Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pretty sure I have a virus, nothing detects it. [Closed]

Started by Sh3llfish , Apr 18 2013 06:32 PM

  • This topic is locked This topic is locked

#1
Sh3llfish
Posted 18 April 2013 - 06:32 PM

Sh3llfish

    Member

  • Member
  • PipPip
  • 13 posts
Hi, I've been here before seeking assistance and was helped with removing a malware, however I'm back now as I feel like something is affecting my PC. It feels sluggish at times and at times my connection is slower with no apparent reason. Anyone think they can help me out?
  • 0

Advertisements

#2
maliprog
Posted 18 April 2013 - 11:10 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Sh3llfish and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Sh3llfish
Posted 19 April 2013 - 06:23 PM

Sh3llfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 4/19/2013 4:37:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ryan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 48.07% Memory free
7.98 Gb Paging File | 5.31 Gb Available in Paging File | 66.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 153.95 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive D: | 196.35 Gb Total Space | 196.24 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive E: | 39.10 Mb Total Space | 30.29 Mb Free Space | 77.46% Space Free | Partition Type: FAT
Drive G: | 310.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RYANS-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/19 16:37:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe
PRC - [2013/04/11 15:24:21 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/11 13:42:48 | 006,865,856 | ---- | M] (IO Entertainment Co., Ltd.) -- C:\WeMadeUSA\Lost Saga\lostsaga.exe
PRC - [2013/04/11 12:12:56 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/04/04 03:05:54 | 001,259,824 | ---- | M] (Wiselogic Co., Ltd.) -- C:\WeMadeUSA\Lost Saga\XTrap\XTrap.xt
PRC - [2013/02/26 11:34:46 | 000,525,312 | ---- | M] () -- C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
PRC - [2013/02/18 21:16:16 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/01/26 07:08:50 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/11 15:24:21 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/11 12:12:56 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/11 15:24:21 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/14 02:16:36 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 11:34:46 | 000,525,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe -- (KinoniSvc)
SRV - [2013/02/18 21:16:16 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/02/08 18:45:50 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/21 17:54:16 | 000,666,720 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012/07/25 15:32:00 | 004,622,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/26 11:34:12 | 002,782,848 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kinonivd.sys -- (kinonivd)
DRV:64bit: - [2013/02/26 11:34:06 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kinonivad.sys -- (KINONI_Wave)
DRV:64bit: - [2013/02/18 21:16:16 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/24 03:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/07/28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/26 16:00:22 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6UX264.sys -- (L6UX2)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...&ocid=iehp&tc=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.ca"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 15:24:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/11 15:24:18 | 000,000,000 | ---D | M]

[2012/10/19 18:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2012/11/06 20:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\99e1q53x.default\extensions
[2013/04/11 15:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/11 15:24:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/26 22:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/26 22:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: WebSearch (Enabled)
CHR - default_search_provider: search_url = http://websearch.moc...q={searchTerms}
CHR - default_search_provider: suggest_url = http://websearch.moc...q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [AmoltoRecorder] C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe (Amolto)
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.100.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD6CC6E9-0453-4B74-8EA3-2C8C6C9A99BC}: DhcpNameServer = 10.100.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/25 13:59:34 | 000,001,050 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2009/10/25 13:59:34 | 000,001,050 | ---- | M] () - E:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2012/07/02 17:37:03 | 000,000,047 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4b1c17cd-9805-11e1-907e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4b1c17cd-9805-11e1-907e-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- [2012/07/13 19:31:13 | 124,789,112 | R--- | M] ()
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/17 22:43:03 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/04/17 22:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/17 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Awesomium
[2013/04/17 16:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvel Heroes Beta
[2013/04/17 16:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/04/17 16:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/04/17 16:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secret Identity Studios
[2013/04/17 15:55:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BitRaider
[2013/04/17 15:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/04/12 21:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Badosoft
[2013/04/12 19:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/12 19:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/04/11 15:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Lost Saga screenshot
[2013/04/11 15:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/11 12:37:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost Saga
[2013/04/11 12:37:35 | 000,000,000 | ---D | C] -- C:\WeMadeUSA
[2013/04/11 12:13:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\PMB Files
[2013/04/11 12:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/04/06 23:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kinoni
[2013/04/06 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/04/06 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/04/04 22:03:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\DolbyAxon
[2013/04/04 19:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/04/01 11:11:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Vindictus
[2013/04/01 10:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2013/03/31 22:09:33 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/03/31 22:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2013/03/31 19:41:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\League of Legends
[2013/03/25 20:17:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
[2013/03/25 20:17:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Warframe
[2013/03/24 18:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Cubase
[2013/03/24 18:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2013/03/24 18:37:41 | 016,138,240 | ---- | C] (Steinberg Media Technologies) -- C:\HALionOne.dll
[2013/03/24 17:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
[2013/03/24 17:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 6
[2013/03/24 00:19:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Akamai
[2013/03/24 00:19:03 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2013/03/23 14:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/21 20:20:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\EdgeOfReality
[2013/03/20 21:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2013/03/20 21:28:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Steinberg
[2012/10/18 21:57:12 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Ryan\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/04/19 16:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/19 16:05:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4074730859-2459709911-2909860712-1000UA.job
[2013/04/19 16:03:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/19 15:35:48 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/19 15:35:48 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/19 15:28:31 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/19 15:28:29 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{62EF6FC1-9EAF-4801-9459-BE3BC674404D}.job
[2013/04/19 15:27:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/19 15:27:22 | 3214,135,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/18 21:01:57 | 008,910,352 | ---- | M] () -- C:\Users\Ryan\Documents\JAMS2.jpg
[2013/04/18 20:05:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4074730859-2459709911-2909860712-1000Core.job
[2013/04/18 19:19:17 | 420,743,574 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/18 16:37:30 | 004,621,008 | ---- | M] () -- C:\Users\Ryan\Documents\IMG_0355.JPG
[2013/04/17 22:43:03 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/04/17 21:54:25 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Marvel Heroes Beta.lnk
[2013/04/16 22:57:25 | 000,035,329 | ---- | M] () -- C:\Users\Ryan\Documents\62683_633579436655402_266888101_n.jpg
[2013/04/14 21:15:00 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Ryan.job
[2013/04/12 19:18:07 | 000,489,325 | ---- | M] () -- C:\Users\Ryan\Documents\Dabes pingetest.png
[2013/04/11 12:37:45 | 000,001,626 | ---- | M] () -- C:\Users\Ryan\Desktop\LostSaga.lnk
[2013/04/11 12:37:06 | 647,292,647 | ---- | M] () -- C:\Users\Ryan\Desktop\LostSagaUS_Setup.exe
[2013/04/11 11:25:57 | 000,559,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/09 18:33:12 | 000,000,242 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/09 16:05:48 | 000,002,363 | ---- | M] () -- C:\Users\Ryan\Desktop\Google Chrome.lnk
[2013/04/08 20:53:01 | 000,173,491 | ---- | M] () -- C:\Users\Ryan\Documents\bryanstars pokemon.png
[2013/04/06 22:59:31 | 000,448,799 | ---- | M] () -- C:\Users\Ryan\Documents\DA DA DA DA DA.png
[2013/04/04 19:33:15 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/01 10:34:41 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus.lnk
[2013/03/31 22:16:08 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/03/27 18:09:48 | 000,605,588 | ---- | M] () -- C:\Users\Ryan\Documents\james.mp3
[2013/03/27 18:01:15 | 000,070,210 | ---- | M] () -- C:\Users\Ryan\Documents\James.flp
[2013/03/25 20:17:25 | 000,002,305 | ---- | M] () -- C:\Users\Ryan\Desktop\Warframe.lnk
[2013/03/24 19:39:07 | 000,000,996 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2013/03/24 19:39:07 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2013/03/21 20:22:12 | 000,000,222 | ---- | M] () -- C:\Users\Ryan\Desktop\Loadout.url
[2013/03/20 22:45:59 | 000,065,353 | ---- | M] () -- C:\Users\Ryan\Documents\al.JPG

========== Files Created - No Company Name ==========

[2013/04/18 20:59:05 | 008,910,352 | ---- | C] () -- C:\Users\Ryan\Documents\JAMS2.jpg
[2013/04/18 20:17:54 | 004,621,008 | ---- | C] () -- C:\Users\Ryan\Documents\IMG_0355.JPG
[2013/04/17 16:04:27 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Marvel Heroes Beta.lnk
[2013/04/16 22:57:23 | 000,035,329 | ---- | C] () -- C:\Users\Ryan\Documents\62683_633579436655402_266888101_n.jpg
[2013/04/12 19:18:06 | 000,489,325 | ---- | C] () -- C:\Users\Ryan\Documents\Dabes pingetest.png
[2013/04/11 12:37:45 | 000,001,626 | ---- | C] () -- C:\Users\Ryan\Desktop\LostSaga.lnk
[2013/04/11 12:13:31 | 647,292,647 | ---- | C] () -- C:\Users\Ryan\Desktop\LostSagaUS_Setup.exe
[2013/04/08 20:53:00 | 000,173,491 | ---- | C] () -- C:\Users\Ryan\Documents\bryanstars pokemon.png
[2013/04/06 22:59:04 | 000,448,799 | ---- | C] () -- C:\Users\Ryan\Documents\DA DA DA DA DA.png
[2013/04/04 19:33:15 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/04 19:33:15 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/01 10:34:41 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus.lnk
[2013/03/31 22:16:08 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/03/27 18:09:24 | 000,605,588 | ---- | C] () -- C:\Users\Ryan\Documents\james.mp3
[2013/03/27 18:01:14 | 000,070,210 | ---- | C] () -- C:\Users\Ryan\Documents\James.flp
[2013/03/25 20:17:25 | 000,002,305 | ---- | C] () -- C:\Users\Ryan\Desktop\Warframe.lnk
[2013/03/24 17:59:20 | 000,000,996 | ---- | C] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2013/03/24 17:59:20 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2013/03/22 15:43:18 | 000,000,242 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/03/21 20:22:12 | 000,000,222 | ---- | C] () -- C:\Users\Ryan\Desktop\Loadout.url
[2013/03/20 22:45:56 | 000,065,353 | ---- | C] () -- C:\Users\Ryan\Documents\al.JPG
[2013/03/07 19:44:41 | 000,273,348 | ---- | C] () -- C:\Users\Ryan\Picture of me 23.png
[2013/03/07 19:44:41 | 000,148,600 | ---- | C] () -- C:\Users\Ryan\Picture of me 66.png
[2013/02/26 18:18:43 | 000,043,526 | ---- | C] () -- C:\Windows\SysWow64\lsUninstall.exe
[2013/01/27 18:01:27 | 000,010,856 | -HS- | C] () -- C:\Users\Ryan\Folder.jpg
[2013/01/27 18:01:27 | 000,010,856 | -HS- | C] () -- C:\Users\Ryan\AlbumArt_{C8244E50-308F-44BA-9D8A-EA5F31B2EE7A}_Large.jpg
[2013/01/27 18:01:27 | 000,002,627 | -HS- | C] () -- C:\Users\Ryan\AlbumArtSmall.jpg
[2013/01/27 18:01:27 | 000,002,627 | -HS- | C] () -- C:\Users\Ryan\AlbumArt_{C8244E50-308F-44BA-9D8A-EA5F31B2EE7A}_Small.jpg
[2013/01/27 17:57:29 | 014,338,344 | ---- | C] () -- C:\Users\Ryan\LOVE STORY (Taylor Swift) meets VIVA LA VIDA (Coldplay) - Piano Cello - by Jon Schmidt.mp3
[2013/01/27 17:57:29 | 002,209,386 | ---- | C] () -- C:\Users\Ryan\Pirates of the Caribbean [Main Theme]-[www_2conv_com].mp3
[2012/11/07 21:48:27 | 000,001,456 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/11/02 21:03:17 | 000,005,632 | ---- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/18 21:57:12 | 000,099,384 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\inst.exe
[2012/10/18 21:57:12 | 000,007,859 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\pcouffin.cat
[2012/10/18 21:57:12 | 000,001,167 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\pcouffin.inf
[2012/10/18 21:56:15 | 000,001,057 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\vso_ts_preview.xml
[2012/10/08 15:52:52 | 000,004,940 | ---- | C] () -- C:\Users\Ryan\AppData\Local\recently-used.xbel
[2012/08/21 17:21:53 | 000,764,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/09 11:43:15 | 000,000,043 | ---- | C] () -- C:\Users\Ryan\jagex_cl_runescape_LIVE.dat
[2012/07/09 11:43:15 | 000,000,024 | ---- | C] () -- C:\Users\Ryan\random.dat
[2012/05/06 22:48:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/18 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\.minecraft
[2012/11/10 15:07:30 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Audacity
[2012/09/30 11:42:07 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\AVG2013
[2013/04/17 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Awesomium
[2013/02/18 18:30:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Blender Foundation
[2012/07/04 21:00:39 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DAEMON Tools Pro
[2012/07/28 13:14:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DarkBlood ServiceNa
[2012/10/18 22:33:04 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DVDVideoSoft
[2012/10/19 13:20:26 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\FreeBurner
[2012/10/19 13:26:09 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\FreeMoviesToDVD
[2012/10/07 12:09:27 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\GoforFiles
[2013/03/24 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Guitar Pro 6
[2012/12/12 19:44:55 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Image-Line
[2013/01/12 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Line 6
[2012/05/07 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient
[2012/05/23 17:34:21 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient2
[2012/08/26 10:47:14 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Origin
[2012/07/04 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\PowerISO
[2012/09/12 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\PrettyMay
[2013/02/09 17:47:01 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Publish Providers
[2013/01/08 17:11:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\REAPER
[2013/02/24 15:51:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Sony
[2013/03/24 18:40:58 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Steinberg
[2013/03/18 16:17:15 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TeamViewer
[2012/09/30 11:39:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TuneUp Software
[2012/08/31 18:14:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Unity
[2013/04/12 21:35:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2012/10/18 21:57:13 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Vso
[2012/11/10 13:38:42 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Waves Audio
[2013/03/19 18:05:26 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

< >
[2009/07/14 01:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 01:08:49 | 000,032,624 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/06 23:44:08 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/09/07 15:48:05 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074730859-2459709911-2909860712-1000Core.job
[2012/09/07 15:48:06 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074730859-2459709911-2909860712-1000UA.job
[2012/11/01 16:55:14 | 000,000,410 | -H-- | C] () -- C:\Windows\Tasks\OptimizerPro1UpdaterTask{62EF6FC1-9EAF-4801-9459-BE3BC674404D}.job
[2012/11/20 21:53:14 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/11/20 21:53:15 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/02/09 20:56:23 | 000,000,446 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Ryan.job

< >

< End of report >
  • 0

#4
Sh3llfish
Posted 19 April 2013 - 06:23 PM

Sh3llfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL Extras logfile created on: 4/19/2013 4:37:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ryan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 48.07% Memory free
7.98 Gb Paging File | 5.31 Gb Available in Paging File | 66.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 153.95 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive D: | 196.35 Gb Total Space | 196.24 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive E: | 39.10 Mb Total Space | 30.29 Mb Free Space | 77.46% Space Free | Partition Type: FAT
Drive G: | 310.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RYANS-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB89725-2DD2-4F5B-81C5-42C7E91866C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12099CED-35F9-4B61-B441-23CAC0369777}" = lport=138 | protocol=17 | dir=in | app=system |
"{1824E5C3-5CD5-4701-AF77-0728EFFC63FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{21D61071-7A04-4AC4-98C5-091519B56556}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CB52F7A-C25F-4D1B-8783-A97FCBBF4AAF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41085DF2-A596-4C52-A00C-EE0C7DC23E08}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4192736E-4AF0-4F5B-BB7E-88D07AB3F6E3}" = lport=139 | protocol=6 | dir=in | app=system |
"{47BBCC3F-BF25-4C36-8790-97BE1784D783}" = lport=2869 | protocol=6 | dir=in | app=system |
"{522E7897-3454-43A9-8C69-1B33ED225EA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{64E46831-D143-48C6-B44A-ABEA0CFEE285}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E6EA29D-0BAD-4D07-852C-FCCBA24A62CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AFB7CFF-F27E-4505-B13A-04317B52685D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DD10650-7197-4DC0-BAE6-07812D379FBC}" = rport=80 | protocol=6 | dir=out | app=c:\users\ryan\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{7EF7FBD1-2194-47B3-B364-4D22889411F7}" = lport=445 | protocol=6 | dir=in | app=system |
"{842FDC4A-3555-42F8-9614-24CC76A43159}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{84D6502F-0F80-4E11-9A68-BE99C28B41DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A3B865D6-135A-4183-84ED-A326A65923E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A69EDBF3-65AA-450F-9537-3AFDAB709ACF}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF8C5C80-18DB-48C6-B554-83520AA14D5C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6E166C4-1970-45CA-A2B5-30FF6C501367}" = rport=445 | protocol=6 | dir=out | app=system |
"{C23D4930-6FCC-4876-B2F0-ACA3849E9425}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CA263C66-465F-449D-9293-ACD305288FB4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DEAB7081-72CC-4E50-84CF-5F1903593A1D}" = rport=139 | protocol=6 | dir=out | app=system |
"{E3ABF3AD-8C55-42F5-9EBE-06BB8B3199F1}" = lport=137 | protocol=17 | dir=in | app=system |
"{E5E4BCCF-7BCB-48B4-9947-CB901E161969}" = rport=80 | protocol=6 | dir=out | app=c:\users\ryan\appdata\local\warframe\downloaded\public\warframe.exe |
"{EAE83D7E-AB37-4100-BD71-549A4825EBAE}" = rport=80 | protocol=6 | dir=out | app=c:\users\ryan\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{FBCDF96F-8D28-4787-83C4-92651AD4D338}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0083CC8F-2809-4A3F-B9AF-F3D57FF0073F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0132A533-9396-4A50-8694-764754DEB279}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{05F5E10A-69CC-4723-AFCE-BF85467E2FD2}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{071C1F98-920B-45E1-91C8-AC78EF1E25CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{07AFFE8B-12F6-40C3-A60D-771D5B13427B}" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"{0943406D-180F-4FC6-AD4A-68865510D112}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsaga\autoupgrade.exe |
"{09D3E813-2782-43C9-B4AA-DDAD39CF0681}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0C6822FD-88FD-438A-A391-CCFDC5D58277}" = protocol=1 | dir=in | [email protected],-28543 |
"{0DD6718B-47E3-47CD-8E26-721CCD94F925}" = protocol=6 | dir=in | app=c:\program files\lostsaga\autoupgrade.exe |
"{100168C3-E32F-4C8A-868B-E60487C50B3D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{12221F3C-CA75-4BF4-9892-088FD22CF7E7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{13649D4F-044E-4D61-BDF2-5BF146ED50E1}" = protocol=17 | dir=in | app=c:\program files (x86)\outspark\darkblood\darkblood.exe |
"{18994A03-7320-472F-B65A-FAC35C2605D7}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{1B1AD762-38F6-4EAB-8B06-D48BAA9AC688}" = protocol=17 | dir=in | app=c:\program files\lostsaga\lostsaga.exe |
"{1F3CB06E-3ED0-45EF-8A99-5DBDA68E9AB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{20B15B0D-CA7B-4BCF-9FF7-3509642A1BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2264D41F-EFFD-4DD9-9383-10D70814B0BB}" = protocol=6 | dir=in | app=c:\program files (x86)\outspark\darkblood\darkblood.exe |
"{2331DCCF-1948-4E8B-9488-F14ACFC70B8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{234D0CEC-55A1-4EB1-B69C-B14FBB21B322}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{273E609A-C5C7-46A2-B383-E21A4D052F3C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2821E960-1BDA-4054-A55D-8071E640B87E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{29963489-CD97-463C-A315-B3C813C4D434}" = protocol=17 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{2A9414C4-BF5F-4653-B7D6-FF451587E55B}" = protocol=6 | dir=in | app=c:\program files (x86)\kill3rcombo\elsword\data\x2.exe |
"{2AAB0046-323D-49BA-AD7C-DD4A00154B59}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2BA5F9B2-965D-47E6-B368-700A04AC743B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{2FD3A22A-714E-481F-A6E4-BD4CCCE8DF99}" = protocol=17 | dir=out | app=c:\users\ryan\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{3031411E-DAA6-4CB8-9BFB-DC06757FE103}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{31B2D41E-90FC-4B51-BD78-2881EF249490}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{329BCA97-29CB-4569-BE94-BA7A9F4B0E2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe |
"{38538E22-3D5E-493A-896E-DAE54BB33354}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{3FC87D8F-AD5E-42FD-B62E-C054BBEEA699}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40A7457B-A990-42A7-AEA6-260A3346C17C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{42065EDB-1669-494B-873D-C4A60FEA1399}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsaga\autoupgrade.exe |
"{439FFEF5-5D10-48D1-A230-238774C0FFD1}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{4456D8D8-F3B7-40A1-86DF-5BCF702B137B}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsaga\autoupgrade.exe |
"{45B81935-AC94-4E4F-A434-99BFF091F74B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{487C0503-DE31-4D46-88A5-2EA56D396F12}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{4A8B2EAB-05BB-4842-A01C-9A4EEC2770EE}" = protocol=6 | dir=in | app=c:\program files (x86)\webzen\c9\c9.exe |
"{4B795D05-BDCA-4C1C-B582-F7BFF3C8625C}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{4CD85C95-1A20-4D44-B00D-CDB732D182F9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4D416AD8-DCA6-4A82-B42F-9F76FF02FA49}" = protocol=17 | dir=in | app=c:\users\ryan\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{4E0912FC-6D29-4BD1-8C6A-4F0CE511EBC1}" = protocol=6 | dir=in | app=c:\program files\lostsaga\autoupgrade.exe |
"{4E68745C-9AA1-42B5-AF0E-1DEBB4139FA0}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{4EA8F1EE-7FEA-4F68-856B-A7BBB282E50C}" = protocol=58 | dir=in | [email protected],-28545 |
"{53824606-CE1B-4167-A1F5-D74FEC7B075D}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{547D0CD9-30E9-40E7-BBAD-819E6939A465}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{555C503C-3E4F-4391-8581-B666BB9B3743}" = protocol=6 | dir=in | app=c:\sg interactive\grand chase\main.exe |
"{5859A635-5881-4097-90A8-D3BECE4B8034}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{5CB193AF-359E-45EC-A01E-397D567002CD}" = protocol=17 | dir=in | app=c:\users\ryan\appdata\local\warframe\downloaded\public\warframe.exe |
"{5CB3118F-A6AE-4B13-8B6C-34FA84DE35B5}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{5FC9D922-AEA0-43D3-A653-F6A2D8397ABC}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsaga\lostsaga.exe |
"{60F7EFE2-66FA-4E9E-BA94-06F0B1764F91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{6834848B-C781-4BE5-8494-99A67D07301B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{68B2A11A-E425-44DB-B5EB-BC7AD10ED4DC}" = protocol=17 | dir=in | app=c:\program files\lostsaga\lostsaga.exe |
"{6F2BF0BC-6B2A-43AB-BB4F-450F346D3341}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{71A2FE4B-188D-4885-B9E4-C9711A22359F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{764C2349-491C-41D5-8AE4-C8CF45E5200C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7708FE7C-6BA5-40DE-AFD6-F6D275375BAD}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsaga\lostsaga.exe |
"{83BB006E-67FC-4D44-BE11-C7AD4E8FB94D}" = dir=in | app=c:\brickforce\brickforce.exe |
"{84947CF6-3B37-47E0-9858-3D2B66F0977E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{84C9008A-8F19-49A9-B035-94FD03D5EDC2}" = protocol=17 | dir=in | app=c:\sg interactive\grand chase\main.exe |
"{85714D9D-76E5-4350-A3BD-D9A6EFB57117}" = protocol=6 | dir=in | app=c:\wemadeusa\lost saga\autoupgrade.exe |
"{868465F8-A068-4C1E-B31E-994FB792082A}" = protocol=6 | dir=in | app=c:\wemadeusa\lost saga\lostsaga.exe |
"{8712924B-0557-4E83-9A4C-9A9F5D9CE0AD}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsaga\autoupgrade.exe |
"{8AA5D0AC-FBEB-46DF-A04A-0F5CE381950E}" = dir=in | app=c:\users\ryan\appdata\local\microsoft\skydrive\skydrive.exe |
"{8C277575-7050-44CF-A81D-0AAB7BD63B07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8C3847A3-4C30-44AE-8D14-06D1193BE361}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsaga\lostsaga.exe |
"{8F60B6A1-B25E-4E6A-B06F-C00CF4AAA45B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{913ED9CA-E81C-4845-AF3D-A6EB9407F7C4}" = protocol=17 | dir=in | app=c:\program files\lostsaga\autoupgrade.exe |
"{92296B6D-56C4-4DEB-ACA6-C2AFEE7F6ABA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{92D1EBB9-32F2-4363-8532-2D0CC3596DDC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{93210E72-C422-47AC-B38F-C5370EAE5DE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{94911165-BF16-4815-BA15-C2F86D299FAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{94ECB815-41FF-45E6-8078-B7849F7E6038}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{95B172FF-2E22-402D-8A06-082A3C5DA1A0}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsaga\lostsaga.exe |
"{97697BB2-7257-44F2-BD97-8A8B4CEFF7CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9CD20490-50BB-430A-AB25-427E5D944FE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0952FAF-E1BA-41E1-A5B5-7987FFF3B93A}" = protocol=6 | dir=out | app=system |
"{A12ACCFC-9342-4C4C-BE2C-3EBCB4F0F158}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{A3812B85-3B5E-4E36-AE03-9E4ACEE68B46}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{A3DDD5B7-4E59-4B67-BCED-0479FEA5960C}" = dir=in | app=c:\brickforce\bflauncher.exe |
"{A9C2EF87-62B2-4B1D-BC70-EC8C5DFF8BF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABC38E19-7308-462C-B486-C457F7F76FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{AF451B92-1511-47AB-A42C-A7A5A2C8CA46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{AFCCEE21-26ED-4E94-927C-7A06165ED04E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{B2B4988C-56F6-4D3B-AD48-854F37CE16D2}" = protocol=17 | dir=in | app=c:\program files\lostsaga\autoupgrade.exe |
"{B2E8E9DC-9E8D-4D70-B276-5A8341F5BF0B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{B4CB7E50-C30E-4317-9D9F-4EA6E4716919}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B83F0584-8A2B-41EC-9A86-A69C4A201E60}" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"{B8426B71-45AE-4693-8BFE-845B7CF43269}" = protocol=6 | dir=in | app=c:\program files\lostsaga\lostsaga.exe |
"{BAA45213-608A-4249-A04E-A6F8FDF574E4}" = protocol=58 | dir=out | [email protected],-28546 |
"{BBEE0C5F-CA30-4C3B-8EC2-04182B425EF5}" = protocol=17 | dir=in | app=c:\wemadeusa\lost saga\lostsaga.exe |
"{BE70DC63-7DBF-4B89-B450-2711B5C175D5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C087FEF0-B571-4DBE-8103-4FB20C616554}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C30DB5E5-43DA-4B68-B46E-634404DCE4C4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C428EFC6-B9FC-4548-ACF4-EA34434C031A}" = protocol=1 | dir=out | [email protected],-28544 |
"{C4F840E8-2EC9-4B4B-B468-2E659C9746EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C63C1D0C-81CE-4707-B5BC-A472AA0C1C6C}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{C9E4AC37-32E1-42C1-88EC-FAD2CFA292F7}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CB014B97-5D98-4B1B-B125-3233A490A2E1}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{CB28CDC9-D0A5-4937-AF91-2AC7E8265A97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{CEC327E9-5A82-419F-9BA9-BB14B91DD2EE}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{CF9D7F45-9766-46EF-AFA5-AD0BD0A41C23}" = protocol=6 | dir=in | app=c:\program files\lostsaga\lostsaga.exe |
"{D68F4ED9-6B22-48A5-93F1-8F48CED981AB}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{D7ADD80A-1A62-4EAF-B23C-043CDEA83643}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D99F2EE7-1226-4359-A206-549CEAF13476}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBE7A4B9-1F21-48EE-B239-FF4602E171A2}" = protocol=17 | dir=in | app=c:\wemadeusa\lost saga\autoupgrade.exe |
"{DC90131B-65BC-42A9-807E-D881C2447B1C}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{DD2B6332-EABB-4847-B4CB-4D4128EE0AE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE6BE276-B982-404A-9E5A-98807FFADA69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E07F0722-2E53-4097-A3AE-735B87CF02B9}" = protocol=17 | dir=out | app=c:\users\ryan\appdata\local\warframe\downloaded\public\warframe.exe |
"{E145DD06-7F5C-4FF5-B915-22CF065476DD}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{E23969DB-9C7E-407F-BAFB-333B23031629}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{E35F6527-D5F8-4E81-93A2-1ED6D1B92CD2}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{E542EDDC-9713-4D3F-B1F4-113D0A0C856D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E8AFDCB3-2FBA-43B2-B10F-E5EE283E62A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E8BE31EB-B08A-4B90-BB53-1243633FD209}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{E956CC12-130D-459D-B4F4-B84370B15900}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{E9CD2955-8F17-41F1-8090-B4D0416D04DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EAE28118-3535-4DAC-A7AF-5A0ED28745D3}" = protocol=17 | dir=in | app=c:\program files (x86)\webzen\c9\c9.exe |
"{F02FA7F1-E5B8-4310-AFFD-78DEA2D0882D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{F2696354-275D-43A4-89F5-FDB7F9D7BD17}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{F5CFA4E5-902D-4D86-8D4E-6FDFC884EDEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAC651FD-FCB6-457E-A28E-F9612E5E5866}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe |
"{FC88D77D-7B2A-4F93-85F9-70392F495176}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FCA04ED3-E68D-4889-AD9C-4E2C78A9D5A3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCD8EDFB-A978-4380-823E-B28AB131C173}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FCEC866A-9773-4164-B885-BFC890D1796B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{FD4B94C0-E79F-4C65-8E69-217850C03D19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"TCP Query User{08EAB614-085D-4EF7-8A38-87AAC54EA3A5}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{0BF9A866-564D-467B-916D-8FA3B6AA966D}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{16F07741-948E-4738-99C8-5DA02EFFD980}C:\program files (x86)\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"TCP Query User{1F6F27E3-AC7F-41EE-A10B-1B9E8A0BF922}C:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"TCP Query User{2DD6C7DA-0B20-4142-9283-7AF06AC986C9}C:\program files (x86)\prettymaybasic\prettymay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\prettymaybasic\prettymay.exe |
"TCP Query User{30DBDAF8-8C9F-4F9C-9492-E32FB70BFFCF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{39F007DB-A571-47AD-B113-8F4A4667A8F8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{3A8045C5-BFB4-4657-A2AB-19F8A38EDFDE}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{4782241C-E83A-4772-805A-361C955BA949}C:\users\ryan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\ryan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{54673575-CCD0-4D42-9427-C95C9BD64E44}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{7B8D635D-87BE-43E1-AC20-8708DB4C1A2D}C:\users\ryan\downloads\nw.1.20130309a.7.exe" = protocol=6 | dir=in | app=c:\users\ryan\downloads\nw.1.20130309a.7.exe |
"TCP Query User{9088C357-68F6-4311-9148-E442779757D9}C:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{9CE97696-747C-4756-9E54-2900F7499C1A}C:\program files (x86)\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{9E7B7850-3C6B-473E-A83C-6ACFDC927A46}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{B0043367-559A-4E85-955C-C246BD266B83}C:\users\ryan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\ryan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D73C8B16-3B76-45B1-97AD-14AC998253FA}C:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe |
"TCP Query User{E419D6B2-9997-404C-ADF5-1878C600032E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{10C7C389-2791-40F3-8C75-2E696AD7CEBF}C:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{21B0E202-12A1-4086-A3EA-ADC643ADB5F8}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{2585BA90-75BE-4D97-94F2-C1F9CC024EFF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{3DD67972-A41B-4C65-8A97-AFED06CFBFCA}C:\program files (x86)\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"UDP Query User{5B1F725A-96FA-47AE-981D-9E2C016A2AE3}C:\users\ryan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\ryan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{60E7DEEA-DEB9-4094-ADE4-9AB3BCC43153}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{65339824-6633-4B12-AB47-49EC30953080}C:\program files (x86)\prettymaybasic\prettymay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\prettymaybasic\prettymay.exe |
"UDP Query User{6B3936E5-DE38-4082-8C47-F990E8A4741A}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{84CE802C-7663-43C9-8730-2FEA288B0259}C:\program files (x86)\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{921ADAF3-61CB-4E97-B712-B6D482EDD30A}C:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"UDP Query User{BD350020-6295-4506-B6A8-9F2DDBE28FC6}C:\users\ryan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\ryan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D0BEE37A-1713-41F6-ADE7-442E16D85C68}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{D8A28B1C-FC4B-410E-AF76-00391976C048}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{E50EB6FA-63B7-4305-AC64-6898B6DD6208}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{EB0238DA-A79C-47D8-AC72-0EDE34572295}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{EBC5CDB3-4423-4CDA-B7DD-161A744D8629}C:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe |
"UDP Query User{F4E8DFE8-03AF-468C-9BF1-12161FC8FC46}C:\users\ryan\downloads\nw.1.20130309a.7.exe" = protocol=17 | dir=in | app=c:\users\ryan\downloads\nw.1.20130309a.7.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}" = Superior Drummer 64 bit
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{80E801DB-5288-4447-AAC2-27F329B61C6E}" = EZDrummer64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"REAPER" = REAPER (x64)
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E52CE1A-33C4-4708-BB95-9877A5DADACF}" = Amolto Call Recorder for Skype
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4DCFD0F-7B68-4C44-B208-99027AD1AC69}" = keFIR VST plugin
"{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1" = Elsword version v3.0130.6.1
"{E7969A0C-9FDF-4CAA-8AE7-52DD55C02709}" = Warframe
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"{FF222EB6-6FE1-486E-A9E8-93B5D5D72A8C}_is1" = Grand Chase version 122012
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"e" = a
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 10" = FL Studio 10
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Line 6 Uninstaller" = Line 6 Uninstaller
"LostSaga_IOEntertainment_afb2d3c6" = ·Î½ºÆ®»ç°¡
"LostSagaActiveX" = 로스트사가 ActiveX
"LostSagaUS" = Lost Saga
"MapleStory" = MapleStory
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Service Center" = Native Instruments Service Center
"NSS" = Norton Security Scan
"PowerISO" = PowerISO
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Steam App 204300" = Awesomenauts
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 208090" = Loadout
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 43110" = Metro 2033
"Steam App 4560" = Company of Heroes
"Steam App 50620" = Darksiders
"Steam App 55110" = Red Faction: Armageddon
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
"teraenmasse" = TERA
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/17/2013 3:31:39 PM | Computer Name = Ryans-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/17/2013 3:33:01 PM | Computer Name = Ryans-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2013 3:13:08 PM | Computer Name = Ryans-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/18/2013 3:16:01 PM | Computer Name = Ryans-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2013 7:20:43 PM | Computer Name = Ryans-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/18/2013 7:22:03 PM | Computer Name = Ryans-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2013 9:06:13 PM | Computer Name = Ryans-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/18/2013 9:07:57 PM | Computer Name = Ryans-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2013 9:40:09 PM | Computer Name = Ryans-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/19/2013 3:28:57 PM | Computer Name = Ryans-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/19/2013 3:31:34 PM | Computer Name = Ryans-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ System Events ]
Error - 4/17/2013 3:55:57 PM | Computer Name = Ryans-PC | Source = Service Control Manager | ID = 7030
Description = The BitRaider Mini-Support Service service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 4/17/2013 10:39:25 PM | Computer Name = Ryans-PC | Source = bowser | ID = 8003
Description =

Error - 4/17/2013 10:51:25 PM | Computer Name = Ryans-PC | Source = bowser | ID = 8003
Description =

Error - 4/17/2013 11:03:28 PM | Computer Name = Ryans-PC | Source = bowser | ID = 8003
Description =

Error - 4/18/2013 3:12:56 PM | Computer Name = Ryans-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 4/18/2013 3:13:00 PM | Computer Name = Ryans-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 4/18/2013 7:19:23 PM | Computer Name = Ryans-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:17:53 PM on ?4/?18/?2013 was unexpected.

Error - 4/18/2013 7:19:57 PM | Computer Name = Ryans-PC | Source = BugCheck | ID = 1001
Description =

Error - 4/18/2013 9:03:37 PM | Computer Name = Ryans-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 4/18/2013 11:29:39 PM | Computer Name = Ryans-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >
  • 0

#5
Sh3llfish
Posted 19 April 2013 - 06:24 PM

Sh3llfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-19 20:20:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 WDC_WD5000AAKS-75V0A0 rev.05.01D05 465.76GB
Running: wi01h3o7.exe; Driver: C:\Users\Ryan\AppData\Local\Temp\kglorpog.sys


---- Registry - GMER 2.1 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Ryan\AppData\Local\Temp\JREInstall\x3031\x3237.exe 1

---- EOF - GMER 2.1 ----
  • 0

#6
maliprog
Posted 21 April 2013 - 11:21 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Sh3llfish,

Your OTL log is pretty clean. Let's do two more scans.

Step 1

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • adwCleaner log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#7
Sh3llfish
Posted 23 April 2013 - 02:51 PM

Sh3llfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\99e1q53x.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.23] : icon_url = "hxxp://websearch.mocaflix.com/favicon.ico",
Deleted [l.26] : keyword = "websearch",
Deleted [l.30] : search_url = "hxxp://websearch.mocaflix.com/?l=1&q={searchTerms}",
Deleted [l.31] : suggest_url = "hxxp://websearch.mocaflix.com/?l=1&q={searchTerms}"

*************************

AdwCleaner[S1].txt - [12619 octets] - [22/03/2013 15:41:45]
AdwCleaner[S2].txt - [1494 octets] - [09/04/2013 18:33:04]
AdwCleaner[S3].txt - [1271 octets] - [22/04/2013 16:02:00]

########## EOF - C:\AdwCleaner[S3].txt - [1331 octets] ##########










There were no detected threats from the kaspersky scan so I couldn't click save.
  • 0

#8
maliprog
Posted 23 April 2013 - 11:17 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Sh3llfish,

Download and run Puran Disc Defragmenter

NOTE: If it ask you to install and toolbar or any other software Skip the offer

Click on Boot Time Defrag button and choose Restart-Defrag-Restart + Disk check

Posted Image

Test you system after this and tell me how is it now.
  • 0

#9
maliprog
Posted 29 April 2013 - 11:08 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP