Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer infested, repair shop couldn't do anything, possibly maki


  • This topic is locked This topic is locked

#16
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Steam - Error

This account 'xXxWhitexMikexXx' has never been accessed on this machine before and a connection to steam servers cannot be made. Some services will not be available. Steam will continue to attempt the connection and services will be available upon success.

Seems like a temporary glitch with Steam.

The Malwarebytes log looks good and things sound promising.

It's 12 45am here and I need some beauty sleep so will reply in the morning.

Satchfan
  • 0

Advertisements


#17
AlfredoGarcia

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ah alright, guess i'll reinstall it once we're all done. That's great news, overall the speed has improved, no longer have to wait a minute for a folder to load its contents. Not only that but powering on and down is a lot quicker. Thanks for your help so far Satchfan, have a goodnight sleep.
  • 0

#18
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
:thumbsup:
  • 0

#19
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Let’s try forcing the uninstall of the programs you mentioned previously:

Absolute Poker
Cake Poker
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
PokerStars
Skype Click to Call (Version: 5.8.8855)
UltimateBet


Download Revo Uninstaller

  • double click the installation file on the desktop to run the installer.
  • let it install to the default location.
  • double click the new Revo Uninstaller Icon on the desktop to start the program.
You will now see a list of installed programs that Revo Uninstaller can remove.

  • locate the program you are uninstalling, eg Absolute Poker
  • right-click the icon then choose Uninstall.
  • click Yes to the warning and choose the Uninstall Mode
  • choose the Advanced option and then click Next.
  • this will launch the programs built in uninstaller. Be patient it can take several seconds.
  • once the uninstaller is done click Next.
  • Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
  • once this scan is done click Next.
  • you will then be presented of the leftover entries found by Revo Uninstaller
  • look at ALL of the entries to ensure they relate to the uninstall.
  • next, click Select All > Delete to remove the entries.
  • click Next.
  • if there are any program file folders left over you will be presented with a list to be removed.
  • again look at ALL of the entries to ensure they are related to the uninstall.
  • click Select All > Delete to remove the entries.
  • click Finish to go back to the uninstall list.
  • close the program
================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan


1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.

3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - if ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish
If a log has been produced post it in your next reply.

Finally, please run SecurityCheck once more and send a now log.

Thanks

Satchfan
  • 0

#20
AlfredoGarcia

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Okay just to let you know, I removed an additional program, Bodog Poker. I had the following happen for all the programs:

Running the applications uninstaller failed! Possible invalid uninstall command!

I was still able to press next though. For Facebook Video Calling 1.2.0.287, there was a different pop up:

The installer has encountered an unexpected error installing the package. This may indicate a problem with this package. The error code is 2738.

For Skype Click to Call (Version: 5.8.8855) a different wizard pop up came up:

Skype Click to Call Setup wizard ended prematurely because of an error. Your system has not been modified. To install this program at a later time, Run setup wizard again. Click the finish button to exit the setup wizard.

All seemed to have been removed successfully though.

ESET.txt

C:\ProgramData\Spybot - Search & Destroy\Recovery\Wajam31.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wajam31.zip Win32/Bagle.gen.zip worm
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\JkavZkav40.phpZoHffec939eV03009f35002R170402a1108Tb432dcc9Q000002fc900801F0020000aJ14000601l0409K6858404d325 Java/MalRunner.D trojan


checkup.txt

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Flash Player 11.5.502.146
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (18.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#21
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
I think you’ve done a good job here and we’re about clear and ready to tidy up.

Just one straggler to deal with.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :Files
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\JkavZkav40.phpZoHffec939eV03009f35002R170402a1108Tb432dcc9Q000002fc900801F0020000aJ14000601l0409K6858404d325
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done

  • open OTL again, click on Extra Registry -> Use Safelist
  • then click Run Scan

Please post back with the logs.

Also, let me know if all is now running well and if there are any remaining problems.

Satchfan
  • 0

#22
AlfredoGarcia

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Everything seems to be running well as of right now, still haven't had an opportunity to test out burning discs though.

OTL FIX

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\JkavZkav40.phpZoHffec939eV03009f35002R170402a1108Tb432dcc9Q000002fc900801F0020000aJ14000601l0409K6858404d325 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 90692 bytes
->Temporary Internet Files folder emptied: 68011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 382953445 bytes
->Flash cache emptied: 926 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 26243307 bytes

Total Files Cleaned = 390.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01302013_174636

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL SCAN

OTL logfile created on: 30/01/2013 5:50:30 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.22% Memory free
6.17 Gb Paging File | 5.31 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 107.76 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.30 Gb Free Space | 42.96% Space Free | Partition Type: NTFS

Computer Name: TOBYOREO-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/28 23:42:39 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/16 20:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/07/01 10:30:35 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/12 12:56:18 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/28 23:42:38 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/08 21:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/09/05 00:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 22:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 22:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/07/01 10:31:22 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
MOD - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
MOD - [2007/05/08 13:44:28 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfscw.dll
MOD - [2007/05/03 10:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfdatr.dll
MOD - [2007/04/16 08:47:47 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcfg.dll
MOD - [2007/04/09 08:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\DLDFptp.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcats.dll


========== Services (SafeList) ==========

SRV - [2013/01/28 23:42:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/28 01:44:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/28 01:44:24 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/10/09 18:56:30 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a5fbvjey)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\user\Desktop\A-SQUARED\run\a2ddax86.sys -- (A2DDA)
DRV - [2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2011/12/19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/08 21:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/11 11:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 11:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 11:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 11:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/08 12:29:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/02/29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=0071211
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 59 01 1E 00 00 00 5D 3A B8 68 01 00 00 80 06 00 59 01 00 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{56D83BBD-1A9E-4512-BCDB-EA62E500E22F}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.338: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/24 12:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/28 23:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/28 23:42:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/28 23:42:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/28 23:42:33 | 000,000,000 | ---D | M]

[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/01/29 13:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions
[2010/07/22 15:37:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/11 20:16:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/31 21:31:15 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\[email protected]
[2012/09/19 10:37:27 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/01/30 07:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/24 12:04:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/01/28 23:42:39 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/28 23:42:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/28 23:42:36 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FF3D529-C1F7-4C17-BE22-94617E325428}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 10:37:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 07:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/30 07:40:51 | 002,322,184 | ---- | C] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2013/01/30 07:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/30 07:07:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/01/30 07:06:24 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\user\Desktop\revosetup.exe
[2013/01/30 06:46:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{165565CA-C0D6-4B0A-AA01-01C4C88470B2}
[2013/01/29 19:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/29 19:21:15 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/29 19:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/29 19:20:23 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/29 11:09:44 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\user\Desktop\avgremover.exe
[2013/01/29 10:22:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CF98CD99-2C2F-4048-BB70-30DDD9A31B83}
[2013/01/28 23:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/28 18:59:32 | 000,752,287 | ---- | C] (Farbar) -- C:\Users\user\Desktop\MiniToolBox.exe
[2013/01/28 18:31:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/28 13:56:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:50:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/28 13:49:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/28 13:48:41 | 000,536,387 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:02:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Desktop
[2013/01/28 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2013/01/28 11:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/28 02:30:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\yahoo!
[2013/01/27 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG2013
[2013/01/27 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/01/27 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/01/27 19:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2013
[2013/01/27 18:09:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/27 18:09:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/01/27 18:09:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/27 18:09:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/27 18:09:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/27 18:09:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/27 18:09:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/27 18:09:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/27 17:37:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/01/27 17:36:55 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2013/01/27 17:36:54 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/01/27 17:36:53 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/01/27 17:36:48 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/01/27 17:36:48 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/01/27 17:31:02 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/01/27 17:31:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/01/27 17:20:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Downloaded Installations
[2013/01/27 17:19:44 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/01/27 16:18:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/01/27 16:17:41 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/01/27 16:17:09 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/27 16:17:05 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/01/27 16:17:05 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2013/01/27 16:15:24 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/30 17:50:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{78E4CC24-3078-45B9-820F-2726F5D0DEBC}.job
[2013/01/30 17:48:09 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 17:48:09 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 17:48:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/30 17:46:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/30 07:40:52 | 002,322,184 | ---- | M] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2013/01/30 07:07:08 | 000,001,059 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2013/01/30 07:06:25 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\user\Desktop\revosetup.exe
[2013/01/30 06:50:49 | 000,658,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/30 06:50:49 | 000,131,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/29 19:21:16 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/29 19:20:26 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/29 11:09:45 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\user\Desktop\avgremover.exe
[2013/01/28 18:59:33 | 000,752,287 | ---- | M] (Farbar) -- C:\Users\user\Desktop\MiniToolBox.exe
[2013/01/28 14:23:06 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:57:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:53:54 | 000,881,914 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 13:48:46 | 000,536,387 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/28 01:44:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/28 01:44:46 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/28 01:44:46 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/28 01:39:30 | 000,330,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/27 17:19:44 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/30 07:07:08 | 000,001,059 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2013/01/29 19:21:16 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/28 14:23:06 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:53:51 | 000,881,914 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/09/16 23:05:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/09/15 16:58:58 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/12/07 21:04:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/28 20:59:03 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/07/08 12:43:21 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/07/03 14:46:48 | 000,124,416 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/08 17:21:12 | 000,001,268 | ---- | C] () -- C:\ProgramData\dldf

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

EXTRAS

OTL Extras logfile created on: 30/01/2013 5:50:30 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.22% Memory free
6.17 Gb Paging File | 5.31 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 107.76 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.30 Gb Free Space | 42.96% Space Free | Partition Type: NTFS

Computer Name: TOBYOREO-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24114901-AC83-4C12-9816-AC9845018BDA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D078430B-4094-422B-BB72-5EF106F34F8F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064C05CA-740D-408B-95DC-05D2864E8563}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{07865AC7-41D2-41F7-A390-2AA543F7B86C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B83BCC2-FDBC-4494-854F-92B997DAD25F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{12A24D3B-727F-4481-9DD0-F1EB57137D2B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{13AFCA9B-B6F0-4ED6-BD68-9BFE41AA0BFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1D48B67E-35A2-4947-A6E8-8451A2DA713A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{23B12349-2F2F-4094-82C2-F288C4D8CE19}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{24FD0568-BE48-44C7-A9AB-908ED0BB8197}" = protocol=6 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{2938330C-1F02-4E59-92AA-96CB2B9D747A}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldffax.exe |
"{29FE0BB5-60C4-4D8D-AFF4-AE981F67FCF7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2E80F7E2-FDE3-4C6E-B4F0-1E10A5F36549}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{3507E90F-44DA-4DCF-82EF-0B7AD462FC35}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3CFCDD2B-867F-4798-91F9-E1AA4068BFD0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{40BC5DB7-3831-4FA5-A5C9-2C50685D46ED}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfjswx.exe |
"{45164F33-AD34-4A85-937B-EF822F7739D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{598E4106-3E58-40FA-ADEC-BFEC15F9DEFC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5B26257D-1FD8-4438-B1ED-80A6488F3876}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5E2B0D88-3269-4748-8123-16B2C93B7CA8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5F4C0A4E-372A-4556-8D58-54905EC309F4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{606FC13B-287F-4F68-B574-AD29B073E097}" = protocol=6 | dir=in | app=c:\program files\zandronum\doomseeker\doomseeker.exe |
"{60DC3DD3-4FFD-415D-BBDB-AC0BFD79AD65}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61C7D590-BAF8-4C1A-AE66-0D58F5D3CFC9}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{69FB636E-FF89-41B2-8D2A-8BF9A7E24505}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{6CCCCF22-2250-4B51-8710-289E7EB60BC4}" = protocol=17 | dir=in | app=c:\program files\zandronum\doomseeker\doomseeker.exe |
"{6E587721-E743-466E-AD92-768158CF03FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7B5585ED-EC17-4445-9F0E-3E95618D44EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7C53E4F5-5B57-418A-99EA-60AB28692556}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{801F68B1-634A-4225-9B39-C8EACE569D37}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfjswx.exe |
"{812F8073-566B-464C-A2AB-ACB240B1B2FA}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8191C0AD-005C-423E-A590-36A583D8EE15}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\whiteboy567\counter-strike\hl.exe |
"{82272DB3-066C-468E-9C8C-1C36B9B6268B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9133793A-4F97-410E-9256-5D0A300A1104}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{977DCE5F-9A53-4E06-A215-FE76DC2699A3}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldffax.exe |
"{983DCB6F-7EE6-4FEC-915B-63F97BE9A41B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{A0B0EFEB-79C1-413C-95C5-43ADAA22D3F1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\whiteboy567\day of defeat\hl.exe |
"{B5ADB88C-8D96-4CF2-A9A8-848599696EDF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B6C5317E-C48E-487A-9185-941B8B214708}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{B72C1AFC-F2C2-4402-83E1-1EC76CD9B005}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{C60DAF86-586C-474B-B9CC-0DA0C8756263}" = protocol=6 | dir=in | app=c:\program files\zandronum\zandronum.exe |
"{C7263137-C5E8-4345-87AE-6602B6509683}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\whiteboy567\counter-strike\hl.exe |
"{CD10E1AA-46D2-446F-87E4-D58ECEAB1DD4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE4A77E7-99AB-44EF-86BA-3FD9096D9FF5}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{DF121697-48D2-415D-B90A-463FAF3DD2CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DFF7B5A8-B233-464C-960A-879642BC53BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1E7DAFD-A5C4-4043-9785-AC17DC624CEA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\whiteboy567\day of defeat\hl.exe |
"{E3157FE7-9877-46C5-8DA4-12B1CB2EFF9D}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{E463A663-B0CB-4595-BACC-D19CC73B0864}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F851A83B-960F-4F67-8DA3-7107596C105C}" = protocol=17 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{FB9895C7-1C69-4069-B417-99F1A95486FC}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{FC95F74C-F9FF-49CD-86EC-595F125F54C0}" = protocol=17 | dir=in | app=c:\program files\zandronum\zandronum.exe |
"TCP Query User{161649F2-CA50-4B07-8612-A4F2B502B01D}C:\ggpo\ggpo.exe" = protocol=6 | dir=in | app=c:\ggpo\ggpo.exe |
"TCP Query User{37CD8A97-6D6B-4C8F-A3DF-8ECDF2356375}C:\ide\ide.exe" = protocol=6 | dir=in | app=c:\ide\ide.exe |
"TCP Query User{47A5BF27-32AA-49BC-ADD0-4ED2FEAB9190}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{4A737B6D-B039-4FB4-8D9F-9C01BA292AFE}C:\program files\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |
"TCP Query User{54CAA8DF-EC82-4045-9676-E2840D39CED6}C:\users\user\appdata\local\apps\2.0\vojya0nj.434\ggp6otd1.9jd\supe..tion_e346eacfb31edf62_0002.0000_8f58d4b3b72178be\supercade.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\apps\2.0\vojya0nj.434\ggp6otd1.9jd\supe..tion_e346eacfb31edf62_0002.0000_8f58d4b3b72178be\supercade.exe |
"TCP Query User{581FFA94-5118-44CB-8F22-885C0E76CDF1}C:\users\user\appdata\roaming\supercade\supercadeemulator.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\supercade\supercadeemulator.exe |
"TCP Query User{69E4796F-3DF2-4B7E-AA25-4AC982EE82AF}C:\zdaemon\distr\zlauncher.exe" = protocol=6 | dir=in | app=c:\zdaemon\distr\zlauncher.exe |
"TCP Query User{69E61E6D-09D6-4625-AB66-7101779A5BC7}C:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"TCP Query User{810653F9-5C0D-417D-971B-90DEA7998242}C:\program files\dell aio printer 948\dldfmon.exe" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"TCP Query User{922EEEF0-2FC1-4375-B1F4-E6320F16E3E1}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{9C815107-3CEF-43F7-A959-CB2AF1B9C4C0}C:\program files\gog.com\heroes of might and magic 2 gold\dosbox\dosbox.exe" = protocol=6 | dir=in | app=c:\program files\gog.com\heroes of might and magic 2 gold\dosbox\dosbox.exe |
"TCP Query User{A814BE1D-5222-494F-88BD-7B1C98C77949}C:\skulltag\skulltag.exe" = protocol=6 | dir=in | app=c:\skulltag\skulltag.exe |
"TCP Query User{C1654FD2-74A8-4DBD-9BA8-55A368232870}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{C91DA873-0166-4EB1-86B2-56C90AEAB9AD}C:\zdaemon109\zdaemon\zlauncher.exe" = protocol=6 | dir=in | app=c:\zdaemon109\zdaemon\zlauncher.exe |
"TCP Query User{C93ADDAB-3228-413B-92CC-85853F315A26}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{D4057693-9A43-4565-9D32-345B733D59EE}C:\zdaemon\distr\zdaemon.exe" = protocol=6 | dir=in | app=c:\zdaemon\distr\zdaemon.exe |
"TCP Query User{E6FEA378-C337-4455-B028-E5D17E05AE9A}C:\skulltag\idese.exe" = protocol=6 | dir=in | app=c:\skulltag\idese.exe |
"UDP Query User{0ED61A94-595C-4382-8D64-086FDE72F276}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{13DBD699-304A-4E22-8B97-D484D36A030E}C:\zdaemon\distr\zlauncher.exe" = protocol=17 | dir=in | app=c:\zdaemon\distr\zlauncher.exe |
"UDP Query User{1C0B95B8-72AF-4650-A457-F4AE5414902F}C:\ggpo\ggpo.exe" = protocol=17 | dir=in | app=c:\ggpo\ggpo.exe |
"UDP Query User{38A1ECDC-1E3B-42A7-BA6B-667DF6B71339}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{423B83D6-08F7-4A01-A86C-D4CB022FB66B}C:\zdaemon\distr\zdaemon.exe" = protocol=17 | dir=in | app=c:\zdaemon\distr\zdaemon.exe |
"UDP Query User{463A81EA-F33C-4DE9-A1CC-64CC2DE3161C}C:\zdaemon109\zdaemon\zlauncher.exe" = protocol=17 | dir=in | app=c:\zdaemon109\zdaemon\zlauncher.exe |
"UDP Query User{54276854-15E8-4B5C-A6E0-4C91E27E75CE}C:\skulltag\idese.exe" = protocol=17 | dir=in | app=c:\skulltag\idese.exe |
"UDP Query User{5662504B-317D-40CF-8BC3-30D253F90CEC}C:\program files\gog.com\heroes of might and magic 2 gold\dosbox\dosbox.exe" = protocol=17 | dir=in | app=c:\program files\gog.com\heroes of might and magic 2 gold\dosbox\dosbox.exe |
"UDP Query User{583BDAA3-3AD4-40BE-96DE-7B006D8D0847}C:\skulltag\skulltag.exe" = protocol=17 | dir=in | app=c:\skulltag\skulltag.exe |
"UDP Query User{5A4D4347-C5AD-4FFF-A1EF-69ABF715D129}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{7ED0024F-8755-44F5-8F54-626C8084CEDC}C:\users\user\appdata\local\apps\2.0\vojya0nj.434\ggp6otd1.9jd\supe..tion_e346eacfb31edf62_0002.0000_8f58d4b3b72178be\supercade.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\apps\2.0\vojya0nj.434\ggp6otd1.9jd\supe..tion_e346eacfb31edf62_0002.0000_8f58d4b3b72178be\supercade.exe |
"UDP Query User{9BA403EF-8C97-4640-B3A2-495397A425B6}C:\program files\dell aio printer 948\dldfmon.exe" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"UDP Query User{AC89FBCD-4863-4E6F-A2BF-B69A341A77FE}C:\ide\ide.exe" = protocol=17 | dir=in | app=c:\ide\ide.exe |
"UDP Query User{AEAE987F-2F50-43F8-8D6C-D01651F6AAC0}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{E890403A-791F-4716-A051-547D6EF998DF}C:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"UDP Query User{F67AF59A-F63F-4ABE-9177-050AE3CBC715}C:\users\user\appdata\roaming\supercade\supercadeemulator.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\supercade\supercadeemulator.exe |
"UDP Query User{FE0FB24E-76BE-49DD-8401-9D0BBEA08A39}C:\program files\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72470D12-2CCA-4324-AFF9-F1396A2168EA}" = Corel Snapfire muvee autoProducer add-on
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7AC932D-297F-46C8-9834-FA23854CC150}_is1" = MKV Converter Studio V2.0.2
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.62
"AC3Filter_is1" = AC3Filter 1.61b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.1.2
"Cake Poker" = Cake Poker
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"DefaultTab" = DefaultTab
"Dell AIO Printer 948" = Dell AIO Printer 948
"Deus Ex" = Deus Ex
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"Doom Builder 2_is1" = Doom Builder 2.1
"ESET Online Scanner" = ESET Online Scanner v3
"GameSpy Arcade" = GameSpy Arcade
"HDMI" = Intel® Graphics Media Accelerator Driver
"Heroes of Might and Magic 2 GOLD_is1" = Heroes of Might and Magic 2 GOLD
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"Keeper" = Dungeon Keeper Gold
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rise of The Triad_is1" = Rise of The Triad
"Steam App 10" = Counter-Strike
"Steam App 30" = Day of Defeat
"Steam App 400" = Portal
"TVWiz" = Intel® TV Wizard
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"Vice City Online Release RC1 Patch 1_is1" = Vice City Online Release RC1 Patch 1
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"xchat" = XChat 2 (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zandronum" = Zandronum
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"e8832ac51266356d" = Supercade
"RadarSync PC Updater 2011" = RadarSync PC Updater 2011 (driver updates & patches)
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/01/2013 8:20:57 AM | Computer Name = TobyOreo-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 30/01/2013 8:22:08 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:24:12 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:25:15 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:27:04 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:28:27 AM | Computer Name = TobyOreo-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 30/01/2013 8:29:32 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:31:02 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:32:18 AM | Computer Name = TobyOreo-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 30/01/2013 8:36:48 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 28/01/2013 5:24:00 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 28/01/2013 7:44:08 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29/01/2013 11:22:15 AM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29/01/2013 2:06:07 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29/01/2013 8:15:49 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/01/2013 1:01:04 AM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/01/2013 7:45:55 AM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/01/2013 6:48:25 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Edited by AlfredoGarcia, 30 January 2013 - 05:01 PM.

  • 0

#23
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=dword:00000001
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done

  • open OTL again, click on Extra Registry -> Use Safelist
  • then click Run Scan

Please post back with the logs.

Satchfan
  • 0

#24
AlfredoGarcia

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL FIX

All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 33800 bytes
->Temporary Internet Files folder emptied: 68011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 374412658 bytes
->Flash cache emptied: 1349 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 357.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01312013_101240

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL


OTL logfile created on: 31/01/2013 10:15:15 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.12% Memory free
6.17 Gb Paging File | 5.30 Gb Available in Paging File | 85.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 107.76 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.30 Gb Free Space | 42.96% Space Free | Partition Type: NTFS

Computer Name: TOBYOREO-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/28 23:42:39 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/16 20:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/07/01 10:30:35 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/12 12:56:18 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/28 23:42:38 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/08 21:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/09/05 00:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 22:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 22:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/07/01 10:31:22 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
MOD - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
MOD - [2007/05/08 13:44:28 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfscw.dll
MOD - [2007/05/03 10:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfdatr.dll
MOD - [2007/04/16 08:47:47 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcfg.dll
MOD - [2007/04/09 08:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\DLDFptp.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcats.dll


========== Services (SafeList) ==========

SRV - [2013/01/28 23:42:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/28 01:44:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/28 01:44:24 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/10/09 18:56:30 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aqjq4d80)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\user\Desktop\A-SQUARED\run\a2ddax86.sys -- (A2DDA)
DRV - [2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2011/12/19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/08 21:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/11 11:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 11:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 11:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 11:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/08 12:29:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/02/29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=0071211
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 59 01 1E 00 00 00 5D 3A B8 68 01 00 00 80 06 00 59 01 00 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{56D83BBD-1A9E-4512-BCDB-EA62E500E22F}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.338: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/24 12:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/28 23:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/28 23:42:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/28 23:42:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/28 23:42:33 | 000,000,000 | ---D | M]

[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/01/29 13:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions
[2010/07/22 15:37:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/11 20:16:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/31 21:31:15 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\[email protected]
[2012/09/19 10:37:27 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/01/30 07:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/24 12:04:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/01/28 23:42:39 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/28 23:42:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/28 23:42:36 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FF3D529-C1F7-4C17-BE22-94617E325428}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 10:37:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/31 10:11:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DD06C92F-3454-4A9D-B14A-E7F15CCA4484}
[2013/01/30 07:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/30 07:40:51 | 002,322,184 | ---- | C] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2013/01/30 07:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/30 07:07:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/01/30 07:06:24 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\user\Desktop\revosetup.exe
[2013/01/30 06:46:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{165565CA-C0D6-4B0A-AA01-01C4C88470B2}
[2013/01/29 19:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/29 19:21:15 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/29 19:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/29 19:20:23 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/29 11:09:44 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\user\Desktop\avgremover.exe
[2013/01/29 10:22:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CF98CD99-2C2F-4048-BB70-30DDD9A31B83}
[2013/01/28 23:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/28 18:59:32 | 000,752,287 | ---- | C] (Farbar) -- C:\Users\user\Desktop\MiniToolBox.exe
[2013/01/28 18:31:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/28 13:56:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:50:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/28 13:49:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/28 13:48:41 | 000,536,387 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:02:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Desktop
[2013/01/28 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2013/01/28 11:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/28 02:30:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\yahoo!
[2013/01/27 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG2013
[2013/01/27 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/01/27 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/01/27 19:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2013
[2013/01/27 18:09:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/27 18:09:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/01/27 18:09:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/27 18:09:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/27 18:09:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/27 18:09:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/27 18:09:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/27 18:09:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/27 17:37:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/01/27 17:36:55 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2013/01/27 17:36:54 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/01/27 17:36:53 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/01/27 17:36:48 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/01/27 17:36:48 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/01/27 17:31:02 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/01/27 17:31:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/01/27 17:20:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Downloaded Installations
[2013/01/27 17:19:44 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/01/27 16:18:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/01/27 16:17:41 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/01/27 16:17:09 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/27 16:17:05 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/01/27 16:17:05 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2013/01/27 16:15:24 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/31 10:15:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{78E4CC24-3078-45B9-820F-2726F5D0DEBC}.job
[2013/01/31 10:14:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 10:14:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 10:14:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/31 10:13:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/30 17:55:12 | 000,658,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/30 17:55:12 | 000,131,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/30 07:40:52 | 002,322,184 | ---- | M] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2013/01/30 07:07:08 | 000,001,059 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2013/01/30 07:06:25 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\user\Desktop\revosetup.exe
[2013/01/29 19:21:16 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/29 19:20:26 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/29 11:09:45 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\user\Desktop\avgremover.exe
[2013/01/28 18:59:33 | 000,752,287 | ---- | M] (Farbar) -- C:\Users\user\Desktop\MiniToolBox.exe
[2013/01/28 14:23:06 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:57:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:53:54 | 000,881,914 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 13:48:46 | 000,536,387 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/28 01:44:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/28 01:44:46 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/28 01:44:46 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/28 01:39:30 | 000,330,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/27 17:19:44 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/30 07:07:08 | 000,001,059 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2013/01/29 19:21:16 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/28 14:23:06 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:53:51 | 000,881,914 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/09/16 23:05:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/09/15 16:58:58 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/12/07 21:04:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/28 20:59:03 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/07/08 12:43:21 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/07/03 14:46:48 | 000,124,416 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/08 17:21:12 | 000,001,268 | ---- | C] () -- C:\ProgramData\dldf

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


Extras

OTL Extras logfile created on: 31/01/2013 10:15:15 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.12% Memory free
6.17 Gb Paging File | 5.30 Gb Available in Paging File | 85.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 107.76 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.30 Gb Free Space | 42.96% Space Free | Partition Type: NTFS

Computer Name: TOBYOREO-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24114901-AC83-4C12-9816-AC9845018BDA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D078430B-4094-422B-BB72-5EF106F34F8F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064C05CA-740D-408B-95DC-05D2864E8563}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{07865AC7-41D2-41F7-A390-2AA543F7B86C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B83BCC2-FDBC-4494-854F-92B997DAD25F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{12A24D3B-727F-4481-9DD0-F1EB57137D2B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{13AFCA9B-B6F0-4ED6-BD68-9BFE41AA0BFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1D48B67E-35A2-4947-A6E8-8451A2DA713A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{23B12349-2F2F-4094-82C2-F288C4D8CE19}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{24FD0568-BE48-44C7-A9AB-908ED0BB8197}" = protocol=6 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{2938330C-1F02-4E59-92AA-96CB2B9D747A}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldffax.exe |
"{29FE0BB5-60C4-4D8D-AFF4-AE981F67FCF7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2E80F7E2-FDE3-4C6E-B4F0-1E10A5F36549}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{3507E90F-44DA-4DCF-82EF-0B7AD462FC35}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3CFCDD2B-867F-4798-91F9-E1AA4068BFD0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{40BC5DB7-3831-4FA5-A5C9-2C50685D46ED}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfjswx.exe |
"{45164F33-AD34-4A85-937B-EF822F7739D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{598E4106-3E58-40FA-ADEC-BFEC15F9DEFC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5B26257D-1FD8-4438-B1ED-80A6488F3876}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5E2B0D88-3269-4748-8123-16B2C93B7CA8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5F4C0A4E-372A-4556-8D58-54905EC309F4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{606FC13B-287F-4F68-B574-AD29B073E097}" = protocol=6 | dir=in | app=c:\program files\zandronum\doomseeker\doomseeker.exe |
"{60DC3DD3-4FFD-415D-BBDB-AC0BFD79AD65}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61C7D590-BAF8-4C1A-AE66-0D58F5D3CFC9}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{69FB636E-FF89-41B2-8D2A-8BF9A7E24505}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{6CCCCF22-2250-4B51-8710-289E7EB60BC4}" = protocol=17 | dir=in | app=c:\program files\zandronum\doomseeker\doomseeker.exe |
"{6E587721-E743-466E-AD92-768158CF03FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7B5585ED-EC17-4445-9F0E-3E95618D44EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7C53E4F5-5B57-418A-99EA-60AB28692556}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{801F68B1-634A-4225-9B39-C8EACE569D37}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfjswx.exe |
"{812F8073-566B-464C-A2AB-ACB240B1B2FA}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8191C0AD-005C-423E-A590-36A583D8EE15}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\whiteboy567\counter-strike\hl.exe |
"{82272DB3-066C-468E-9C8C-1C36B9B6268B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9133793A-4F97-410E-9256-5D0A300A1104}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{977DCE5F-9A53-4E06-A215-FE76DC2699A3}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldffax.exe |
"{983DCB6F-7EE6-4FEC-915B-63F97BE9A41B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{A0B0EFEB-79C1-413C-95C5-43ADAA22D3F1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\whiteboy567\day of defeat\hl.exe |
"{B5ADB88C-8D96-4CF2-A9A8-848599696EDF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B6C5317E-C48E-487A-9185-941B8B214708}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{B72C1AFC-F2C2-4402-83E1-1EC76CD9B005}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{C60DAF86-586C-474B-B9CC-0DA0C8756263}" = protocol=6 | dir=in | app=c:\program files\zandronum\zandronum.exe |
"{C7263137-C5E8-4345-87AE-6602B6509683}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\whiteboy567\counter-strike\hl.exe |
"{CD10E1AA-46D2-446F-87E4-D58ECEAB1DD4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE4A77E7-99AB-44EF-86BA-3FD9096D9FF5}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{DF121697-48D2-415D-B90A-463FAF3DD2CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DFF7B5A8-B233-464C-960A-879642BC53BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1E7DAFD-A5C4-4043-9785-AC17DC624CEA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\whiteboy567\day of defeat\hl.exe |
"{E3157FE7-9877-46C5-8DA4-12B1CB2EFF9D}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{E463A663-B0CB-4595-BACC-D19CC73B0864}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F851A83B-960F-4F67-8DA3-7107596C105C}" = protocol=17 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{FB9895C7-1C69-4069-B417-99F1A95486FC}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{FC95F74C-F9FF-49CD-86EC-595F125F54C0}" = protocol=17 | dir=in | app=c:\program files\zandronum\zandronum.exe |
"TCP Query User{161649F2-CA50-4B07-8612-A4F2B502B01D}C:\ggpo\ggpo.exe" = protocol=6 | dir=in | app=c:\ggpo\ggpo.exe |
"TCP Query User{37CD8A97-6D6B-4C8F-A3DF-8ECDF2356375}C:\ide\ide.exe" = protocol=6 | dir=in | app=c:\ide\ide.exe |
"TCP Query User{47A5BF27-32AA-49BC-ADD0-4ED2FEAB9190}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{4A737B6D-B039-4FB4-8D9F-9C01BA292AFE}C:\program files\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |
"TCP Query User{54CAA8DF-EC82-4045-9676-E2840D39CED6}C:\users\user\appdata\local\apps\2.0\vojya0nj.434\ggp6otd1.9jd\supe..tion_e346eacfb31edf62_0002.0000_8f58d4b3b72178be\supercade.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\apps\2.0\vojya0nj.434\ggp6otd1.9jd\supe..tion_e346eacfb31edf62_0002.0000_8f58d4b3b72178be\supercade.exe |
"TCP Query User{581FFA94-5118-44CB-8F22-885C0E76CDF1}C:\users\user\appdata\roaming\supercade\supercadeemulator.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\supercade\supercadeemulator.exe |
"TCP Query User{69E4796F-3DF2-4B7E-AA25-4AC982EE82AF}C:\zdaemon\distr\zlauncher.exe" = protocol=6 | dir=in | app=c:\zdaemon\distr\zlauncher.exe |
"TCP Query User{69E61E6D-09D6-4625-AB66-7101779A5BC7}C:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"TCP Query User{810653F9-5C0D-417D-971B-90DEA7998242}C:\program files\dell aio printer 948\dldfmon.exe" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"TCP Query User{922EEEF0-2FC1-4375-B1F4-E6320F16E3E1}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{9C815107-3CEF-43F7-A959-CB2AF1B9C4C0}C:\program files\gog.com\heroes of might and magic 2 gold\dosbox\dosbox.exe" = protocol=6 | dir=in | app=c:\program files\gog.com\heroes of might and magic 2 gold\dosbox\dosbox.exe |
"TCP Query User{A814BE1D-5222-494F-88BD-7B1C98C77949}C:\skulltag\skulltag.exe" = protocol=6 | dir=in | app=c:\skulltag\skulltag.exe |
"TCP Query User{C1654FD2-74A8-4DBD-9BA8-55A368232870}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{C91DA873-0166-4EB1-86B2-56C90AEAB9AD}C:\zdaemon109\zdaemon\zlauncher.exe" = protocol=6 | dir=in | app=c:\zdaemon109\zdaemon\zlauncher.exe |
"TCP Query User{C93ADDAB-3228-413B-92CC-85853F315A26}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{D4057693-9A43-4565-9D32-345B733D59EE}C:\zdaemon\distr\zdaemon.exe" = protocol=6 | dir=in | app=c:\zdaemon\distr\zdaemon.exe |
"TCP Query User{E6FEA378-C337-4455-B028-E5D17E05AE9A}C:\skulltag\idese.exe" = protocol=6 | dir=in | app=c:\skulltag\idese.exe |
"UDP Query User{0ED61A94-595C-4382-8D64-086FDE72F276}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{13DBD699-304A-4E22-8B97-D484D36A030E}C:\zdaemon\distr\zlauncher.exe" = protocol=17 | dir=in | app=c:\zdaemon\distr\zlauncher.exe |
"UDP Query User{1C0B95B8-72AF-4650-A457-F4AE5414902F}C:\ggpo\ggpo.exe" = protocol=17 | dir=in | app=c:\ggpo\ggpo.exe |
"UDP Query User{38A1ECDC-1E3B-42A7-BA6B-667DF6B71339}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{423B83D6-08F7-4A01-A86C-D4CB022FB66B}C:\zdaemon\distr\zdaemon.exe" = protocol=17 | dir=in | app=c:\zdaemon\distr\zdaemon.exe |
"UDP Query User{463A81EA-F33C-4DE9-A1CC-64CC2DE3161C}C:\zdaemon109\zdaemon\zlauncher.exe" = protocol=17 | dir=in | app=c:\zdaemon109\zdaemon\zlauncher.exe |
"UDP Query User{54276854-15E8-4B5C-A6E0-4C91E27E75CE}C:\skulltag\idese.exe" = protocol=17 | dir=in | app=c:\skulltag\idese.exe |
"UDP Query User{5662504B-317D-40CF-8BC3-30D253F90CEC}C:\program files\gog.com\heroes of might and magic 2 gold\dosbox\dosbox.exe" = protocol=17 | dir=in | app=c:\program files\gog.com\heroes of might and magic 2 gold\dosbox\dosbox.exe |
"UDP Query User{583BDAA3-3AD4-40BE-96DE-7B006D8D0847}C:\skulltag\skulltag.exe" = protocol=17 | dir=in | app=c:\skulltag\skulltag.exe |
"UDP Query User{5A4D4347-C5AD-4FFF-A1EF-69ABF715D129}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{7ED0024F-8755-44F5-8F54-626C8084CEDC}C:\users\user\appdata\local\apps\2.0\vojya0nj.434\ggp6otd1.9jd\supe..tion_e346eacfb31edf62_0002.0000_8f58d4b3b72178be\supercade.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\apps\2.0\vojya0nj.434\ggp6otd1.9jd\supe..tion_e346eacfb31edf62_0002.0000_8f58d4b3b72178be\supercade.exe |
"UDP Query User{9BA403EF-8C97-4640-B3A2-495397A425B6}C:\program files\dell aio printer 948\dldfmon.exe" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"UDP Query User{AC89FBCD-4863-4E6F-A2BF-B69A341A77FE}C:\ide\ide.exe" = protocol=17 | dir=in | app=c:\ide\ide.exe |
"UDP Query User{AEAE987F-2F50-43F8-8D6C-D01651F6AAC0}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{E890403A-791F-4716-A051-547D6EF998DF}C:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"UDP Query User{F67AF59A-F63F-4ABE-9177-050AE3CBC715}C:\users\user\appdata\roaming\supercade\supercadeemulator.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\supercade\supercadeemulator.exe |
"UDP Query User{FE0FB24E-76BE-49DD-8401-9D0BBEA08A39}C:\program files\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72470D12-2CCA-4324-AFF9-F1396A2168EA}" = Corel Snapfire muvee autoProducer add-on
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7AC932D-297F-46C8-9834-FA23854CC150}_is1" = MKV Converter Studio V2.0.2
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.62
"AC3Filter_is1" = AC3Filter 1.61b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.1.2
"Cake Poker" = Cake Poker
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"DefaultTab" = DefaultTab
"Dell AIO Printer 948" = Dell AIO Printer 948
"Deus Ex" = Deus Ex
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"Doom Builder 2_is1" = Doom Builder 2.1
"ESET Online Scanner" = ESET Online Scanner v3
"GameSpy Arcade" = GameSpy Arcade
"HDMI" = Intel® Graphics Media Accelerator Driver
"Heroes of Might and Magic 2 GOLD_is1" = Heroes of Might and Magic 2 GOLD
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"Keeper" = Dungeon Keeper Gold
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rise of The Triad_is1" = Rise of The Triad
"Steam App 10" = Counter-Strike
"Steam App 30" = Day of Defeat
"Steam App 400" = Portal
"TVWiz" = Intel® TV Wizard
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"Vice City Online Release RC1 Patch 1_is1" = Vice City Online Release RC1 Patch 1
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"xchat" = XChat 2 (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zandronum" = Zandronum
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"e8832ac51266356d" = Supercade
"RadarSync PC Updater 2011" = RadarSync PC Updater 2011 (driver updates & patches)
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/01/2013 8:20:57 AM | Computer Name = TobyOreo-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 30/01/2013 8:22:08 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:24:12 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:25:15 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:27:04 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:28:27 AM | Computer Name = TobyOreo-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 30/01/2013 8:29:32 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:31:02 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

Error - 30/01/2013 8:32:18 AM | Computer Name = TobyOreo-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 30/01/2013 8:36:48 AM | Computer Name = TobyOreo-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 28/01/2013 5:24:00 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 28/01/2013 7:44:08 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29/01/2013 11:22:15 AM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29/01/2013 2:06:07 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29/01/2013 8:15:49 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/01/2013 1:01:04 AM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/01/2013 7:45:55 AM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/01/2013 6:48:25 PM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 31/01/2013 11:10:48 AM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 31/01/2013 11:14:30 AM | Computer Name = TobyOreo-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#25
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Apologies for the delay but I had to attend to some family stuff yesterday.

Well done, your computer appears to be clean.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall OTL

  • double-click OTL.exe
  • click the CleanUp! button.
  • select Yes when the Begin cleanup Process? prompt appears.
  • if you are prompted to reboot during the cleanup, select Yes.
  • the tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

===================================================

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with yes.
You can delete any other logs and programs from your desktop.

===================================================

Create a Restore Point

  • click on Start > Control Panel (All Control Panel Items)
  • click on System > System Protection
  • check that you have System Protection turned on for the drive that you want to create a restore point for, (usually C:
  • click Create
  • type in a description for the restore point to help recognize it when doing a System Restore, and click on the Create button.
Remove old restore points

  • open Disk Cleanup by clicking Start. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
  • if prompted, select the drive that you want to clean up, and then click OK.
  • in the Disk Cleanup for (drive letter) dialog box, click Clean up system files. If you're prompted for an administrator password or confirmation, type the password or provide confirmation
  • if prompted, select the drive that you want to clean up, and then click OK
  • click the More Options tab, then under System Restore and Shadow Copies, click Clean up
  • in the Disk Cleanup dialog box, click Delete
  • click Delete Files, and then click OK.
===================================================

Antivirus

You have no active antivirus on your computer. If you use the Internet without an antivirus your computer will certainly become infected again. It is also imperative that you update your Antivirus software at least once a week, (even more if you wish). If you do not update it, it will not be able to catch any of the new variants of malware that come out on a daily basis.

Do NOT install more than one or they will fight against each other and render both ineffective.

Here are some of the better AV products.

Download and install one of these free antivirus programs:



Free Avast Home Edition
Avira AntiVir® Personal Edition Classic
Microsoft Security Essentials

===================================================

Update installed programs

You have an old version of Adobe Reader on your computer which is vulnerable to infections.

  • from the Start menu, select Control Panel.
  • in Large or Small icon view, click Programs and Features. If you're using Category view, under "Programs", click Uninstall a program.
  • select any versions of Adobe Reader then click Uninstall.
Install the latest version:

Adobe Reader

===================================================

P2P - I see you have P2P software, (uTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

===================================================

Recommended programs

Update and run Malwarebytes. This really is an excellent program that you should update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

Improve Firefox startup times with SpeedyFox

Although we removed some old entries and that should have helped, a colleague suggested this program which will help to speed things up even more by de-fragmenting Firefox’s database.

  • download SpeedyFox
  • chose the Firefox profile you want to modify and its location
  • press the Speed Up My Firefox! button.
===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes


I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan
  • 0

Advertisements


#26
AlfredoGarcia

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for all your help Satchfan, you guys should be paid for doing all this! Out of curiosity how serious were the threats? Could you see any reason why they'd just send the desktop back? Thanks again for the help, i'll test my burn drive once I obtain some disks but other than that everything seems to be working fine.
  • 0

#27
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Thanks for all your help Satchfan

You're welcome.

Out of curiosity how serious were the threats?

They were not serious: mostly adware/spyware. I suggest you find another computer shop to advise you if they were suggesting that malware was the issue.

You did have some errors showing in the Extras log from the OTL scan that need looked at.

These are not malware-related but I suggest you start a thread in our Windows Vista forum here so that one of the experts can have a look and advise you.

Explain about the CD problem and the other issues, plus the fact that you have ruled out malware as the problem.

Regards

Satchfan
  • 0

#28
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP