Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot Run Executables-Windows Signature Error

Started by oze , Jul 26 2013 10:14 AM

  • Please log in to reply

#1
oze
Posted 26 July 2013 - 10:14 AM

oze

    Member

  • Member
  • PipPip
  • 44 posts
Dell desktop, runninig Windows 7,used by son for online gaming.

Multiple symptoms--IE 10 crashes, Firefox spawns so many Flashplayer plugins that it bogs down to being unusable. Cannot run .exe files, including a Firefox update, but even more worrysome, is the newly-downloaded OTL executable I try to run. Neither SuperAntiSpyware nor MAB find any infections. HELP and thanks!

Attached File  Windows Signature Error.rtf   1.02MB   175 downloads

Edited by oze, 26 July 2013 - 10:19 AM.

  • 0

Advertisements

#2
oze
Posted 26 July 2013 - 12:01 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Sorry for the bump. I was able to reboot and disable Windows signature enforcement. Now I am able to run OTL--log is attached. This was run *before* creating the rescue disk.

Subsequent to running OTL, I was able to get Malwarebytes to run--it found over 100 instances of TrojanFakeMS. I had MAB delete them--now computer will not reboot.

Created AVG rescue disk per instructions on this site, from which I was able to access my computer and perform another scan. Over 1000 instances of Win32/EXPIRO were found; I'm guessing every executable file on the computer was infected. I selected "Rename" and attempted a reboot; no success. I then ran the scan again, selected "Heal", attempted another reboot, which also failed.

I am completely at a loss, and fear that the computer is now in an unrecoverable state. Any hope? Thanks.

OTL logfile created on: 7/26/2013 1:49:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oze\Desktop\Malware
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.53 Gb Available Physical Memory | 79.46% Memory free
23.98 Gb Paging File | 21.45 Gb Available in Paging File | 89.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.73 Gb Total Space | 1438.34 Gb Free Space | 77.76% Space Free | Partition Type: NTFS
Drive D: | 683.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 75.66 Gb Free Space | 16.24% Space Free | Partition Type: NTFS

Computer Name: OZE-PC | User Name: Oze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/26 12:15:34 | 001,114,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oze\Desktop\Malware\OTL.exe
PRC - [2013/07/25 18:40:30 | 002,760,704 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/07/25 17:30:48 | 000,569,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/22 20:43:23 | 001,551,872 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013/02/02 13:10:32 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
PRC - [2013/01/02 15:43:58 | 003,835,656 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe
PRC - [2013/01/02 15:43:58 | 001,105,672 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
PRC - [2012/12/19 15:10:46 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/12/15 14:29:55 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/12/15 14:29:44 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/31 19:10:10 | 000,026,264 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/11 18:48:10 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/06/30 05:01:40 | 003,597,520 | ---- | M] (PC Pitstop, LLC) -- C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/05/01 15:35:54 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\MaxSync.exe
PRC - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/22 21:32:49 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013/07/22 21:32:49 | 000,145,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/07/11 03:35:49 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\76a252e7a04bef4c81c5199d477d117f\IAStorUtil.ni.dll
MOD - [2013/07/11 03:31:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2c5c86bb5156ff508ca8045aff50a482\System.Core.ni.dll
MOD - [2013/07/11 03:31:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 03:31:04 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll
MOD - [2013/07/11 03:31:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 03:30:52 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll
MOD - [2013/07/11 03:30:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/11 03:30:39 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/11 03:30:35 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 03:30:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/11 03:30:32 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll
MOD - [2013/07/11 03:30:25 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/11 03:30:22 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 03:30:19 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/19 15:43:34 | 000,092,440 | ---- | M] () -- C:\Users\Oze\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll
MOD - [2013/06/19 15:43:32 | 000,136,472 | ---- | M] () -- C:\Users\Oze\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll
MOD - [2013/01/02 15:44:00 | 000,181,512 | ---- | M] () -- C:\Program Files (x86)\PCPitstop\SuperShield\pcmaticRTen.dll
MOD - [2012/09/03 22:18:42 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\PCPitstop\SuperShield\sqlite3.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/26 13:44:58 | 000,705,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2013/07/22 20:43:24 | 008,782,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2013/07/22 20:43:24 | 000,972,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2013/07/22 20:43:24 | 000,811,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2013/07/22 20:43:24 | 000,563,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 22:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/11/11 10:09:47 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (gpsvc)
SRV - [2013/07/26 13:44:59 | 003,329,536 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2013/07/26 13:44:58 | 002,976,256 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/07/25 18:27:28 | 000,762,880 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/25 17:31:11 | 001,063,424 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/25 17:30:48 | 000,569,856 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/07/24 20:09:42 | 001,425,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2013/07/22 20:43:24 | 001,622,016 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2013/07/22 20:43:24 | 000,724,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2013/07/22 20:43:23 | 001,551,872 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/07/22 20:43:23 | 000,675,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2013/07/22 20:43:23 | 000,638,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2013/07/22 20:43:23 | 000,636,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/22 20:43:23 | 000,621,568 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/22 20:43:23 | 000,519,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe -- (GoToAssist)
SRV - [2013/07/22 20:43:22 | 000,572,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/02 13:10:32 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2013/01/02 15:43:58 | 003,835,656 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe -- (PCPitstop Realtime)
SRV - [2012/12/15 14:29:55 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/12/15 14:29:44 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/11 18:48:06 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/03 02:18:52 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/03/28 23:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 22:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/24 13:39:02 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/06/13 03:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/05/28 07:09:04 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/14 19:04:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/14 19:04:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/29 17:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/08/31 13:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/05/20 17:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/10/27 03:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/27 03:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/24 08:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/23 15:07:28 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/10 00:16:22 | 000,023,552 | ---- | M] (defrag Development Team) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dfg.sys -- (dfg)
DRV - [2007/07/26 05:00:00 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2005/12/15 20:13:34 | 000,274,432 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\fwdrv.sys -- (fwdrv)
DRV - [2005/12/15 16:27:52 | 000,034,639 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\FTD2XX.sys -- (FTD2XX)
DRV - [2004/04/10 09:43:54 | 000,004,608 | ---- | M] ([email protected]) [Kernel | System | Running] -- C:\Windows\SysWOW64\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2001/08/18 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\winsock.dll -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - C:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.c...bcxt=mai&snsc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/login.php
IE - HKCU\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - C:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{559AD454-1436-4F25-9E5B-4875FD15109D}: "URL" = http://search.condui...859071282486711
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{A7F6DF8B-04EC-4DA9-80A5-C1E5B7E7C17F}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{FC3DAE29-BD2B-4966-8A71-C0715E9A982E}: "URL" = http://www.ask.com/w...src=0&o=0&l=dir
IE - HKCU\..\SearchScopes\04ECA680E25141F78490AE894BBE9585: "URL" = http://isearch.avg.c...sa&d=2012-06-30 15:29:53&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...13524572984971"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com/"
FF - prefs.js..extensions.enabledAddons: disconnect%40disconnect.me:1.0.1
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.5
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
FF - prefs.js..extensions.enabledAddons: %7B595b0a3f-adff-4c15-b0b5-3b97e42ea839%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.9rc1
FF - prefs.js..extensions.enabledAddons: %7Bec9032c7-c20a-464f-7b0e-13a3a9e97385%7D:1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {595b0a3f-adff-4c15-b0b5-3b97e42ea839}:1.0
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.4
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6
FF - prefs.js..keyword.URL: "http://search.condui...24572984971&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Oze\AppData\Local\Roblox\Versions\version-14148f7d00f24d47\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Oze\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/07 18:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/08 23:08:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/04/20 14:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/07/08 23:08:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/07 18:37:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/08 23:08:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/04/20 14:27:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/07/08 23:08:55 | 000,000,000 | ---D | M]

[2012/09/13 20:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oze\AppData\Roaming\Mozilla\Extensions
[2011/09/18 01:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oze\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/07/26 09:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions
[2013/07/23 16:38:20 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{595b0a3f-adff-4c15-b0b5-3b97e42ea839}
[2011/09/18 01:54:53 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
[2011/09/18 01:54:53 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}(2)
[2013/05/17 16:04:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/07/07 20:27:00 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013/07/25 17:29:35 | 000,000,000 | ---D | M] (.) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2012/01/28 18:49:17 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\[email protected]
[2011/09/29 00:02:27 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\[email protected]
[2012/08/02 15:34:03 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\[email protected]
[2013/07/26 09:22:16 | 000,534,277 | ---- | M] () (No name found) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/17 16:04:20 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/05/11 09:31:12 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2010/06/20 22:46:16 | 000,002,269 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\aol-search.xml
[2011/08/28 16:04:31 | 000,001,945 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\bing-zugo.xml
[2013/01/25 07:41:52 | 000,000,985 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\conduit.xml
[2013/05/26 11:04:08 | 000,002,053 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\hostip.xml
[2012/09/13 20:14:24 | 000,002,519 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\Search_Results.xml
[2007/06/09 13:57:08 | 000,002,386 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\siteadvisor.xml
[2006/10/24 18:06:44 | 000,001,668 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\stumbleupon.xml
[2013/07/07 18:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/07 18:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/07 18:37:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/09/17 20:00:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2006/09/22 22:34:35 | 000,396,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npagent.dll
[2006/01/18 14:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npsnapfish.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2010/03/31 12:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 14:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/13 20:14:24 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - homepage:
CHR - Extension: No name found = C:\Users\Oze\AppData\Local\Google\Chrome\User Data\Default\Extensions\2.0.0.0_0\
CHR - Extension: No name found = C:\Users\Oze\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlddmedljhmbgdhapibnagaanenmajcm\1.0_0\
CHR - Extension: No name found = C:\Users\Oze\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.3.2.1_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Vgrabber Toolbar) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - C:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vgrabber Toolbar) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - C:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vgrabber Toolbar) - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - C:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PC MaticRT] C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Download Nitro] C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe (PC Pitstop, LLC)
O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKCU..\Run: [EPSON NX510 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SB4EE.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk = C:\Program Files (x86)\Caller ID\Caller ID.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1135802222035 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1135802445551 (MUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimateb...o/launchubo.OCX (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://www.pcpitstop...ols/pcmatic.cab (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B59FE216-7B37-4292-BC18-C6C68B956203}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE242849-CE91-4D43-B5A3-04E1645DD6D6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\lid - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage - No CLSID value found
O18:64bit: - Protocol\Handler\wia - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\deflate - No CLSID value found
O18:64bit: - Protocol\Filter\gzip - No CLSID value found
O18:64bit: - Protocol\Filter\lzdhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/webviewhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\822\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Oze\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Oze\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/02 15:27:56 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/08/17 15:48:16 | 000,000,040 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{d496a84c-df17-11e0-afba-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d496a84c-df17-11e0-afba-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LaunchBFII.exe -- [2005/09/23 18:54:10 | 000,557,056 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/25 19:35:17 | 000,082,872 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2013/07/25 17:58:43 | 000,000,000 | ---D | C] -- C:\Users\Oze\AppData\Local\VS Revo Group
[2013/07/25 17:58:41 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/07/25 17:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/07/25 17:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/07/25 17:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/07/22 21:32:48 | 000,000,000 | ---D | C] -- C:\Users\Oze\AppData\Local\Smartbar
[2013/07/22 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\Oze\Documents\My Cheat Tables
[2013/07/22 21:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oze\AppData\Roaming\OpenCandy
[2013/07/22 21:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3
[2013/07/20 10:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2013/07/16 16:05:51 | 000,000,000 | ---D | C] -- C:\Users\Oze\AppData\Roaming\.technic
[2013/07/08 23:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/07 18:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/07 17:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/07 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/26 13:53:27 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 13:53:27 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 13:51:11 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/26 13:51:11 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/26 13:51:11 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/26 13:49:43 | 000,161,063 | ---- | M] () -- C:\Users\Oze\AppData\Local\dfl28z32.dll
[2013/07/26 13:45:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/26 13:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/26 13:44:43 | 1066,602,494 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/26 13:43:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/26 13:38:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/26 12:30:24 | 000,000,030 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\mbam.context.scan
[2013/07/26 12:04:13 | 001,067,217 | ---- | M] () -- C:\Users\Oze\Desktop\Windows Signature Error.rtf
[2013/07/26 01:31:24 | 000,612,352 | ---- | M] () -- C:\Windows\UninstallThunderbird.exe
[2013/07/26 01:31:23 | 000,619,520 | ---- | M] () -- C:\Windows\UninstallFirefox.exe
[2013/07/26 01:31:22 | 000,647,168 | ---- | M] () -- C:\Windows\UNDPX2K.exe
[2013/07/26 01:28:35 | 000,705,024 | ---- | M] (Intuit) -- C:\Windows\SysWow64\QCON3216.EXE
[2013/07/26 01:28:27 | 000,675,840 | ---- | M] (ArcSoft Inc.) -- C:\Windows\SysWow64\PhotoImpression Screen Saver.scr
[2013/07/26 01:28:14 | 000,589,824 | ---- | M] () -- C:\Windows\SysWow64\OnlineScannerUninstaller.exe
[2013/07/26 01:28:13 | 002,142,208 | ---- | M] () -- C:\Windows\SysWow64\nwiz.exe
[2013/07/26 01:28:12 | 001,851,392 | ---- | M] () -- C:\Windows\SysWow64\nvdspsch.exe
[2013/07/26 01:28:11 | 000,954,368 | ---- | M] () -- C:\Windows\SysWow64\nvappbar.exe
[2013/07/26 01:27:53 | 000,577,536 | ---- | M] (Marimba Inc.) -- C:\Windows\SysWow64\mrtMngr.exe
[2013/07/26 01:27:15 | 000,937,984 | ---- | M] () -- C:\Windows\SysWow64\keystone.exe
[2013/07/26 01:26:40 | 000,565,248 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWow64\GenSvcInst.exe
[2013/07/26 01:26:38 | 000,589,824 | ---- | M] () -- C:\Windows\SysWow64\FTDIUNIN.exe
[2013/07/26 01:23:32 | 001,350,144 | ---- | M] (Cozi Group, Inc.) -- C:\Windows\SysWow64\CoziScreensaver.scr
[2013/07/26 01:22:43 | 000,561,152 | ---- | M] () -- C:\Windows\SysWow64\ChCfg.exe
[2013/07/26 01:22:38 | 000,630,784 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWow64\bgsvcgen.exe
[2013/07/26 01:22:34 | 000,679,936 | ---- | M] (ArcSoft Inc.) -- C:\Windows\SysWow64\ArcSoft Screen Saver.scr
[2013/07/26 01:20:20 | 001,346,560 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysNative\PhotoStageScrSaver.scr
[2013/07/26 01:20:10 | 000,857,088 | ---- | M] (NETGEAR Inc.) -- C:\Windows\SysNative\NTGRDevRecovery.exe
[2013/07/26 01:20:10 | 000,831,488 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysNative\NTGROpenLPC.exe
[2013/07/26 01:12:21 | 000,734,720 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2013/07/26 01:05:35 | 000,577,024 | ---- | M] (Agere Systems) -- C:\Windows\ltremove.exe
[2013/07/26 01:05:35 | 000,552,960 | ---- | M] (Agere Systems) -- C:\Windows\ltmsg.exe
[2013/07/26 01:01:10 | 000,548,864 | ---- | M] () -- C:\Windows\hpfsched.exe
[2013/07/26 00:27:06 | 000,904,704 | ---- | M] (Roblox Corporation) -- C:\Users\Oze\Documents\Roblox.exe
[2013/07/26 00:27:05 | 000,516,608 | ---- | M] () -- C:\Users\Oze\Documents\remdelf.exe
[2013/07/25 23:10:43 | 000,724,992 | ---- | M] (Moodlogic) -- C:\Updater.exe
[2013/07/25 22:21:25 | 001,232,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2013/07/25 22:21:09 | 000,557,568 | ---- | M] () -- C:\Windows\UniFish3.exe
[2013/07/25 22:21:06 | 000,602,112 | ---- | M] (MindVision Software) -- C:\Windows\unvise32.exe
[2013/07/25 22:20:56 | 000,811,520 | ---- | M] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2013/07/25 20:01:48 | 000,002,119 | ---- | M] () -- C:\Users\Oze\Desktop\vba.ini
[2013/07/25 20:00:21 | 000,002,036 | ---- | M] () -- C:\Users\Oze\Desktop\PC Matic (2).lnk
[2013/07/22 23:09:52 | 002,684,416 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Oze\Desktop\ CPAP SD Card (1).exe
[2013/07/22 20:45:44 | 000,589,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
[2013/07/20 14:58:58 | 000,123,323 | ---- | M] () -- C:\Users\Oze\Desktop\Zune_chat..xps
[2013/07/20 10:06:17 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2013/07/11 03:27:11 | 000,534,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/07 19:54:59 | 000,587,906 | ---- | M] () -- C:\Users\Oze\Desktop\azh_dell.xps
[2013/07/07 17:47:41 | 000,000,991 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk
[2013/06/28 03:03:19 | 000,773,512 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/26 12:30:24 | 000,000,030 | ---- | C] () -- C:\Users\Oze\AppData\Roaming\mbam.context.scan
[2013/07/26 12:04:13 | 001,067,217 | ---- | C] () -- C:\Users\Oze\Desktop\Windows Signature Error.rtf
[2013/07/25 20:00:21 | 000,002,036 | ---- | C] () -- C:\Users\Oze\Desktop\PC Matic (2).lnk
[2013/07/25 17:33:43 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 17:33:37 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 20:56:13 | 000,161,063 | ---- | C] () -- C:\Users\Oze\AppData\Local\dfl28z32.dll
[2013/07/20 14:58:58 | 000,123,323 | ---- | C] () -- C:\Users\Oze\Desktop\Zune_chat..xps
[2013/07/20 10:06:17 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2013/07/11 15:52:02 | 000,002,119 | ---- | C] () -- C:\Users\Oze\Desktop\vba.ini
[2013/07/07 19:54:53 | 000,587,906 | ---- | C] () -- C:\Users\Oze\Desktop\azh_dell.xps
[2013/05/27 23:10:59 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/05/27 23:10:59 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/02/14 09:12:18 | 000,000,001 | ---- | C] () -- C:\Users\Oze\AppData\Local\llftool.4.25.agreement
[2013/01/21 17:39:11 | 000,000,597 | ---- | C] () -- C:\Windows\RegistryKit.ini
[2013/01/20 23:42:06 | 000,000,043 | ---- | C] () -- C:\Users\Oze\jagex_cl_runescape_LIVE1.dat
[2012/11/15 11:35:29 | 000,001,484 | ---- | C] () -- C:\Users\Oze\AppData\Local\recently-used.xbel
[2012/09/06 08:26:08 | 000,007,602 | ---- | C] () -- C:\Users\Oze\AppData\Local\Resmon.ResmonCfg
[2012/08/21 08:07:15 | 000,000,133 | ---- | C] () -- C:\Users\Oze\Blocked
[2012/08/13 10:57:00 | 000,012,927 | ---- | C] () -- C:\Program Files (x86)\readme.html
[2012/05/08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/29 21:04:00 | 004,499,708 | ---- | C] () -- C:\Users\Oze\minecraft.jar
[2012/04/09 23:14:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/09 23:14:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/09 23:14:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/04/07 21:56:13 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/03/29 19:18:45 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/29 19:18:45 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/06 11:20:22 | 000,004,048 | ---- | C] () -- C:\Users\Oze\Allowed
[2012/03/05 20:39:41 | 001,792,437 | ---- | C] () -- C:\Users\Oze\2012-02-10_19.18.21.png
[2012/03/05 20:39:41 | 000,479,549 | ---- | C] () -- C:\Users\Oze\2012-02-21_17.45.07.png
[2012/03/05 20:39:41 | 000,273,840 | ---- | C] () -- C:\Users\Oze\2012-03-03_22.42.15.png
[2012/03/05 20:39:41 | 000,139,931 | ---- | C] () -- C:\Users\Oze\DarthMaulMe_Photo.jpg
[2012/01/05 21:36:54 | 000,000,040 | ---- | C] () -- C:\Users\Oze\jagex_cl_runescape_LIVE.dat
[2011/10/14 23:41:23 | 000,103,272 | ---- | C] () -- C:\Users\Oze\GoToAssistDownloadHelper.exe
[2011/10/03 16:10:36 | 000,643,509 | ---- | C] () -- C:\Users\Oze\Tobias.sav
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 15:11:35 | 000,007,783 | ---- | C] () -- C:\Users\Oze\AppData\Roaming\.freeciv-client-rc-2.3
[2011/09/19 03:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 03:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/09/14 19:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/14 17:29:48 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/09/14 17:29:48 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/09/14 17:29:48 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/09/14 17:29:13 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/09/14 17:29:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/06/01 12:08:23 | 000,006,975 | ---- | C] () -- C:\Users\Oze\AppData\Roaming\.freeciv-client-rc-2.2
[2010/08/09 13:38:35 | 000,000,000 | ---- | C] () -- C:\Users\Oze\jagex__preferences3.dat
[2009/09/04 20:17:43 | 000,000,099 | ---- | C] () -- C:\Users\Oze\jagex_runescape_preferences2.dat
[2009/07/01 18:51:03 | 000,000,014 | ---- | C] () -- C:\Users\Oze\usb001
[2009/06/15 17:34:18 | 000,007,776 | ---- | C] () -- C:\Users\Oze\AppData\Roaming\.civclientrc
[2009/02/26 08:16:50 | 000,007,910 | ---- | C] () -- C:\ProgramData\winiml.dat
[2009/02/26 08:16:50 | 000,007,910 | ---- | C] () -- C:\ProgramData\iml.xml
[2008/07/02 20:39:40 | 000,000,046 | ---- | C] () -- C:\Users\Oze\jagex_runescape_preferences.dat
[2008/02/15 16:08:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\f7129022-a000-4847-db07-470265a73c4f
[2007/04/24 17:10:06 | 000,000,016 | ---- | C] () -- C:\Users\Oze\Settings.aw
[2007/04/24 17:10:06 | 000,000,000 | ---- | C] () -- C:\Users\Oze\awl.abl
[2007/03/24 11:11:45 | 000,010,560 | ---- | C] () -- C:\Users\Oze\reg.watchlist
[2006/06/12 16:56:01 | 000,061,678 | ---- | C] () -- C:\Users\Oze\AppData\Roaming\PFP100JPR.{PB
[2006/06/12 16:56:01 | 000,012,358 | ---- | C] () -- C:\Users\Oze\AppData\Roaming\PFP100JCM.{PB
[2006/05/03 22:51:30 | 000,000,034 | ---- | C] () -- C:\Users\Oze\flush.bat
[2006/05/03 22:46:29 | 000,000,020 | ---- | C] () -- C:\Users\Oze\fdns.batch
[2006/01/10 18:51:45 | 000,135,168 | ---- | C] () -- C:\Users\Oze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/07/24 04:32:36 | 000,008,971 | ---- | C] () -- C:\Users\Oze\ml2.srt
[2002/07/24 04:32:36 | 000,008,966 | ---- | C] () -- C:\Users\Oze\ml1.srt

========== ZeroAccess Check ==========

[2012/07/14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/07/14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Oze\AppData\Roaming\Thunderbird\Profiles\bs4hfgkw.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/13 17:08:41 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\.freeciv
[2013/07/25 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\.minecraft
[2013/06/19 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\.StarMade
[2013/07/16 16:07:52 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\.technic
[2013/07/16 16:04:18 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\.techniclauncher
[2013/06/13 20:40:06 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\3909 LLC
[2011/09/18 01:52:50 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Aim
[2011/09/18 01:52:50 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Amazon
[2011/11/22 15:21:47 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\AVG
[2011/09/18 01:54:21 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\AVG9
[2011/10/29 19:23:58 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\BANDISOFT
[2012/03/01 19:37:57 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\bin
[2011/10/06 12:51:20 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Call of Duty
[2012/04/02 17:23:47 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Cobra Mobile
[2011/09/18 01:54:21 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/14 15:23:40 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/09/18 01:54:26 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Divo Games
[2013/01/21 17:42:59 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\DriverCure
[2012/10/21 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Dwarfs
[2012/10/21 14:42:29 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\DwarfsF2P
[2011/09/18 01:54:28 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Epson
[2012/02/26 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Fingertapps
[2012/04/03 18:27:43 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Firefly Studios
[2013/07/26 13:58:22 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Free Download Manager
[2012/07/03 15:39:19 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Freeciv
[2013/01/08 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\ftblauncher
[2011/09/18 01:54:28 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\GetRightToGo
[2011/09/18 01:54:29 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\ImgBurn
[2011/09/18 01:54:29 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\InterTrust
[2011/09/18 01:54:29 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Jasc
[2012/07/14 16:36:37 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Kalypso Media
[2011/09/18 01:54:29 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Leadertech
[2011/09/18 01:54:29 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\LEGO Company
[2012/05/20 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\LolClient
[2013/01/04 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\MP3SkypeRecorder
[2011/09/18 01:55:07 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\My Games
[2011/09/18 01:55:07 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Nova Development
[2012/06/29 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Oberon Media
[2013/07/22 21:32:18 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\OpenCandy
[2011/09/18 01:55:13 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\OpenDNS Updater
[2011/09/18 01:55:13 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\OpenOffice.org
[2011/09/18 01:55:29 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\OverDrive
[2012/03/24 21:44:56 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\PACE Anti-Piracy
[2013/01/21 17:42:59 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\ParetoLogic
[2011/09/17 16:01:36 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\PCDr
[2011/09/18 01:55:29 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\PCPitstop
[2013/01/21 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Registry Kit
[2011/09/18 01:55:29 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Registry Mechanic
[2011/09/18 01:55:59 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\SecondLife
[2011/09/18 01:55:59 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Smith Micro
[2011/09/18 01:55:59 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Snapfish
[2013/04/15 23:43:42 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\SoftGrid Client
[2011/09/18 01:58:42 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\System Tweaker
[2011/09/18 01:58:44 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\SystemRequirementsLab
[2012/09/14 20:51:17 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\The Creative Assembly
[2011/09/18 02:00:06 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Thunderbird
[2012/08/28 15:42:48 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\TP
[2013/04/27 19:12:51 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Tropico 4
[2012/07/13 22:36:12 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Tropico 4 Demo
[2011/09/18 02:00:06 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\TrueSwitch
[2011/09/18 02:00:06 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\TuneUp Software
[2011/09/18 02:00:06 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Uniblue
[2012/03/24 21:45:06 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Unity
[2011/09/18 02:04:48 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\VERITAS
[2011/09/18 02:04:48 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Viewpoint
[2012/11/24 14:18:40 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\wargaming.net
[2012/03/24 21:43:37 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\world
[2013/07/07 17:47:43 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\wsInspector
[2011/09/18 02:04:50 | 000,000,000 | ---D | M] -- C:\Users\Oze\AppData\Roaming\Xilisoft Corporation

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:EEBA2194
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 1115 bytes -> C:\Users\Oze\AppData\Local\ArPedAEm:8o5ZoFINgDZLcPjek58XYSn

< End of report >

Edited by oze, 27 July 2013 - 07:36 AM.

  • 0

#3
RKinner
Posted 27 July 2013 - 07:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I think you need to move to the unbootable forum.

http://www.geekstogo...ystem-tutorial/

Create a FRST log and make a new post. Put in a link back to this one so they can see your OTL log.

Ron

PS. Never answer your own initial post. It takes it off our radar as we look for unanswered posts. Instead do an Edit.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP