Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SweetPacks Updater Service & Special Savings by Superfish

Started by VortexR18 , Aug 17 2013 01:20 AM

  • Please log in to reply

#1
VortexR18
Posted 17 August 2013 - 01:20 AM

VortexR18

    Member

  • Member
  • PipPip
  • 57 posts
Hey guys, first and foremost i believe these programs were installed on my computer with programs i downloaded to try and recover data from an SDcard. I was freaking out about the lost data and downloaded some programs to try to help. But it turns out im pretty sure my computer was infected with some malware.

When opening IE, sweetpacks.com opens up immediately. I mainly use firefox, and when a new tab is opened, sweetpacks opens I also have my address bar automatically make searches using startpage.com, but that was replaced by Bing with the help of sweetpacks.

Opening the uninstall programs from Control panel, i tried to uninstall a program called "Sweetpacks Updater Service" but as soon as i try to uninstall it says "CaptchAPP has stopped working and windows is trying to find a solution to the problem" then crashes without uninstallation.

I figured coming here is my best bet to cleaning this out as well as maybe some other stuff that may be on my computer as I found the "Special Savings" program on the list and didn't even know about it till I decided to try and find and uninstall Sweetpacks.

Thanks for the help guys, here is my OTL

OTL logfile created on: 8/17/2013 2:59:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 59.82% Memory free
16.00 Gb Paging File | 12.00 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 894.64 Gb Free Space | 48.02% Space Free | Partition Type: NTFS
Drive K: | 11.58 Gb Total Space | 11.58 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 02:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/07/17 12:20:18 | 000,345,904 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013/05/13 15:47:46 | 000,815,104 | ---- | M] () -- C:\adt-bundle-windows-x86_64-20130717\adt-bundle-windows-x86_64-20130717\sdk\platform-tools\adb.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/07 10:30:42 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/07 10:30:42 | 000,116,120 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/02/25 19:01:28 | 000,536,078 | ---- | M] () -- C:\cygwin\bin\bash.exe
PRC - [2009/04/14 15:45:30 | 000,604,704 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2013/07/17 12:20:18 | 000,345,904 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013/07/17 12:19:46 | 000,528,896 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013/07/04 03:12:00 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll
MOD - [2013/06/16 00:23:54 | 000,105,501 | ---- | M] () -- C:\cygwin\bin\cyggcc_s-1.dll
MOD - [2013/05/13 15:47:46 | 000,815,104 | ---- | M] () -- C:\adt-bundle-windows-x86_64-20130717\adt-bundle-windows-x86_64-20130717\sdk\platform-tools\adb.exe
MOD - [2013/03/07 10:30:45 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/04 17:07:17 | 000,165,902 | ---- | M] () -- C:\cygwin\bin\cygreadline7.dll
MOD - [2011/02/25 19:01:28 | 000,536,078 | ---- | M] () -- C:\cygwin\bin\bash.exe
MOD - [2010/01/02 16:35:45 | 000,249,870 | ---- | M] () -- C:\cygwin\bin\cygncursesw-10.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/17 12:20:14 | 001,648,432 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/17 01:35:50 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/10/07 13:47:14 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/09 21:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/10 02:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/29 23:34:58 | 000,352,338 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Belkin\F5D7000v8\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2011/12/29 23:18:06 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 13:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/29 12:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AE2500w764.sys -- (Linksys_adapter_H)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/18 01:08:00 | 000,081,792 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1053.sys -- (RDID1053)
DRV:64bit: - [2009/09/15 05:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 03:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/03/15 09:18:12 | 000,150,016 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Envy24HF.sys -- (Envy24HFS)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...1-B83136686D32}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...1-B83136686D32}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\user\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...1-B83136686D32}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE C2 2F AC B1 3D CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {4260182C-53DC-5177-430F-D0D732B41839}
IE - HKCU\..\SearchScopes\{4260182C-53DC-5177-430F-D0D732B41839}: "URL" = http://ib.startnow.c...eferrer:source}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...1-B83136686D32}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.zerohedge.com/"
FF - prefs.js..extensions.enabledAddons: facepaste.firefox.addon%40azabani.com:2.8
FF - prefs.js..extensions.enabledAddons: mytube%40ashishmishra.in:0.977
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.10
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.zerohedge.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "https://startpage.co...cat=web&query="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/15 23:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/30 16:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/24 01:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\components [2012/06/07 14:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\plugins

[2011/07/28 15:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/08/17 02:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\91ophi86.default\extensions
[2013/07/24 16:26:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\91ophi86.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/14 00:12:18 | 000,008,860 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\[email protected]
[2013/08/17 00:33:50 | 001,312,907 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\[email protected]
[2013/07/23 14:51:44 | 000,111,441 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\[email protected]
[2013/08/14 17:57:11 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013/08/17 02:51:53 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/07/31 04:26:16 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/29 13:06:35 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/11/01 16:35:16 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/04/04 22:10:18 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/07/23 14:51:44 | 000,275,262 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\searchplugins\askcom.xml
[2013/07/25 18:43:03 | 000,001,793 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\searchplugins\Bing.xml
[2013/07/24 22:42:10 | 000,001,720 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\searchplugins\sweetim.xml
[2013/07/30 16:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 15:30:14 | 000,003,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.sweetpa...1-B83136686D32}
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Special Savings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Special Savings\SpecialSavings.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Special Savings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Special Savings\SpecialSavings.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0190596B-873B-485D-A0A7-604A1F07EDCB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28C2AD7E-2935-4AE9-9032-3FBEA7B847AE}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C7EC12F-066B-465F-9090-12C33502AEC6}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CAAAE89-AB1F-456C-A9F3-A3B931FA21A9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{862ADA33-9647-4A56-A8C3-1E36B006388B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a4a7b73-4b03-11e2-94e9-9155c2955633}\Shell - "" = AutoRun
O33 - MountPoints2\{4a4a7b73-4b03-11e2-94e9-9155c2955633}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{761cff2f-3a4c-11e2-8536-bfcd7c759f42}\Shell - "" = AutoRun
O33 - MountPoints2\{761cff2f-3a4c-11e2-8536-bfcd7c759f42}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{761cff30-3a4c-11e2-8536-bfcd7c759f42}\Shell - "" = AutoRun
O33 - MountPoints2\{761cff30-3a4c-11e2-8536-bfcd7c759f42}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e100df-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e100df-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e1010c-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1010c-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e10127-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e10127-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e10135-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e10135-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e1017e-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1017e-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{b0e1017f-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1017f-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e1020a-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1020a-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{b0e1020b-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1020b-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 02:59:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/08/17 02:57:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013/08/17 02:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/17 02:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/17 02:57:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/17 02:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/17 02:57:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/08/02 02:23:37 | 000,000,000 | ---D | C] -- C:\Users\user\dwhelper
[2013/07/26 13:38:49 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder
[2013/07/26 13:28:48 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Recover2
[2013/07/26 01:53:00 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Recover
[2013/07/25 04:54:45 | 000,000,000 | ---D | C] -- C:\cygwin
[2013/07/25 02:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2013/07/25 02:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2013/07/25 01:55:36 | 000,000,000 | ---D | C] -- C:\Users\user\.android
[2013/07/25 01:50:18 | 000,000,000 | ---D | C] -- C:\adt-bundle-windows-x86_64-20130717
[2013/07/25 00:45:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Wondershare
[2013/07/25 00:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2013/07/25 00:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2013/07/25 00:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2013/07/24 23:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/07/24 23:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Photo Recovery
[2013/07/24 23:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Photo Recovery
[2013/07/24 23:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2013/07/24 22:53:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\HTC
[2013/07/24 22:52:39 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\HTC
[2013/07/24 22:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2013/07/24 22:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2013/07/24 22:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2013/07/24 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Card Data Recovery
[2013/07/24 22:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Card Data Recovery
[2013/07/24 22:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/07/24 22:40:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013/07/24 22:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013/07/24 22:40:50 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013/07/24 22:40:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2013/07/24 22:40:29 | 000,000,000 | ---D | C] -- C:\Users\user\Downloads
[2013/07/24 22:33:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BYclouder HTC Phone Data Recovery
[2013/07/24 22:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BYclouder HTC Phone Data Recovery
[2013/07/24 22:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BYclouder HTC Phone Data Recovery
[2013/07/24 22:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[2013/07/24 22:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSupport.com
[2013/07/24 21:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013/07/24 21:51:01 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Album
[2013/07/24 01:58:15 | 000,000,000 | ---D | C] -- C:\LanguageNames2
[2013/07/24 01:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/07/24 01:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/17 02:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/08/17 00:30:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/15 15:59:31 | 000,229,199 | ---- | M] () -- C:\Users\user\Desktop\06.jpg
[2013/08/08 00:43:26 | 005,053,704 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/08 00:43:26 | 001,601,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/08 00:43:26 | 000,005,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/03 04:40:54 | 001,248,971 | ---- | M] () -- C:\Users\user\Desktop\Untitled1321.png
[2013/08/02 04:06:58 | 001,800,494 | ---- | M] () -- C:\Users\user\Desktop\Saved2.png
[2013/08/02 04:04:16 | 001,729,857 | ---- | M] () -- C:\Users\user\Desktop\Saved1.png
[2013/08/02 02:23:43 | 013,953,734 | ---- | M] () -- C:\Users\user\Desktop\xvideos.com_f4308006844735f9e6148fbe5535e21b.flv
[2013/07/31 23:35:47 | 000,011,724 | ---- | M] () -- C:\Users\user\Desktop\tumblr_mqtm5nZvbm1ro8vuuo1_500.jpg
[2013/07/31 23:34:46 | 000,030,235 | ---- | M] () -- C:\Users\user\Desktop\tumblr_mqtx6gGzyQ1s2uhfco1_500.jpg
[2013/07/31 22:04:26 | 000,033,904 | ---- | M] () -- C:\Users\user\Desktop\kimthy.jpg
[2013/07/31 22:02:57 | 000,065,996 | ---- | M] () -- C:\Users\user\Desktop\alex.jpg
[2013/07/31 21:59:22 | 000,089,714 | ---- | M] () -- C:\Users\user\Desktop\carolina.jpg
[2013/07/31 21:58:39 | 000,077,908 | ---- | M] () -- C:\Users\user\Desktop\taryn2.jpg
[2013/07/31 21:57:55 | 000,075,397 | ---- | M] () -- C:\Users\user\Desktop\taryn.jpg
[2013/07/31 21:57:10 | 000,078,073 | ---- | M] () -- C:\Users\user\Desktop\girl.jpg
[2013/07/31 21:48:44 | 000,017,720 | ---- | M] () -- C:\Users\user\Desktop\picture022.jpg
[2013/07/31 15:59:19 | 000,476,391 | ---- | M] () -- C:\Users\user\Desktop\tumblr_m9a787m6gq1rvz37o.gif
[2013/07/30 23:07:21 | 001,279,627 | ---- | M] () -- C:\Users\user\Desktop\Untitled.png
[2013/07/30 16:54:41 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/29 02:38:10 | 000,076,305 | ---- | M] () -- C:\Users\user\Desktop\643948_10151856896546719_1772153304_n.jpg
[2013/07/29 01:57:51 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 01:57:51 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 01:59:24 | 000,826,290 | ---- | M] () -- C:\Users\user\Desktop\[000240].apk
[2013/07/25 19:57:17 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 18:14:32 | 1527,684,903 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/25 17:41:33 | 000,302,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/24 22:43:22 | 000,001,136 | ---- | M] () -- C:\Users\user\Desktop\Card Data Recovery.lnk
[2013/07/24 22:33:29 | 000,001,215 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\BYclouder HTC Phone Data Recovery.lnk
[2013/07/24 22:33:29 | 000,001,191 | ---- | M] () -- C:\Users\user\Desktop\BYclouder HTC Phone Data Recovery.lnk
[2013/07/24 21:43:51 | 001,283,412 | ---- | M] () -- C:\Users\user\Desktop\11 - Cudi Zone.mp3
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/15 16:26:55 | 000,229,199 | ---- | C] () -- C:\Users\user\Desktop\06.jpg
[2013/08/06 00:16:52 | 644,183,779 | ---- | C] () -- C:\Users\user\Desktop\7090_01_big.mp4
[2013/08/03 04:40:54 | 001,248,971 | ---- | C] () -- C:\Users\user\Desktop\Untitled1321.png
[2013/08/02 04:06:57 | 001,800,494 | ---- | C] () -- C:\Users\user\Desktop\Saved2.png
[2013/08/02 04:04:15 | 001,729,857 | ---- | C] () -- C:\Users\user\Desktop\Saved1.png
[2013/08/02 02:23:41 | 013,953,734 | ---- | C] () -- C:\Users\user\Desktop\xvideos.com_f4308006844735f9e6148fbe5535e21b.flv
[2013/07/31 23:35:46 | 000,011,724 | ---- | C] () -- C:\Users\user\Desktop\tumblr_mqtm5nZvbm1ro8vuuo1_500.jpg
[2013/07/31 23:34:46 | 000,030,235 | ---- | C] () -- C:\Users\user\Desktop\tumblr_mqtx6gGzyQ1s2uhfco1_500.jpg
[2013/07/31 22:04:26 | 000,033,904 | ---- | C] () -- C:\Users\user\Desktop\kimthy.jpg
[2013/07/31 22:02:56 | 000,065,996 | ---- | C] () -- C:\Users\user\Desktop\alex.jpg
[2013/07/31 21:59:22 | 000,089,714 | ---- | C] () -- C:\Users\user\Desktop\carolina.jpg
[2013/07/31 21:58:39 | 000,077,908 | ---- | C] () -- C:\Users\user\Desktop\taryn2.jpg
[2013/07/31 21:57:54 | 000,075,397 | ---- | C] () -- C:\Users\user\Desktop\taryn.jpg
[2013/07/31 21:57:09 | 000,078,073 | ---- | C] () -- C:\Users\user\Desktop\girl.jpg
[2013/07/31 21:48:44 | 000,017,720 | ---- | C] () -- C:\Users\user\Desktop\picture022.jpg
[2013/07/31 15:59:01 | 000,476,391 | ---- | C] () -- C:\Users\user\Desktop\tumblr_m9a787m6gq1rvz37o.gif
[2013/07/30 23:07:21 | 001,279,627 | ---- | C] () -- C:\Users\user\Desktop\Untitled.png
[2013/07/29 02:38:08 | 000,076,305 | ---- | C] () -- C:\Users\user\Desktop\643948_10151856896546719_1772153304_n.jpg
[2013/07/26 13:12:48 | 000,826,290 | ---- | C] () -- C:\Users\user\Desktop\[000240].apk
[2013/07/24 22:43:22 | 000,001,136 | ---- | C] () -- C:\Users\user\Desktop\Card Data Recovery.lnk
[2013/07/24 22:40:50 | 001,648,432 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013/07/24 22:33:29 | 000,001,215 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\BYclouder HTC Phone Data Recovery.lnk
[2013/07/24 22:33:29 | 000,001,191 | ---- | C] () -- C:\Users\user\Desktop\BYclouder HTC Phone Data Recovery.lnk
[2013/07/24 21:43:49 | 001,283,412 | ---- | C] () -- C:\Users\user\Desktop\11 - Cudi Zone.mp3
[2012/12/20 04:57:50 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/23 23:12:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/17 22:14:13 | 002,399,092 | ---- | C] () -- C:\Users\user\sessionstore.js
[2011/12/30 03:59:37 | 002,184,285 | ---- | C] () -- C:\Users\user\sessionstore.bak
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/06 03:28:12 | 001,883,460 | ---- | C] () -- C:\Users\user\RomanBruts.sav
[2011/10/06 03:28:12 | 001,661,658 | ---- | C] () -- C:\Users\user\Quicksave.sav
[2011/10/06 03:28:11 | 001,883,640 | ---- | C] () -- C:\Users\user\Autosave.sav
[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/08 06:39:09 | 000,005,084 | ---- | C] () -- C:\ProgramData\pstwobai.rnf
[2011/09/08 06:28:12 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/09/08 06:28:12 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== ZeroAccess Check ==========

[2013/03/11 19:45:10 | 000,000,091 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\Net\FTP\L.pm
[2013/03/11 19:45:12 | 000,000,471 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\AHex\N.pl
[2013/03/11 19:45:12 | 000,004,885 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Alpha\N.pl
[2013/03/11 19:45:12 | 000,003,815 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Bc\L.pl
[2013/03/11 19:45:12 | 000,000,461 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\BidiC\N.pl
[2013/03/11 19:45:12 | 000,001,486 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\BidiM\N.pl
[2013/03/11 19:45:13 | 000,001,456 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Cased\N.pl
[2013/03/11 19:45:13 | 000,000,439 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Ccc\L.pl
[2013/03/11 19:45:13 | 000,000,751 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\CE\N.pl
[2013/03/11 19:45:13 | 000,003,124 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\CI\N.pl
[2013/03/11 19:45:13 | 000,001,121 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\CompEx\N.pl
[2013/03/11 19:45:13 | 000,004,698 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\CWCF\N.pl
[2013/03/11 19:45:13 | 000,001,334 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\CWCM\N.pl
[2013/03/11 19:45:13 | 000,006,310 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\CWKCF\N.pl
[2013/03/11 19:45:13 | 000,004,606 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\CWL\N.pl
[2013/03/11 19:45:13 | 000,004,809 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\CWT\N.pl
[2013/03/11 19:45:13 | 000,004,799 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\CWU\N.pl
[2013/03/11 19:45:13 | 000,000,631 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Dash\N.pl
[2013/03/11 19:45:13 | 000,000,532 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Dep\N.pl
[2013/03/11 19:45:13 | 000,000,595 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\DI\N.pl
[2013/03/11 19:45:13 | 000,001,578 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Dia\N.pl
[2013/03/11 19:45:13 | 000,002,442 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Ea\N.pl
[2013/03/11 19:45:13 | 000,000,641 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Ext\N.pl
[2013/03/11 19:45:13 | 000,004,673 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Gc\L.pl
[2013/03/11 19:45:13 | 000,001,275 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Gc\N.pl
[2013/03/11 19:45:14 | 000,000,449 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\GCB\L.pl
[2013/03/11 19:45:14 | 000,006,018 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\GrBase\N.pl
[2013/03/11 19:45:14 | 000,002,516 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\GrExt\N.pl
[2013/03/11 19:45:14 | 000,000,501 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Hex\N.pl
[2013/03/11 19:45:14 | 000,000,541 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Hyphen\N.pl
[2013/03/11 19:45:14 | 000,005,188 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\IDC\N.pl
[2013/03/11 19:45:14 | 000,000,569 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Ideo\N.pl
[2013/03/11 19:45:14 | 000,004,496 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\IDS\N.pl
[2013/03/11 19:45:14 | 000,000,461 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\IDSB\N.pl
[2013/03/11 19:45:14 | 000,000,451 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\IDST\N.pl
[2013/03/11 19:45:14 | 000,000,451 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\JoinC\N.pl
[2013/03/11 19:45:14 | 000,002,546 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Jt\U.pl
[2013/03/11 19:45:14 | 000,000,488 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\LOE\N.pl
[2013/03/11 19:45:14 | 000,005,106 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Lower\N.pl
[2013/03/11 19:45:14 | 000,001,443 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Math\N.pl
[2013/03/11 19:45:14 | 000,000,643 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\NChar\N.pl
[2013/03/11 19:45:14 | 000,002,372 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\NFDQC\N.pl
[2013/03/11 19:45:14 | 000,002,367 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\NFKCQC\N.pl
[2013/03/11 19:45:14 | 000,003,559 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\NFKDQC\N.pl
[2013/03/11 19:45:15 | 000,001,829 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\OAlpha\N.pl
[2013/03/11 19:45:15 | 000,000,545 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\ODI\N.pl
[2013/03/11 19:45:15 | 000,000,605 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\OGrExt\N.pl
[2013/03/11 19:45:15 | 000,000,481 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\OIDC\N.pl
[2013/03/11 19:45:15 | 000,000,471 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\OIDS\N.pl
[2013/03/11 19:45:15 | 000,000,571 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\OLower\N.pl
[2013/03/11 19:45:15 | 000,001,366 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\OMath\N.pl
[2013/03/11 19:45:15 | 000,000,461 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\OUpper\N.pl
[2013/03/11 19:45:15 | 000,000,703 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\PatSyn\N.pl
[2013/03/11 19:45:15 | 000,000,491 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\PatWS\N.pl
[2013/03/11 19:45:15 | 000,000,561 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\QMark\N.pl
[2013/03/11 19:45:15 | 000,000,468 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Radical\N.pl
[2013/03/11 19:45:15 | 000,000,774 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\SD\N.pl
[2013/03/11 19:45:15 | 000,000,551 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Space\N.pl
[2013/03/11 19:45:15 | 000,000,914 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\STerm\N.pl
[2013/03/11 19:45:15 | 000,001,112 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Term\N.pl
[2013/03/11 19:45:15 | 000,000,555 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\UIdeo\N.pl
[2013/03/11 19:45:15 | 000,005,033 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\Upper\N.pl
[2013/03/11 19:45:15 | 000,000,473 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\VS\N.pl
[2013/03/11 19:45:15 | 000,005,246 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\XIDC\N.pl
[2013/03/11 19:45:16 | 000,004,554 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1157184888-2405708076-2557927256-1000\$RKXMPCR\lib\perl5\5.14\unicore\lib\XIDS\N.pl
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 09:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/03 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon
[2011/09/23 03:22:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Antares
[2013/08/08 01:39:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2011/07/11 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG10
[2011/11/03 19:57:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\avidemux
[2013/08/03 05:14:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2011/08/30 04:24:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GameRanger
[2013/07/25 01:32:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC
[2011/10/11 18:16:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Image-Line
[2013/04/29 00:04:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2012/06/04 08:39:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MetaQuotes
[2011/09/08 06:39:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MOVAVI
[2012/08/06 06:27:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OfficeRecovery
[2012/08/06 06:31:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OfficeRecovery.f26bdc9c
[2011/08/16 22:21:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011/11/03 00:26:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rainmeter
[2012/03/06 06:44:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\StoneTrip
[2012/07/16 11:08:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\The Creative Assembly
[2011/12/29 23:20:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TrueCrypt
[2013/02/01 03:41:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TS3Client
[2012/04/05 06:24:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTanks Temp

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Phel
Posted 17 August 2013 - 02:16 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, VortexR18 and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

  • Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer. :)
  • Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
  • Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
  • Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
  • Please note, that I'm currently in training. It doesn't mean that my help will be worse than expert help. My posts are carefully checked by experts before they are posted. Please note, that my replies sometimes can come with delays. However, usually it takes less than 24 hours to revise my message by expert and post to you it.
  • Finally, enjoy the fight! ;)
Please, wait for a while, currently I'm analyzing your log. I will post a fix to you as soon as it's possible.
  • 0

#3
Phel
Posted 17 August 2013 - 06:10 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Do you use Avast and Comodo Internet Security at one time? What version of Avast are you using (free, pro)?

Can you please post contents of Extras.txt file on your Desktop (C:\Users\user\Desktop\Extras.txt) in your next message? This file is another OTL log, which could show us more malware entries.

I'd like you to run 2 tools - OTL and AdwCleaner. OTL is used for general dignostics/fixes, but AdwCleaner will help you to remove such type of malware (adware), such as SweetPacks.

Let's start.

Step 1. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - [2013/07/17 12:20:14 | 001,648,432 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...1-B83136686D32}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...1-B83136686D32}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...1-B83136686D32}
IE - HKCU\..\SearchScopes\{4260182C-53DC-5177-430F-D0D732B41839}: "URL" = http://ib.startnow.c...eferrer:source}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...1-B83136686D32}
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {4260182C-53DC-5177-430F-D0D732B41839}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "https://startpage.com/do/metasearch.pl?language=english&cat=web&query="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox
[2013/07/24 22:42:10 | 000,001,720 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\searchplugins\sweetim.xml
O2 - BHO: (Special Savings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Special Savings\SpecialSavings.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
[2013/07/24 22:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/07/24 22:40:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013/07/24 22:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013/07/24 22:40:50 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013/07/24 22:40:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT

:Files
C:\Program Files (x86)\Superfish

:Commands
[RESETHOSTS]
[EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Step 2. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.
Step 3. Changing Chrome Search provider and Homepage.

Your current Chrome Search provider and Homepage are malicious.

Please, follow this instruction and set your Search provider to www.google.com or to something else, what you you want. For Home page, please, follow this instruction.

Step 4. OTL scan.

  • Open OTL again.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    BASESERVICES
  • Click on the Run Scan button.
  • When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.
So, please, don't forget to post in your next message:

  • Extras.txt
  • OTL.txt
  • AdwCleaner log

  • 0

#4
VortexR18
Posted 18 August 2013 - 09:33 PM

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hello thank you for the time :)

First off, I use Avast Free version and Commodo Firewall, not the Internet Security.

Here is the Extras.txt
=======================

OTL Extras logfile created on: 8/17/2013 2:59:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 59.82% Memory free
16.00 Gb Paging File | 12.00 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 894.64 Gb Free Space | 48.02% Space Free | Partition Type: NTFS
Drive K: | 11.58 Gb Total Space | 11.58 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CF3514-7AB2-4B3B-ADFC-3A19CA3C7A0A}" = lport=58794 | protocol=6 | dir=in | name=pando media booster |
"{06B188F4-BC40-4363-AB3C-86284D4E7F15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11E98D95-4785-40FF-8225-8423743CCC0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{14799569-1ADD-4F90-AF7D-727239116EFB}" = lport=445 | protocol=6 | dir=in | app=system |
"{14FCAD47-816A-4AD1-B219-CEA4C9639E84}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F75E0ED-34C4-429F-B51D-C579E3130D0F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{371D283F-159C-4B89-8F71-8C3FE54E5E41}" = rport=139 | protocol=6 | dir=out | app=system |
"{37C8B2C4-FFF7-4FD9-B331-3A56ED277E87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47B7221E-2D9B-4975-B495-37E0B4BA6601}" = rport=445 | protocol=6 | dir=out | app=system |
"{618D71AA-A4CA-446D-9A4A-C9FDA2ADCFED}" = rport=137 | protocol=17 | dir=out | app=system |
"{76C159C3-9CB7-44D1-B816-2BF9462FC60B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7CCE4249-C2B6-4AE6-A285-F42AE6EFC04F}" = lport=138 | protocol=17 | dir=in | app=system |
"{8B0C1418-46E0-4D23-9862-8F3D85146361}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9598F3AB-4F94-41D6-B24A-9AE0EEA2573C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96AB4255-4C10-4539-A889-F5C63692DF26}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9711FF5C-FD1C-468D-A629-9FEFEE60CFF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A0004DF7-25DE-4C51-BF29-9AF2F9D94C3C}" = lport=58794 | protocol=17 | dir=in | name=pando media booster |
"{A4CB6434-704A-48E9-A5FD-9B46F62400E8}" = lport=58794 | protocol=17 | dir=in | name=pando media booster |
"{AC820878-4CEE-4674-BAB0-FAE9A68E439C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD3BE32E-CEFF-4DAF-909A-3DE71D1116DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF1CB623-535D-45AB-AAC3-86D108D24666}" = lport=139 | protocol=6 | dir=in | app=system |
"{D07174D2-24EA-4F7B-A280-B3ADF93CB742}" = lport=58794 | protocol=6 | dir=in | name=pando media booster |
"{EC8E65FF-7043-4241-8EF3-25D3C1C07432}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE43C117-9F08-4FC9-84A8-F1BCE69D8025}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E270BD-DD61-4A24-9C6B-6836F01A1600}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{0708364B-6379-496C-AE86-6F48B4DD76AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{0DF05171-BD5E-4630-B4D5-A7B04F3D46DD}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{0E4C8DEA-2919-4675-A728-5BB693EA927B}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1C75F1AB-F603-486D-AF4D-EBAC69962149}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1D3F8355-4D1F-41B3-A0B7-F709A6C0D314}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1FDBD478-A584-4A8C-9D67-10BF62E1B663}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2362FBC6-3E24-46C2-A452-967584F0E686}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{24FBA3C4-FB9B-4D4D-B6EF-4FB3D2AA9A59}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{27C7FBAB-73B1-48AB-A741-27903797011F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2BDD5D38-B859-4C42-99B8-97CCCB1575E7}" = protocol=58 | dir=in | [email protected],-28545 |
"{2CBB197C-D707-4B1F-A195-930C085061A4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{435B586E-F226-4A3D-81FC-311B6FDA0744}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{44B826C6-47F4-4E13-8DE9-913E0A457768}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{4E507245-C586-42F5-A92F-2E8D917F8F81}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{4FE99E4C-BF75-429C-8E3F-46BE879FF75E}" = protocol=1 | dir=in | [email protected],-28543 |
"{52C56DE6-1307-4312-BFFE-2E912AF403B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{574B833D-EBD3-4175-BD7F-2E38003B1B4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5D434AE9-23F8-48C3-9EB5-C7E4A652426A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5F07F3C4-996E-4CDC-9706-C380590F9596}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{6208B278-CA1B-4F06-A81E-61782A748631}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6B38730F-211A-424B-9858-DA7EC6853C67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7177C383-0729-47FD-80AC-2F68BF5B4244}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7590E9AE-138D-44A7-B029-3EAE94503AA9}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{75E5B94B-7EF5-4BD5-BB03-796FC869BFEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{791812CC-A936-4D79-885A-243D6D8EB3C1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7FB7001B-1BD1-4982-9ABC-D8BF6DA70611}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{81966B4D-54B7-4B2E-AC5F-9C974299C9C7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{83D80B0E-6077-4ECE-A054-17F48222CC7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85A54756-215B-45FB-92E4-8C22A17DDEA9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{89A35FC0-0908-45E2-95EE-51FD4C839FB8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{942BB80C-94AF-46CF-ADC4-907ED9994C77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{95EEDF1B-D79B-4D6D-9985-951932E53C00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{99D79E94-A9ED-4FA3-8DD9-F927A829F6E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{9DC1F0EA-2489-4510-A39D-05F090605F9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{A2ED7D50-E272-4167-852C-E096532B3E9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8E5F551-5D30-4D82-A4E4-F0BEF68B0DEB}" = protocol=58 | dir=out | [email protected],-28546 |
"{A95512D4-6711-4080-ACBE-F01596CA1C5E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA961129-DD1C-4D01-A2F4-94FB8A5E7BBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{AD0B19D7-2CFE-49D2-B591-B0073881E284}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{B3549993-B22A-4E7F-ACA2-1F16DC161D46}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B58891C6-C272-4A72-90DB-FD246B1EB289}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{BCA60DA0-7215-42AD-88BA-2C6B756C65C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{C548D927-0B0E-4DAD-B692-B1DAC49F0C77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF0EA86A-D46F-49ED-BC7A-C2897AD9495E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{D05BFD50-68C1-4874-B6AD-68E5EBDA2C93}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe |
"{D774FE86-78B6-4514-BF9E-89D04DA6FBF0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DC77EB22-755D-4919-BCE3-B9F5825A4288}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6DAD97A-24B2-4771-8E5F-186079CD6C59}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EAC40644-B1B7-4760-A6AF-AE77FA7EC822}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{ED99F3D0-4E55-40B4-A203-B5EA0BF61DE0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{F0AA740D-99BC-4BB3-B2A9-C0710EA75B01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{F7679FC4-36A5-41D2-836C-3676958D4864}" = protocol=1 | dir=out | [email protected],-28544 |
"{F9DAB21A-D139-4E00-BF66-96B3FC378907}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe |
"{FD3FC853-9FEF-4741-9598-07B6FDDDFCDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"TCP Query User{239165C2-5F67-4BF5-BD81-BAD2D6C48D96}C:\users\user\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe |
"TCP Query User{24E02486-AE00-4527-A8D8-FC93F748790D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{6E40AAD4-0F06-48C3-A900-414B8580D698}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{240FB942-215E-4CD7-BBC7-4343485628BA}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{37F1319A-15F3-4F33-A7C7-BF1DD736E7FA}C:\users\user\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe |
"UDP Query User{8C685268-6F7D-414E-8C13-95FDBCA1F49A}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90C43C31-862C-46AD-92A5-2D29E1B68179}" = Belkin Wireless G PCI Adapter
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A922D91B-9F22-4FAD-9F59-84B72C133C53}" = Special Savings
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.2.3
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"BYclouder HTC Phone Data Recovery" = BYclouder HTC Phone Data Recovery
"Card Data Recovery" = Card Data Recovery
"Earth Screensaver HD" = Earth Screensaver HD
"Edirol HQ Orchestral v1.01" = Edirol HQ Orchestral v1.01
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.4.513
"FL Studio 10" = FL Studio 10
"Guild Wars 2" = Guild Wars 2
"HTC_WModemDriver" = WModem Driver Installer
"IL Download Manager" = IL Download Manager
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN
"Polipo" = Polipo 1.0.4.1
"Rainmeter" = Rainmeter
"SIGTrader 4" = SIGTrader 4
"SpeedFan" = SpeedFan (remove only)
"Steam App 10500" = Empire: Total War
"Steam App 202920" = Total War: Shogun 2 - TEd
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 4700" = Medieval II: Total War
"Steam App 91310" = Dead Island
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"Tor" = Tor 0.2.2.35
"TrueCrypt" = TrueCrypt
"Vidalia" = Vidalia 0.2.15
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"WNLT" = SweetPacks Updater Service
"Wondershare Data Recovery for Android_is1" = Wondershare Data Recovery for Android(Build 1.0.0.18)
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Guild Wars" = Guild Wars
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2013 6:03:15 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/15/2013 6:03:15 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6037

Error - 8/15/2013 6:03:15 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6037

Error - 8/15/2013 6:03:16 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/15/2013 6:03:16 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7051

Error - 8/15/2013 6:03:16 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7051

Error - 8/15/2013 6:03:17 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/15/2013 6:03:17 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8050

Error - 8/15/2013 6:03:17 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8050

Error - 8/17/2013 1:54:04 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 7/25/2013 6:14:42 PM | Computer Name = user-PC | Source = BugCheck | ID = 1001
Description =

Error - 7/25/2013 6:14:48 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
%%3

Error - 7/25/2013 6:42:53 PM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:41:26 PM on ?7/?25/?2013 was unexpected.

Error - 7/25/2013 6:42:55 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
%%3

Error - 7/25/2013 7:57:24 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
%%3

Error - 7/25/2013 10:37:25 PM | Computer Name = user-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.127
with the system having network hardware address 00-22-48-A4-AF-81. Network operations
on this system may be disrupted as a result.

Error - 7/31/2013 3:48:22 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 8/3/2013 3:34:31 AM | Computer Name = user-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/8/2013 7:55:17 PM | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =

Error - 8/14/2013 5:22:12 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the defragsvc service.


< End of report >


AdwCleaner log
===============

# AdwCleaner v2.306 - Logfile created 08/18/2013 at 23:15:07
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[S1].txt - [4037 octets] - [18/08/2013 23:15:07]

########## EOF - C:\AdwCleaner[S1].txt - [4097 octets] ##########


OTL.txt
============

OTL logfile created on: 8/18/2013 11:20:30 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.23 Gb Available Physical Memory | 77.92% Memory free
16.00 Gb Paging File | 14.12 Gb Available in Paging File | 88.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 902.30 Gb Free Space | 48.43% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 02:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/28 22:37:31 | 004,284,976 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2009/04/14 15:45:30 | 000,604,704 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2013/04/28 22:37:31 | 004,284,976 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/17 01:35:50 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/10/07 13:47:14 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/09 21:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/10 02:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/29 23:34:58 | 000,352,338 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Belkin\F5D7000v8\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2011/12/29 23:18:06 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 13:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/29 12:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AE2500w764.sys -- (Linksys_adapter_H)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/18 01:08:00 | 000,081,792 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1053.sys -- (RDID1053)
DRV:64bit: - [2009/09/15 05:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 03:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/03/15 09:18:12 | 000,150,016 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Envy24HF.sys -- (Envy24HFS)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\user\Desktop
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 13 86 DC 89 9C CE 01 [binary data]
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.zerohedge.com/"
FF - prefs.js..extensions.enabledAddons: facepaste.firefox.addon%40azabani.com:2.8
FF - prefs.js..extensions.enabledAddons: mytube%40ashishmishra.in:0.977
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.10
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.zerohedge.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/15 23:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/30 16:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/24 01:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\components [2012/06/07 14:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\plugins

[2011/07/28 15:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/08/17 02:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\91ophi86.default\extensions
[2013/07/24 16:26:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\91ophi86.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/14 00:12:18 | 000,008,860 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\[email protected]
[2013/08/17 00:33:50 | 001,312,907 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\[email protected]
[2013/07/23 14:51:44 | 000,111,441 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\[email protected]
[2013/08/14 17:57:11 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013/08/17 02:51:53 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/07/31 04:26:16 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/29 13:06:35 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/11/01 16:35:16 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/04/04 22:10:18 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/07/23 14:51:44 | 000,275,262 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\searchplugins\askcom.xml
[2013/07/25 18:43:03 | 000,001,793 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\searchplugins\Bing.xml
[2013/07/30 16:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.sweetpa...1-B83136686D32}

O1 HOSTS File: ([2013/08/18 23:00:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0190596B-873B-485D-A0A7-604A1F07EDCB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28C2AD7E-2935-4AE9-9032-3FBEA7B847AE}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C7EC12F-066B-465F-9090-12C33502AEC6}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CAAAE89-AB1F-456C-A9F3-A3B931FA21A9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{862ADA33-9647-4A56-A8C3-1E36B006388B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a4a7b73-4b03-11e2-94e9-9155c2955633}\Shell - "" = AutoRun
O33 - MountPoints2\{4a4a7b73-4b03-11e2-94e9-9155c2955633}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{761cff2f-3a4c-11e2-8536-bfcd7c759f42}\Shell - "" = AutoRun
O33 - MountPoints2\{761cff2f-3a4c-11e2-8536-bfcd7c759f42}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{761cff30-3a4c-11e2-8536-bfcd7c759f42}\Shell - "" = AutoRun
O33 - MountPoints2\{761cff30-3a4c-11e2-8536-bfcd7c759f42}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e100df-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e100df-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e1010c-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1010c-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e10127-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e10127-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e10135-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e10135-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e1017e-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1017e-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{b0e1017f-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1017f-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e1020a-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1020a-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{b0e1020b-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1020b-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/18 22:57:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/17 02:59:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/08/17 02:57:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013/08/17 02:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/17 02:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/17 02:57:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/17 02:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/17 02:57:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/08/02 02:23:37 | 000,000,000 | ---D | C] -- C:\Users\user\dwhelper
[2013/07/26 13:38:49 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder
[2013/07/26 13:28:48 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Recover2
[2013/07/26 01:53:00 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Recover
[2013/07/25 04:54:45 | 000,000,000 | ---D | C] -- C:\cygwin
[2013/07/25 02:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2013/07/25 02:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2013/07/25 01:55:36 | 000,000,000 | ---D | C] -- C:\Users\user\.android
[2013/07/25 01:50:18 | 000,000,000 | ---D | C] -- C:\adt-bundle-windows-x86_64-20130717
[2013/07/25 00:45:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Wondershare
[2013/07/24 23:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/07/24 23:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Photo Recovery
[2013/07/24 23:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Photo Recovery
[2013/07/24 23:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2013/07/24 22:53:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\HTC
[2013/07/24 22:52:39 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\HTC
[2013/07/24 22:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2013/07/24 22:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2013/07/24 22:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2013/07/24 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Card Data Recovery
[2013/07/24 22:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Card Data Recovery
[2013/07/24 22:40:29 | 000,000,000 | ---D | C] -- C:\Users\user\Downloads
[2013/07/24 22:33:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BYclouder HTC Phone Data Recovery
[2013/07/24 22:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BYclouder HTC Phone Data Recovery
[2013/07/24 22:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BYclouder HTC Phone Data Recovery
[2013/07/24 22:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[2013/07/24 22:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSupport.com
[2013/07/24 21:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013/07/24 21:51:01 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Album
[2013/07/24 01:58:15 | 000,000,000 | ---D | C] -- C:\LanguageNames2
[2013/07/24 01:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/07/24 01:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

========== Files - Modified Within 30 Days ==========

[2013/08/18 23:24:21 | 005,078,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/18 23:24:21 | 001,610,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/18 23:24:21 | 000,005,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/18 23:16:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/18 23:16:49 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/18 23:15:58 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 23:15:58 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 23:14:27 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013/08/18 23:00:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/08/17 02:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/08/15 15:59:31 | 000,229,199 | ---- | M] () -- C:\Users\user\Desktop\06.jpg
[2013/08/03 04:40:54 | 001,248,971 | ---- | M] () -- C:\Users\user\Desktop\Untitled1321.png
[2013/08/02 04:06:58 | 001,800,494 | ---- | M] () -- C:\Users\user\Desktop\Saved2.png
[2013/08/02 04:04:16 | 001,729,857 | ---- | M] () -- C:\Users\user\Desktop\Saved1.png
[2013/08/02 02:23:43 | 013,953,734 | ---- | M] () -- C:\Users\user\Desktop\xvideos.com_f4308006844735f9e6148fbe5535e21b.flv
[2013/07/31 23:35:47 | 000,011,724 | ---- | M] () -- C:\Users\user\Desktop\tumblr_mqtm5nZvbm1ro8vuuo1_500.jpg
[2013/07/31 23:34:46 | 000,030,235 | ---- | M] () -- C:\Users\user\Desktop\tumblr_mqtx6gGzyQ1s2uhfco1_500.jpg
[2013/07/31 22:04:26 | 000,033,904 | ---- | M] () -- C:\Users\user\Desktop\kimthy.jpg
[2013/07/31 22:02:57 | 000,065,996 | ---- | M] () -- C:\Users\user\Desktop\alex.jpg
[2013/07/31 21:59:22 | 000,089,714 | ---- | M] () -- C:\Users\user\Desktop\carolina.jpg
[2013/07/31 21:58:39 | 000,077,908 | ---- | M] () -- C:\Users\user\Desktop\taryn2.jpg
[2013/07/31 21:57:55 | 000,075,397 | ---- | M] () -- C:\Users\user\Desktop\taryn.jpg
[2013/07/31 21:57:10 | 000,078,073 | ---- | M] () -- C:\Users\user\Desktop\girl.jpg
[2013/07/31 21:48:44 | 000,017,720 | ---- | M] () -- C:\Users\user\Desktop\picture022.jpg
[2013/07/31 15:59:19 | 000,476,391 | ---- | M] () -- C:\Users\user\Desktop\tumblr_m9a787m6gq1rvz37o.gif
[2013/07/30 23:07:21 | 001,279,627 | ---- | M] () -- C:\Users\user\Desktop\Untitled.png
[2013/07/30 16:54:41 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/29 02:38:10 | 000,076,305 | ---- | M] () -- C:\Users\user\Desktop\643948_10151856896546719_1772153304_n.jpg
[2013/07/26 01:59:24 | 000,826,290 | ---- | M] () -- C:\Users\user\Desktop\[000240].apk
[2013/07/25 18:14:32 | 1527,684,903 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/25 17:41:33 | 000,302,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/24 22:43:22 | 000,001,136 | ---- | M] () -- C:\Users\user\Desktop\Card Data Recovery.lnk
[2013/07/24 22:33:29 | 000,001,215 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\BYclouder HTC Phone Data Recovery.lnk
[2013/07/24 22:33:29 | 000,001,191 | ---- | M] () -- C:\Users\user\Desktop\BYclouder HTC Phone Data Recovery.lnk
[2013/07/24 21:43:51 | 001,283,412 | ---- | M] () -- C:\Users\user\Desktop\11 - Cudi Zone.mp3

========== Files Created - No Company Name ==========

[2013/08/18 23:14:27 | 000,666,633 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013/08/15 16:26:55 | 000,229,199 | ---- | C] () -- C:\Users\user\Desktop\06.jpg
[2013/08/06 00:16:52 | 644,183,779 | ---- | C] () -- C:\Users\user\Desktop\7090_01_big.mp4
[2013/08/03 04:40:54 | 001,248,971 | ---- | C] () -- C:\Users\user\Desktop\Untitled1321.png
[2013/08/02 04:06:57 | 001,800,494 | ---- | C] () -- C:\Users\user\Desktop\Saved2.png
[2013/08/02 04:04:15 | 001,729,857 | ---- | C] () -- C:\Users\user\Desktop\Saved1.png
[2013/08/02 02:23:41 | 013,953,734 | ---- | C] () -- C:\Users\user\Desktop\xvideos.com_f4308006844735f9e6148fbe5535e21b.flv
[2013/07/31 23:35:46 | 000,011,724 | ---- | C] () -- C:\Users\user\Desktop\tumblr_mqtm5nZvbm1ro8vuuo1_500.jpg
[2013/07/31 23:34:46 | 000,030,235 | ---- | C] () -- C:\Users\user\Desktop\tumblr_mqtx6gGzyQ1s2uhfco1_500.jpg
[2013/07/31 22:04:26 | 000,033,904 | ---- | C] () -- C:\Users\user\Desktop\kimthy.jpg
[2013/07/31 22:02:56 | 000,065,996 | ---- | C] () -- C:\Users\user\Desktop\alex.jpg
[2013/07/31 21:59:22 | 000,089,714 | ---- | C] () -- C:\Users\user\Desktop\carolina.jpg
[2013/07/31 21:58:39 | 000,077,908 | ---- | C] () -- C:\Users\user\Desktop\taryn2.jpg
[2013/07/31 21:57:54 | 000,075,397 | ---- | C] () -- C:\Users\user\Desktop\taryn.jpg
[2013/07/31 21:57:09 | 000,078,073 | ---- | C] () -- C:\Users\user\Desktop\girl.jpg
[2013/07/31 21:48:44 | 000,017,720 | ---- | C] () -- C:\Users\user\Desktop\picture022.jpg
[2013/07/31 15:59:01 | 000,476,391 | ---- | C] () -- C:\Users\user\Desktop\tumblr_m9a787m6gq1rvz37o.gif
[2013/07/30 23:07:21 | 001,279,627 | ---- | C] () -- C:\Users\user\Desktop\Untitled.png
[2013/07/29 02:38:08 | 000,076,305 | ---- | C] () -- C:\Users\user\Desktop\643948_10151856896546719_1772153304_n.jpg
[2013/07/26 13:12:48 | 000,826,290 | ---- | C] () -- C:\Users\user\Desktop\[000240].apk
[2013/07/24 22:43:22 | 000,001,136 | ---- | C] () -- C:\Users\user\Desktop\Card Data Recovery.lnk
[2013/07/24 22:33:29 | 000,001,215 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\BYclouder HTC Phone Data Recovery.lnk
[2013/07/24 22:33:29 | 000,001,191 | ---- | C] () -- C:\Users\user\Desktop\BYclouder HTC Phone Data Recovery.lnk
[2013/07/24 21:43:49 | 001,283,412 | ---- | C] () -- C:\Users\user\Desktop\11 - Cudi Zone.mp3
[2012/12/20 04:57:50 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/23 23:12:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/17 22:14:13 | 002,399,092 | ---- | C] () -- C:\Users\user\sessionstore.js
[2011/12/30 03:59:37 | 002,184,285 | ---- | C] () -- C:\Users\user\sessionstore.bak
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/06 03:28:12 | 001,883,460 | ---- | C] () -- C:\Users\user\RomanBruts.sav
[2011/10/06 03:28:12 | 001,661,658 | ---- | C] () -- C:\Users\user\Quicksave.sav
[2011/10/06 03:28:11 | 001,883,640 | ---- | C] () -- C:\Users\user\Autosave.sav
[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/08 06:39:09 | 000,005,084 | ---- | C] () -- C:\ProgramData\pstwobai.rnf
[2011/09/08 06:28:12 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/09/08 06:28:12 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 09:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 09:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2009/07/13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2010/11/20 09:25:47 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010/11/20 09:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 09:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2009/07/13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009/07/13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 09:27:23 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< End of report >
  • 0

#5
Phel
Posted 19 August 2013 - 08:26 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
How your computer is running now?

Do you have Avast PUP protection enabled? If not, you can enable it. It will prevent you from such malware type, as Sweetpacks.

Commodo Firewall, not the Internet Security.

Are you sure? :) From the log it looks like you are using Internet Security. It's better uninstall Internet Security (even if you have disabled Malware protection and enabled only firewall) and install standalone Comodo Firewall.

Please, follow these steps:

Step 1. Uninstalling programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.
Programs to uninstall:

  • Special Savings
Step 2. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
After reboot:

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • AdwCleaner window should appear.
  • Click on the Search button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.
Step 3. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

:Files
netsh advfirewall reset /c 
netsh advfirewall set allprofiles state off /c

:Commands
[REBOOT]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Step 4. Changing Chrome Search provider and Homepage.

Your current Chrome Search provider and Homepage are malicious.

Please, follow this instruction and set your Search provider to www.google.com or to something else, what you you want. For Home page, please, follow this instruction.

Step 5. OTL scan.

  • Run OTL.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.
So, please, don't forget to post in your next message:

  • AdwCleaner log
  • OTL log

  • 0

#6
VortexR18
Posted 19 August 2013 - 10:07 AM

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hello again, i activated PUP on my Avast. As far as Commodo goes, do you want me to uninstall everything and just install that firewall? How would i go about doing that.

Also there seems to be a problem with step one, I cant uninstall Special Savings as a pop-up saying "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your supoort personnel or package vendor." and then it closes out without uninstall.

I havent proceeded as I cant do step one.
===============================================
As an aside,as far as the changing of my home page and Chrome search provider instructions go, I don't use Chrome, much less have it on my computer. Atleast I think i don't, its not under my Programs and Features in Control Panel.
  • 0

#7
Phel
Posted 20 August 2013 - 09:19 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

do you want me to uninstall everything and just install that firewall?

No, just uninstall Comodo Internet Security and install Comodo Firewall on it's place. 2 Antivirus programs (since Comodo Internet Security has antivirus protection too) can lead to hangs, system crashes and unstable work of your computer.

Okay, ignore previous message and follow these steps:

Step 1. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

:Files
netsh advfirewall reset /c 
netsh advfirewall set allprofiles state off /c
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A922D91B-9F22-4FAD-9F59-84B72C133C53}]

:Commands
[REBOOT]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Step 2. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
After reboot:

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • AdwCleaner window should appear.
  • Click on the Search button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.
Step 3. OTL scan.

  • Run OTL.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.
So, please, don't forget to post in your next message:

  • AdwCleaner log
  • OTL.txt
  • Extras.txt

  • 0

#8
VortexR18
Posted 22 August 2013 - 01:03 PM

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Sorry work has been keeping me away from computer, ill post logs as soon as im able to.
  • 0

#9
VortexR18
Posted 22 August 2013 - 03:45 PM

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Okay heres the ADW

# AdwCleaner v2.306 - Logfile created 08/22/2013 at 16:39:53
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

*************************

AdwCleaner[R1].txt - [547 octets] - [22/08/2013 16:39:53]
AdwCleaner[S1].txt - [4156 octets] - [18/08/2013 23:15:07]
AdwCleaner[S2].txt - [734 octets] - [22/08/2013 16:35:30]

########## EOF - C:\AdwCleaner[R1].txt - [725 octets] ##########


==========OTL=============

OTL logfile created on: 8/22/2013 4:40:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 78.45% Memory free
16.00 Gb Paging File | 14.22 Gb Available in Paging File | 88.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 900.61 Gb Free Space | 48.34% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/18 23:14:27 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
PRC - [2013/08/17 02:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/28 22:37:31 | 004,284,976 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2009/04/14 15:45:30 | 000,604,704 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2013/08/18 23:14:27 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
MOD - [2013/04/28 22:37:31 | 004,284,976 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/18 16:15:30 | 000,158,936 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/17 01:35:50 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/09 21:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/10 02:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/29 23:34:58 | 000,352,338 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Belkin\F5D7000v8\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2013/08/19 23:56:42 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/19 23:56:41 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/19 23:56:41 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/18 16:16:08 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2011/12/29 23:18:06 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 13:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/29 12:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AE2500w764.sys -- (Linksys_adapter_H)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/18 01:08:00 | 000,081,792 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1053.sys -- (RDID1053)
DRV:64bit: - [2009/09/15 05:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 03:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/03/15 09:18:12 | 000,150,016 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Envy24HF.sys -- (Envy24HFS)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\user\Desktop
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 13 86 DC 89 9C CE 01 [binary data]
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.zerohedge.com/"
FF - prefs.js..extensions.enabledAddons: facepaste.firefox.addon%40azabani.com:2.8
FF - prefs.js..extensions.enabledAddons: mytube%40ashishmishra.in:0.977
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.10
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.zerohedge.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/19 11:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/30 16:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/24 01:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\components [2012/06/07 14:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\plugins

[2011/07/28 15:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/08/17 02:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\91ophi86.default\extensions
[2013/07/24 16:26:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\91ophi86.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/14 00:12:18 | 000,008,860 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\[email protected]
[2013/08/17 00:33:50 | 001,312,907 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\[email protected]
[2013/07/23 14:51:44 | 000,111,441 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\[email protected]
[2013/08/14 17:57:11 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013/08/17 02:51:53 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/07/31 04:26:16 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/29 13:06:35 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/11/01 16:35:16 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/04/04 22:10:18 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/07/23 14:51:44 | 000,275,262 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\searchplugins\askcom.xml
[2013/07/25 18:43:03 | 000,001,793 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\91ophi86.default\searchplugins\Bing.xml
[2013/07/30 16:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/08/18 23:00:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1157184888-2405708076-2557927256-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0190596B-873B-485D-A0A7-604A1F07EDCB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C7EC12F-066B-465F-9090-12C33502AEC6}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CAAAE89-AB1F-456C-A9F3-A3B931FA21A9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{862ADA33-9647-4A56-A8C3-1E36B006388B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a4a7b73-4b03-11e2-94e9-9155c2955633}\Shell - "" = AutoRun
O33 - MountPoints2\{4a4a7b73-4b03-11e2-94e9-9155c2955633}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{761cff2f-3a4c-11e2-8536-bfcd7c759f42}\Shell - "" = AutoRun
O33 - MountPoints2\{761cff2f-3a4c-11e2-8536-bfcd7c759f42}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{761cff30-3a4c-11e2-8536-bfcd7c759f42}\Shell - "" = AutoRun
O33 - MountPoints2\{761cff30-3a4c-11e2-8536-bfcd7c759f42}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e100df-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e100df-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e1010c-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1010c-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e10127-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e10127-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e10135-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e10135-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e1017e-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1017e-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{b0e1017f-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1017f-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{b0e1020a-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1020a-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{b0e1020b-f24b-11e2-a9d1-b83136686d32}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e1020b-f24b-11e2-a9d1-b83136686d32}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/22 16:27:44 | 000,000,000 | ---D | C] -- C:\Users\user\Links
[2013/08/22 16:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/08/22 16:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/08/22 16:25:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Comodo
[2013/08/22 16:24:59 | 000,056,072 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013/08/22 16:24:59 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013/08/22 16:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/08/18 22:57:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/17 02:59:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/08/17 02:57:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013/08/17 02:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/17 02:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/17 02:57:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/17 02:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/17 02:57:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/08/02 02:23:37 | 000,000,000 | ---D | C] -- C:\Users\user\dwhelper
[2013/07/25 04:54:45 | 000,000,000 | ---D | C] -- C:\cygwin
[2013/07/25 02:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2013/07/25 02:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2013/07/25 01:55:36 | 000,000,000 | ---D | C] -- C:\Users\user\.android
[2013/07/25 01:50:18 | 000,000,000 | ---D | C] -- C:\adt-bundle-windows-x86_64-20130717
[2013/07/25 00:45:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Wondershare
[2013/07/24 23:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/07/24 23:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Photo Recovery
[2013/07/24 23:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Photo Recovery
[2013/07/24 23:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2013/07/24 22:53:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\HTC
[2013/07/24 22:52:39 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\HTC
[2013/07/24 22:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2013/07/24 22:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2013/07/24 22:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2013/07/24 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Card Data Recovery
[2013/07/24 22:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Card Data Recovery
[2013/07/24 22:40:29 | 000,000,000 | ---D | C] -- C:\Users\user\Downloads
[2013/07/24 22:33:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BYclouder HTC Phone Data Recovery
[2013/07/24 22:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BYclouder HTC Phone Data Recovery
[2013/07/24 22:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BYclouder HTC Phone Data Recovery
[2013/07/24 22:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[2013/07/24 22:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSupport.com
[2013/07/24 21:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013/07/24 01:58:15 | 000,000,000 | ---D | C] -- C:\LanguageNames2
[2013/07/24 01:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/07/24 01:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

========== Files - Modified Within 30 Days ==========

[2013/08/22 16:37:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/22 16:37:02 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/22 16:36:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/22 16:36:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/22 16:24:59 | 000,056,072 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013/08/22 16:24:59 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013/08/19 23:56:42 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/19 23:56:42 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/19 23:56:41 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/19 23:56:41 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/19 23:56:41 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/19 23:56:41 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/19 11:56:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/08/18 23:24:21 | 005,078,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/18 23:24:21 | 001,610,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/18 23:24:21 | 000,005,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/18 23:14:27 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013/08/18 23:00:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/08/17 02:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/07/30 16:54:41 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/25 18:14:32 | 1527,684,903 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/25 17:41:33 | 000,302,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/24 22:33:29 | 000,001,215 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\BYclouder HTC Phone Data Recovery.lnk

========== Files Created - No Company Name ==========

[2013/08/19 23:56:42 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/19 23:56:42 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/19 23:56:42 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/18 23:14:27 | 000,666,633 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013/07/24 22:33:29 | 000,001,215 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\BYclouder HTC Phone Data Recovery.lnk
[2012/12/20 04:57:50 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/23 23:12:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/17 22:14:13 | 002,399,092 | ---- | C] () -- C:\Users\user\sessionstore.js
[2011/12/30 03:59:37 | 002,184,285 | ---- | C] () -- C:\Users\user\sessionstore.bak
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/06 03:28:12 | 001,883,460 | ---- | C] () -- C:\Users\user\RomanBruts.sav
[2011/10/06 03:28:12 | 001,661,658 | ---- | C] () -- C:\Users\user\Quicksave.sav
[2011/10/06 03:28:11 | 001,883,640 | ---- | C] () -- C:\Users\user\Autosave.sav
[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/08 06:39:09 | 000,005,084 | ---- | C] () -- C:\ProgramData\pstwobai.rnf
[2011/09/08 06:28:12 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/09/08 06:28:12 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 09:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


============EXTRAS=====================

OTL Extras logfile created on: 8/22/2013 4:40:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 78.45% Memory free
16.00 Gb Paging File | 14.22 Gb Available in Paging File | 88.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 900.61 Gb Free Space | 48.34% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{A0BABADE-E154-4F08-97A1-2903CD110E88}" = COMODO Firewall
"{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90C43C31-862C-46AD-92A5-2D29E1B68179}" = Belkin Wireless G PCI Adapter
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.2.3
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"BYclouder HTC Phone Data Recovery" = BYclouder HTC Phone Data Recovery
"Card Data Recovery" = Card Data Recovery
"Earth Screensaver HD" = Earth Screensaver HD
"Edirol HQ Orchestral v1.01" = Edirol HQ Orchestral v1.01
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.4.513
"FL Studio 10" = FL Studio 10
"Guild Wars 2" = Guild Wars 2
"HTC_WModemDriver" = WModem Driver Installer
"IL Download Manager" = IL Download Manager
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN
"Polipo" = Polipo 1.0.4.1
"Rainmeter" = Rainmeter
"SIGTrader 4" = SIGTrader 4
"SpeedFan" = SpeedFan (remove only)
"Steam App 10500" = Empire: Total War
"Steam App 202920" = Total War: Shogun 2 - TEd
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 4700" = Medieval II: Total War
"Steam App 91310" = Dead Island
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"Tor" = Tor 0.2.2.35
"TrueCrypt" = TrueCrypt
"Vidalia" = Vidalia 0.2.15
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"Wondershare Data Recovery for Android_is1" = Wondershare Data Recovery for Android(Build 1.0.0.18)
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1157184888-2405708076-2557927256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Guild Wars" = Guild Wars
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/22/2013 2:31:01 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: League of Legends.exe, version: 3.10.0.237,
time stamp: 0x51f352a7 Faulting module name: cgD3D9.dll, version: 3.0.0.16, time
stamp: 0x4d55a06f Exception code: 0xc0000005 Fault offset: 0x000b6539 Faulting process
id: 0x67c Faulting application start time: 0x01ce9f00c91cb040 Faulting application
path: C:\Users\user\Documents\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.239\deploy\League
of Legends.exe Faulting module path: C:\Users\user\Documents\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.239\deploy\cgD3D9.dll
Report
Id: 695baac0-0af4-11e3-ab12-e9f8898b7e53

Error - 8/22/2013 4:25:52 PM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/22/2013 4:26:25 PM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/22/2013 4:26:25 PM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/22/2013 4:27:06 PM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary COMODO Internet Security Sandbox Driver. System Error: The system cannot
find the file specified. .

Error - 8/22/2013 4:27:06 PM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary COMODO Internet Security Helper Driver. System Error: The system cannot
find the file specified. .

Error - 8/22/2013 4:27:06 PM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service COMODO Internet Security Helper Service since QueryServiceConfig API
failed System Error: The system cannot find the file specified. .

Error - 8/22/2013 4:28:12 PM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary COMODO Internet Security Sandbox Driver. System Error: The system cannot
find the file specified. .

Error - 8/22/2013 4:28:12 PM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary COMODO Internet Security Helper Driver. System Error: The system cannot
find the file specified. .

Error - 8/22/2013 4:28:12 PM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service COMODO Internet Security Helper Service since QueryServiceConfig API
failed System Error: The system cannot find the file specified. .

[ System Events ]
Error - 8/21/2013 2:29:50 PM | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =

Error - 8/21/2013 3:02:08 PM | Computer Name = user-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 10.0.0.21 with
the system having network hardware address 00-22-48-A4-AF-81. Network operations
on this system may be disrupted as a result.

Error - 8/21/2013 4:07:28 PM | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =

Error - 8/21/2013 4:07:28 PM | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =

Error - 8/22/2013 2:21:18 PM | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =

Error - 8/22/2013 2:21:18 PM | Computer Name = user-PC | Source = DCOM | ID = 10016
Description =

Error - 8/22/2013 4:32:25 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
%%3

Error - 8/22/2013 4:33:49 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 8/22/2013 4:37:15 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.01 service failed to start due to the following error:
%%3

Error - 8/22/2013 4:38:28 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#10
Phel
Posted 23 August 2013 - 03:28 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
How your computer is running now?

Step 1. MBAM scan.

Run Malwarebytes Anti-Malware.
  • Go to the Update tab.
  • Click on the Check for updates button. New small window should appear.
  • If an update is found, it will download and install the latest definitions.
  • Go back to the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
So, please, don't forget to post in your next message:

  • ESET Online Scanner's log
  • MBAM log

  • 0

#11
VortexR18
Posted 25 August 2013 - 04:38 PM

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Computer is running good so far, no problems.

MBAM Log
=====================
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

8/25/2013 2:18:43 PM
mbam-log-2013-08-25 (14-18-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269331
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET
=============

C:\Program Files\CPUID\cnet2_cpu-z_1_59-setup-en_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\CPUID\HWMonitor\hwmonitor_1.17-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files (x86)\Winamp\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Downloaded Installations\{A5793338-143F-495D-A32F-365583A24883}\Movavi Video Converter 3D.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\user\Desktop\Storage\Desktop Before Cleaning OTL\Recover\[000257].zip a variant of Android/Adware.Youmi.B application deleted - quarantined
C:\Users\user\Desktop\Storage\Desktop Before Cleaning OTL\Recover\[000293].zip a variant of Android/Walien.F application deleted - quarantined
C:\Users\user\Desktop\Storage\Desktop Before Cleaning OTL\Recover\[000257]\classes.dex a variant of Android/Adware.Youmi.B application cleaned by deleting - quarantined
C:\Users\user\Desktop\Storage\Desktop Before Cleaning OTL\Recover\[000293]\classes.dex a variant of Android/Walien.F application cleaned by deleting - quarantined
C:\Users\user\Desktop\Storage\New folder\SoftonicDownloader_for_hwmonitor.exe Win32/SoftonicDownloader application cleaned by deleting - quarantined
C:\Users\user\Documents\cpu-z_1.59-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Installer\MSIB026.tmp a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08182013_225759\C_Program Files\Updater By SweetPacks\Extension32.dll a variant of Win32/Toolbar.Perion.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08182013_225759\C_Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe a variant of Win32/Toolbar.BitCocktail.B application cleaned by deleting - quarantined
  • 0

#12
Phel
Posted 27 August 2013 - 07:00 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Congratulations, your PC is clean now. :)

However, you need to follow some important steps to remove tools and prevent infection again.

Warning! I have noticed, that you are using P2P (Peer-to-peer)-programs.

I see that you have installed program, called Azureus (Vuze). This program is classified as P2P-program - program, which is downloading content (movies, music, programs and etc.) via P2P-networks (torrents). P2P-networks are a huge source of malware, so you can easily pick up it.

So, I strongly recommend you to remove this program from your computer. If you don't want to remove this program from your computer, please, at least be very careful, what are you downloading from torrents.

Step 1. Uninstalling Programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.
Programs to uninstall:

  • ESET Online Scanner
  • Malwarebytes Anti-Malware
  • Vuze - optional
Step 2. Uninstall AdwCleaner.

  • Run AdwCleaner on your Desktop.
  • Click Uninstall button.
  • AdwCleaner will be removed from your computer.
Step 3. CleanUp.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
[EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • After reboot run OTL again.
  • Click on CleanUp button.
  • OTL will be removed from your computer.
Here are some recommendations for you, how to stay safe in the internet.

  • Keep your system up-to-date. It will increase your protection level, because sometimes malware can use system vulnerabilities.

    To learn more, how to turn Automatic Updates on, if you haven't turned it on before, click here.
  • Keep another software up-to-date too. Malware can often use third party software vulnerabilities.

    You can monitor news about vulnerabilities or just simply install software, which will scan your computer for outdated and vulnerable software versions. If outdated version is found, this software will notify you about it and even install updates automatically.

    One of these programs is Secunia Personal Software Inspector. It requires installation, you can learn more about it here. This software also has online version - Secunia Online Software Inspector. It's Java applet, which requires Java Runtime Environment. You can learn more about it here.

    Another good program is FileHippo.com Update Checker. It requires installation and it scans your computer very rapidly. You can learn more about it here.
  • Keep your antivirus software always up-to-date.

    Turn on automatic definition updates for your antivirus, if you haven't turned it on before, it's a basis of protection. Don't forget to keep your antivirus engine version up-to-date, new versions usually have advanced functionality. They can clean and prevent infections more effectively, than outdated versions.
  • Use limited user account. It will considerably increase your level of protection.

    90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing in the internet. If you are using Windows 7/Vista, then you'll need to create new User with limited rights.
  • Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.

    Sometimes malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. Here you can find a nice tutorial, how to create strong passwords. For each account in the internet create individual password.
Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you! :)
  • 0

#13
VortexR18
Posted 02 September 2013 - 03:25 PM

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Thank you so much for the time! Will do all the recommendations you suggested.

You are a great person, keep doing your thing. :)
  • 0

#14
Phel
Posted 03 September 2013 - 01:49 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
You are welcome / Thank you. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP