.lnk
[2012/12/24 23:20:03 | 000,003,007 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/22 16:30:27 | 000,002,194 | ---- | C] () -- C:\Users\Ally\Documents\cc_20121222_163025.reg
[2012/12/20 14:07:18 | 000,002,948 | ---- | C] () -- C:\Users\Ally\Documents\cc_20121220_140715.reg
[2012/12/18 13:49:15 | 000,037,072 | ---- | C] () -- C:\Users\Ally\Documents\cc_20121218_134913.reg
[2012/12/17 20:10:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/17 20:04:38 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake American Nightmare.lnk
[2012/12/16 14:08:51 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Gemini Rue.lnk
[2012/12/12 20:08:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 20:08:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/09/01 18:03:10 | 000,000,288 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/08/10 13:42:50 | 000,210,147 | ---- | C] () -- C:\Users\Ally\bookmarks-2012-08-10.json
[2012/05/10 19:01:49 | 000,173,608 | ---- | C] () -- C:\Users\Ally\bookmarks-2012-05-10.json
[2012/05/06 16:04:47 | 000,000,000 | ---- | C] () -- C:\Users\Ally\format
[2012/02/29 20:26:59 | 000,000,268 | R--- | C] () -- C:\ProgramData\String Ensemble
[2012/02/29 20:26:59 | 000,000,268 | R--- | C] () -- C:\ProgramData\String Comparison
[2012/02/29 20:26:59 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/02/29 20:26:59 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/02/29 20:26:59 | 000,000,012 | R--- | C] () -- C:\ProgramData\Textures
[2012/02/29 20:26:59 | 000,000,012 | R--- | C] () -- C:\ProgramData\Techno Kit
[2012/02/29 20:26:58 | 000,000,268 | R--- | C] () -- C:\ProgramData\Stingers
[2012/02/29 20:26:58 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/02/29 20:26:58 | 000,000,012 | R--- | C] () -- C:\ProgramData\SystemConfiguration
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/11 19:39:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/31 19:01:12 | 000,742,694 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/05 20:45:25 | 000,000,370 | ---- | C] () -- C:\Users\Ally\Documents - Shortcut.lnk
[2011/08/02 09:13:15 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/06 20:54:40 | 000,000,680 | ---- | C] () -- C:\Users\Ally\AppData\Local\d3d9caps.dat
[2010/08/27 23:00:00 | 000,098,816 | ---- | C] () -- C:\Users\Ally\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 18:13:14 | 000,000,000 | ---- | C] () -- C:\Users\Ally\AppData\Local\prvlcl.dat
[2010/08/20 12:12:34 | 000,000,732 | ---- | C] () -- C:\Users\Ally\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 15:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 17:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 07:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 02:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#9
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Odd that it said my harddrive was full, I haven't even used up 50% of it's space.

It now appears this had been as a result of the infection you mentioned in your first post, though unhide has taken care of that now:-

Drive C: | 931.51 Gb Total Space | 488.62 Gb Free Space | 52.45% Space Free | Partition Type: NTFS

Next:

Punkbuster was installed along with a game recently and I wasn't originally planning on removing it until the game was finished in case it messed with it somehow. I have done what you asked however.

Fair play, as I mentioned prior use the removal tool to re-install again when I give the all clear if you so wish and that should not affect your game if you leave of playing it until the malware removal process is complete etc.

Next:

I see you have HiJackThis installed, it is not compatible with a 64 Bit Operating System so might as well uninstall that unless you have recently used it that is. If the latter please inform me in your next reply. Also it appears you have recently used the Registry - Scan for Issues option with CCleaner, my friendly advice is do not use it. As such registry optimizing tools(features) rarely do any good and have the potential to create more problems rather than improve anything.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearsh...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1577025235-2190829945-115672839-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2012/12/31 23:06:05 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{0F3DD662-0C95-48F5-9ABE-2DE17658D43F}
[2012/12/25 22:09:39 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\PunkBuster
[2012/12/22 15:33:53 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{8CFAAB66-2DB4-4B46-A0CA-03081B631708}
[2012/12/21 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{A49315D0-09AF-4162-A9C1-01CA5D35EE0D}
[2012/12/18 10:43:22 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{78002C75-565F-469F-8970-FF51B7C0B8F9}
[2012/12/17 18:50:51 | 000,000,000 | ---D | C] -- C:\Users\Ally\AppData\Local\{584A475A-DBCF-4E23-BAF0-C582274423F2}
[2013/01/02 22:31:51 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/01/02 18:28:05 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/24 23:20:03 | 000,003,007 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2010/08/20 18:13:14 | 000,000,000 | ---- | C] () -- C:\Users\Ally\AppData\Local\prvlcl.dat

:files
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator. Also your current version is 1.65.1.1000, so during the update process you should be prompted to install version 1.70.0.1100.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#10
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Fair play, as I mentioned prior use the removal tool to re-install again when I give the all clear if you so wish and that should not affect your game if you leave of playing it until the malware removal process is complete etc.


Makes sense. :)

I see you have HiJackThis installed, it is not compatible with a 64 Bit Operating System so might as well uninstall that unless you have recently used it that is. If the latter please inform me in your next reply.


I recently used it in this thread:
http://www.geekstogo...82#entry2232082

Also it appears you have recently used the Registry - Scan for Issues option with CCleaner, my friendly advice is do not use it. As such registry optimizing tools(features) rarely do any good and have the potential to create more problems rather than improve anything.


I shall refrain from using it in the future then.

Everything seems to be running fine at the moment. Here are the logs:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1577025235-2190829945-115672839-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Users\Ally\AppData\Local\{0F3DD662-0C95-48F5-9ABE-2DE17658D43F} folder moved successfully.
C:\Users\Ally\AppData\Local\PunkBuster\FC3\pb\svss folder moved successfully.
C:\Users\Ally\AppData\Local\PunkBuster\FC3\pb\svlogs folder moved successfully.
C:\Users\Ally\AppData\Local\PunkBuster\FC3\pb\scrnshot folder moved successfully.
C:\Users\Ally\AppData\Local\PunkBuster\FC3\pb\htm folder moved successfully.
C:\Users\Ally\AppData\Local\PunkBuster\FC3\pb\dll folder moved successfully.
C:\Users\Ally\AppData\Local\PunkBuster\FC3\pb folder moved successfully.
C:\Users\Ally\AppData\Local\PunkBuster\FC3 folder moved successfully.
C:\Users\Ally\AppData\Local\PunkBuster folder moved successfully.
C:\Users\Ally\AppData\Local\{8CFAAB66-2DB4-4B46-A0CA-03081B631708} folder moved successfully.
C:\Users\Ally\AppData\Local\{A49315D0-09AF-4162-A9C1-01CA5D35EE0D} folder moved successfully.
C:\Users\Ally\AppData\Local\{78002C75-565F-469F-8970-FF51B7C0B8F9} folder moved successfully.
C:\Users\Ally\AppData\Local\{584A475A-DBCF-4E23-BAF0-C582274423F2} folder moved successfully.
C:\Windows\SysWOW64\PnkBstrB.xtr moved successfully.
C:\Windows\SysWOW64\PnkBstrB.ex0 moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Users\Ally\AppData\Local\prvlcl.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ally\Desktop\cmd.bat deleted successfully.
C:\Users\Ally\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Ally\Desktop\cmd.bat deleted successfully.
C:\Users\Ally\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Ally\Desktop\cmd.bat deleted successfully.
C:\Users\Ally\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ally
->Temp folder emptied: 47637183 bytes
->Temporary Internet Files folder emptied: 875450 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 110485437 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 73937 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gina
->Temp folder emptied: 47850 bytes
->Temporary Internet Files folder emptied: 50341867 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 136814401 bytes
->Flash cache emptied: 85415 bytes

User: Mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 640440 bytes

User: Mike.Home-PC
->Temp folder emptied: 390752 bytes
->Temporary Internet Files folder emptied: 2002499 bytes
->Java cache emptied: 228761 bytes
->FireFox cache emptied: 179306558 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 21473 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16806 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 505.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01032013_163240

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#11
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.03.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ally :: HOME-PC [administrator]

03/01/2013 16:52:36
mbam-log-2013-01-03 (16-52-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276798
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I recently used it in this thread:

Nothing detrimental system wise was removed so safe to uninstall.

Everything seems to be running fine at the moment.

Good lets proceed as follows shall we...

Check Hard Disk For Errors:

  • Open Notepad.
  • Copy and Paste everything from the Quote-Box(do not copy the word quote) below into Notepad:

@echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

  • Go to File >> Save As
  • Save File name as Dakeyras.bat
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look similar to this: Posted Image
Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

A notepad file named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Delete tab >> reboot your machine if not prompted to do so.
  • Please post the contents of the log-file created in your next reply.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate downloads are here or here.

  • Quit all running programs.
  • Right-click on RogueKiller.exe and select Run as Administrator to launch the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
  • Please post the contents of the RKreport.txt in your next reply.

  • 0

#13
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Ok here are the logs:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
with type code 128 in file 20507.
Attribute record (128, "") from file record segment 7480
is corrupt.
Attribute record (128, "") from file record segment 20847
is corrupt.
is corrupt.
is corrupt.
is corrupt.
is corrupt.
is corrupt.
Attribute record (128, "") from file record segment 264711
is corrupt.
is corrupt.
is corrupt.
499840 file records processed.

File verification completed.
File record segment 7480 is an orphan.
File record segment 20847 is an orphan.
2359 large file records processed.


Errors found. CHKDSK cannot continue in read-only mode.
  • 0

#14
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
# AdwCleaner v2.104 - Logfile created 01/03/2013 at 22:02:30
# Updated 29/12/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Ally - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Ally\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Mike.Home-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lc4p5jt2.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Mike.Home-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lc4p5jt2.default\bprotector_prefs.js
File Deleted : C:\Users\Mike.Home-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lc4p5jt2.default\searchplugins\mngr.xml

***** [Registry] *****

Key Deleted : HKCU\Software\5e53d9dcb73ae944
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\0yk9xive.default\prefs.js

[OK] File is clean.

File : C:\Users\Mike.Home-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lc4p5jt2.default\prefs.js

[OK] File is clean.

File : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\eo60hdf4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Ally\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mike.Home-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.252] : urls_to_restore_on_startup ="session" : {"restore_on_startup": 4, [ "hxxp://search.babylon.com[...]

*************************

AdwCleaner[S2].txt - [3232 octets] - [03/01/2013 22:02:30]

########## EOF - C:\AdwCleaner[S2].txt - [3292 octets] ##########
  • 0

#15
Casper_aa

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Ally [Admin rights]
Mode : Scan -- Date : 01/03/2013 22:12:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 44d9800863145fe9ad0ac49f375297bd
[BSP] 9a1665a17f90d5d1a4fc2f0d2783c738 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01032013_02d2212.txt >>
RKreport[1]_S_01032013_02d2212.txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP