Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with rootkit, was redirected here. [Solved]


  • This topic is locked This topic is locked

#1
Down_with_malware

Down_with_malware

    Member

  • Member
  • PipPipPip
  • 173 posts
Hello there! I went to the Windows 7 section of the forums to report my PC slowing down/acting unusual. I thought it

was something else other then malware because I scanned with malwarebytes and AVG with no real results. I caught like

three pup's but those are usually nothing. Here is the topic where I came from: http://www.geekstogo...87#entry2333787

Also here is the OTL log. :)

OTL logfile created on: 9/23/2013 10:05:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raymond\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 23.38% Memory free
7.78 Gb Paging File | 3.63 Gb Available in Paging File | 46.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.28 Gb Total Space | 271.42 Gb Free Space | 59.75% Space Free | Partition Type: NTFS

Computer Name: RAYMOND-PC | User Name: Raymond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/23 10:02:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raymond\Desktop\OTL.exe
PRC - [2013/09/17 12:05:52 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/10 14:36:14 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/09/06 15:55:40 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/09/06 15:55:38 | 001,811,368 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/08/15 06:18:28 | 002,314,416 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/08/15 06:18:28 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
PRC - [2013/08/15 06:18:28 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
PRC - [2013/08/07 13:59:58 | 000,601,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2013/08/07 13:59:08 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013/08/07 13:58:48 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2013/08/07 13:58:44 | 000,366,408 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2013/08/07 13:58:36 | 000,260,424 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2013/08/07 13:58:32 | 000,376,648 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/06 16:59:45 | 001,925,656 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Raymond\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 00:21:14 | 000,583,968 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2013/01/02 15:34:14 | 001,073,152 | ---- | M] ( ) -- C:\Users\Raymond\Desktop\Byond temp\BYOND\bin\byond.exe
PRC - [2012/11/28 17:28:22 | 000,548,264 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012/11/28 17:28:20 | 002,670,496 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2012/11/28 17:28:16 | 006,655,912 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/04/05 21:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/03/01 13:57:36 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/14 21:20:12 | 002,151,776 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
PRC - [2011/01/14 21:20:04 | 000,415,072 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/05/20 16:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/10/10 11:07:04 | 001,728,512 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/17 12:05:49 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/12 04:19:03 | 000,653,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\df97db35cefe90e521b576b37287c9fb\HD-Agent.ni.exe
MOD - [2013/09/12 04:18:51 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\4296acdc143e8ec208ae01f50c26e78b\JSON.ni.dll
MOD - [2013/09/10 14:36:13 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/06 15:55:40 | 001,120,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/08/21 17:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/08/15 06:18:28 | 002,314,416 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/08/15 06:18:28 | 000,521,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
MOD - [2013/08/15 06:18:28 | 000,144,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
MOD - [2013/08/07 14:31:06 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/05/15 03:46:57 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/15 03:14:04 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac75f3ab477cbd11c9b006da280d4afc\System.Windows.Forms.ni.dll
MOD - [2013/05/15 03:13:48 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\256cf8bea4eb9fe53e40a55d0880a82f\WindowsBase.ni.dll
MOD - [2013/05/15 03:13:45 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\213a5e78cf78cb4643782fbbe4749631\System.Core.ni.dll
MOD - [2013/05/15 03:13:35 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cd135f4c2e6e3fb8c1932939c04904e2\System.Configuration.ni.dll
MOD - [2013/05/15 03:06:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/15 03:05:44 | 012,473,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e875b7c5748d57efe3dffc1a02ff973a\System.Windows.Forms.ni.dll
MOD - [2013/05/15 03:05:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/15 03:05:14 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/15 03:04:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/04/26 05:37:15 | 000,256,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\43bff3a78f05a0ab49498d938c29e3ca\WindowsFormsIntegration.ni.dll
MOD - [2013/04/26 03:11:26 | 000,777,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\02270faaa2755bbcb40f26b5ffd6dd8f\System.EnterpriseServices.ni.dll
MOD - [2013/04/26 03:11:26 | 000,249,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\02270faaa2755bbcb40f26b5ffd6dd8f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/04/26 03:11:09 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d8e2d3037c3d36f5a7c763970400e79c\System.Drawing.ni.dll
MOD - [2013/04/26 03:10:15 | 000,641,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\e492c172f08e8af816d5ceba961a1b17\System.Transactions.ni.dll
MOD - [2013/04/26 03:10:05 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\186f94773130bc17c5b86c0c7d491a91\System.Runtime.Serialization.ni.dll
MOD - [2013/04/26 03:10:02 | 007,249,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\f6806dd595248a041dc3ab760d3a3619\System.Data.ni.dll
MOD - [2013/04/26 03:09:58 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f1d702efac188b6774d5134b13fc341a\System.Xaml.ni.dll
MOD - [2013/04/26 03:09:55 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\130613a664d9a4237b5b22c3c80f6d96\System.Xml.ni.dll
MOD - [2013/04/26 03:09:55 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7fb8210e421ab4a504b3ad275ca5e15b\PresentationFramework.Aero.ni.dll
MOD - [2013/04/26 03:09:53 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a293dc4041e837d437fb0bf058d7a4c3\PresentationFramework.ni.dll
MOD - [2013/04/26 03:09:40 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\65d8ef00d3e0ecf90bbb5996062a4376\System.Management.ni.dll
MOD - [2013/04/26 03:09:39 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7bdcdba46ca24feaabe9905109137e48\PresentationCore.ni.dll
MOD - [2013/04/26 03:09:27 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll
MOD - [2013/04/26 03:09:20 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\506bcca8d286f754825f3f1b0bf64894\mscorlib.ni.dll
MOD - [2013/03/08 00:17:18 | 001,425,920 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2013/03/08 00:17:18 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
MOD - [2013/03/08 00:17:18 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
MOD - [2013/03/08 00:17:05 | 000,336,896 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2013/03/08 00:17:04 | 007,816,192 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2013/02/13 05:33:54 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/13 05:33:48 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/13 05:33:47 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/09 15:20:07 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 15:20:06 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll
MOD - [2013/01/09 08:35:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 08:34:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 08:34:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 08:33:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 08:33:48 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 05:09:36 | 001,661,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1a05479a95f137497a8484c8f5079d02\System.Drawing.ni.dll
MOD - [2012/12/12 21:30:10 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/14 21:20:12 | 002,151,776 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
MOD - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 14:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 14:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 14:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 14:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 14:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/01 12:03:44 | 000,344,384 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/10/16 12:58:54 | 000,155,888 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/09/19 22:36:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/06 15:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/15 06:18:28 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/08/07 13:59:08 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013/08/07 13:58:48 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/07/01 09:25:08 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 00:21:14 | 000,583,968 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/02/19 22:49:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/28 17:28:22 | 000,548,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/09/20 16:12:05 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/03/08 12:21:00 | 003,986,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/01/14 21:20:04 | 000,415,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
SRV - [2010/11/20 07:38:56 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/29 03:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/15 06:18:28 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/20 17:23:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/07/31 10:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 14:55:09 | 000,004,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:25:46 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/20 16:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/21 13:01:34 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2)
DRV:64bit: - [2009/07/30 22:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 07:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/10/01 17:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/07/26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2006/11/28 22:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 22:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/08/07 13:59:00 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012/11/13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2012/05/11 14:03:24 | 000,050,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\koramgame\STOnline\avital\wyqku64.sys -- (uqk)
DRV - [2011/12/16 22:11:05 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {742E0F43-608E-4F12-A842-B6FB5E00CE7C}
IE:64bit: - HKLM\..\SearchScopes\{742E0F43-608E-4F12-A842-B6FB5E00CE7C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F89B06FE-6877-46C2-A478-1052A80277BE}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKLM\..\SearchScopes\{F89B06FE-6877-46C2-A478-1052A80277BE}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.blekk...DC&tbp=homepage
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F89B06FE-6877-46C2-A478-1052A80277BE}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekk...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....fr&d=2013-07-11 18:49:29&v=15.3.0.11&pid=safeguard&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\BYOND: C:\Users\Raymond\Desktop\Byond temp\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Raymond\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Raymond\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Raymond\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 [2013/08/15 06:19:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/17 12:05:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/17 12:05:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/17 12:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/17 12:05:23 | 000,000,000 | ---D | M]

[2010/11/26 00:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Extensions
[2013/08/09 01:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\emjns1bq.default-1366000464933\extensions
[2013/04/14 23:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2o6k0.default\extensions
[2013/04/14 23:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2o6k0.default\extensions\{80987362-6216-49bc-98e4-77e6cf71a5d7}
[2013/04/14 23:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2o6k0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/09 01:59:59 | 000,313,049 | ---- | M] () (No name found) -- C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\emjns1bq.default-1366000464933\extensions\[email protected]
[2013/09/17 12:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/17 12:05:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/17 12:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/17 12:05:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/15 19:03:52 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 18:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2013/08/26 20:42:14 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012/04/27 11:54:36 | 000,002,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml

O1 HOSTS File: ([2011/12/23 04:23:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\yt.dll File not found
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files (x86)\searchcom_001\searchcom_001X.dll ()
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files (x86)\searchcom_001\searchcom_001X.dll ()
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLQLU] C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Raymond\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Dyyno Launcher] C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Raymond\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\Raymond\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 6d0a288c80a347d0a3a969e52938158a-2e02fea7cb7fc60c940d8c820a158f443230407d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" File not found
O4 - Startup: C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5605AF0-2CAB-4CA4-A3D4-639E7856CAA5}: DhcpNameServer = 172.16.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/23 10:02:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Raymond\Desktop\OTL.exe
[2013/09/22 18:13:20 | 000,358,923 | ---- | C] (Farbar) -- C:\Users\Raymond\Desktop\FSS.exe
[2013/09/22 15:18:47 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\Raymond\Desktop\MiniToolBox.exe
[2013/09/21 23:17:49 | 000,000,000 | ---D | C] -- C:\Users\Raymond\Desktop\dp_betastyleroboldier
[2013/09/21 23:16:16 | 000,000,000 | ---D | C] -- C:\Users\Raymond\Desktop\Extraction Folder
[2013/09/18 22:38:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{25E6D7F6-CF1E-44DE-A992-1BCCB8100732}
[2013/09/17 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/15 10:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/15 02:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/09/15 02:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2013/09/13 09:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/12 04:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2013/09/12 04:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2013/09/12 04:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013/09/12 04:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013/09/10 21:42:02 | 000,000,000 | ---D | C] -- C:\Users\Raymond\AppData\Roaming\OBS
[2013/09/10 21:41:58 | 000,000,000 | ---D | C] -- C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
[2013/09/10 21:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS
[2013/09/05 01:43:42 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/08/27 01:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013/08/27 01:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/23 10:02:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raymond\Desktop\OTL.exe
[2013/09/23 09:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/23 07:22:12 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-846124840-1575257757-4093298459-1000UA.job
[2013/09/22 18:14:13 | 000,358,923 | ---- | M] (Farbar) -- C:\Users\Raymond\Desktop\FSS.exe
[2013/09/22 16:22:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-846124840-1575257757-4093298459-1000Core.job
[2013/09/22 15:23:40 | 000,046,267 | ---- | M] () -- C:\Users\Raymond\Desktop\rayman.png
[2013/09/22 15:18:46 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\Raymond\Desktop\MiniToolBox.exe
[2013/09/22 13:32:46 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/22 13:31:39 | 000,031,872 | ---- | M] () -- C:\Users\Raymond\Desktop\example= crappy but its something.png
[2013/09/20 17:36:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 17:36:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 19:41:35 | 000,000,768 | ---- | M] () -- C:\Users\Raymond\Desktop\Toribash.lnk
[2013/09/19 14:45:45 | 000,781,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/19 14:45:45 | 000,661,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/19 14:45:45 | 000,121,940 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/18 22:38:44 | 000,001,634 | ---- | M] () -- C:\Users\Public\Desktop\ActiveWorlds.lnk
[2013/09/17 14:58:25 | 000,002,046 | ---- | M] () -- C:\Users\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/17 14:31:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/17 14:31:02 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2013/09/17 14:31:00 | 2415,120,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/17 14:30:15 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/09/15 02:21:19 | 000,001,095 | ---- | M] () -- C:\Users\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2013/09/15 02:21:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\XSplit Broadcaster.lnk
[2013/09/13 09:11:37 | 000,002,064 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2013/09/13 09:11:29 | 000,000,110 | ---- | M] () -- C:\Windows\SysWow64\usergui.cfg
[2013/09/13 09:10:53 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/09/12 04:18:08 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk
[2013/09/12 04:18:03 | 000,001,769 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2013/09/11 15:24:51 | 000,000,222 | ---- | M] () -- C:\Users\Raymond\Desktop\Awesomenauts.url
[2013/09/10 22:17:31 | 000,026,534 | ---- | M] () -- C:\Users\Raymond\Desktop\avatar.jpg
[2013/09/10 22:11:27 | 000,041,545 | ---- | M] () -- C:\Users\Raymond\Desktop\avatar.png
[2013/09/10 21:57:22 | 000,000,222 | ---- | M] () -- C:\Users\Raymond\Desktop\Amnesia A Machine for Pigs.url
[2013/09/10 21:45:31 | 000,001,126 | ---- | M] () -- C:\Users\Raymond\Desktop\Free Screen To Video.lnk
[2013/09/10 21:41:58 | 000,000,897 | ---- | M] () -- C:\Users\Raymond\Desktop\Open Broadcaster Software.lnk
[2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/08/27 01:22:18 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/22 13:50:29 | 000,046,267 | ---- | C] () -- C:\Users\Raymond\Desktop\rayman.png
[2013/09/22 13:31:36 | 000,031,872 | ---- | C] () -- C:\Users\Raymond\Desktop\example= crappy but its something.png
[2013/09/19 19:41:35 | 000,000,768 | ---- | C] () -- C:\Users\Raymond\Desktop\Toribash.lnk
[2013/09/18 22:38:44 | 000,001,634 | ---- | C] () -- C:\Users\Public\Desktop\ActiveWorlds.lnk
[2013/09/17 14:30:15 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/09/15 10:52:49 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/15 02:21:19 | 000,001,095 | ---- | C] () -- C:\Users\Raymond\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2013/09/15 02:21:19 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\XSplit Broadcaster.lnk
[2013/09/12 04:18:08 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk
[2013/09/12 04:18:03 | 000,001,769 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2013/09/11 15:24:51 | 000,000,222 | ---- | C] () -- C:\Users\Raymond\Desktop\Awesomenauts.url
[2013/09/10 22:11:26 | 000,041,545 | ---- | C] () -- C:\Users\Raymond\Desktop\avatar.png
[2013/09/10 21:57:22 | 000,000,222 | ---- | C] () -- C:\Users\Raymond\Desktop\Amnesia A Machine for Pigs.url
[2013/09/10 21:45:30 | 000,001,126 | ---- | C] () -- C:\Users\Raymond\Desktop\Free Screen To Video.lnk
[2013/09/10 21:41:58 | 000,000,897 | ---- | C] () -- C:\Users\Raymond\Desktop\Open Broadcaster Software.lnk
[2013/07/11 18:49:20 | 000,003,724 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/04/26 02:51:06 | 000,851,968 | ---- | C] () -- C:\Users\Raymond\DevelopmentStorageDb201210_log.ldf
[2013/04/26 02:51:05 | 003,211,264 | ---- | C] () -- C:\Users\Raymond\DevelopmentStorageDb201210.mdf
[2012/12/02 22:28:04 | 000,027,520 | ---- | C] () -- C:\Users\Raymond\AppData\Local\dt.dat
[2012/09/06 22:21:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/06 22:19:01 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/06 22:19:01 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/06 22:19:00 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/30 23:40:15 | 000,000,005 | ---- | C] () -- C:\Users\Raymond\AppData\Roaming\.sunvox_pateditor
[2012/03/30 23:30:39 | 000,000,001 | ---- | C] () -- C:\Users\Raymond\AppData\Roaming\.sunvox_colortheme
[2011/12/13 21:48:39 | 000,011,860 | -HS- | C] () -- C:\Users\Raymond\AppData\Local\4b84ro5w41w248
[2011/12/13 21:48:39 | 000,011,860 | -HS- | C] () -- C:\ProgramData\4b84ro5w41w248
[2011/11/28 19:04:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/28 19:04:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/28 19:04:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/28 19:04:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/28 19:04:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/28 17:23:21 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/11/28 03:05:05 | 000,010,006 | -HS- | C] () -- C:\ProgramData\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620
[2011/11/28 03:05:04 | 000,010,006 | -HS- | C] () -- C:\Users\Raymond\AppData\Local\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620
[2011/10/19 12:27:14 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/01 14:06:10 | 000,041,554 | ---- | C] () -- C:\Users\Raymond\world.jar
[2011/05/01 14:06:10 | 000,040,429 | ---- | C] () -- C:\Users\Raymond\gamepack.jar
[2011/03/17 19:47:40 | 000,013,555 | ---- | C] () -- C:\Users\Raymond\ada - Shortcut.lnk
[2010/12/12 16:17:09 | 000,251,251 | ---- | C] () -- C:\Users\Raymond\cp4.PNG
[2010/12/12 16:17:09 | 000,076,177 | ---- | C] () -- C:\Users\Raymond\cp2.PNG
[2010/12/12 16:17:09 | 000,056,201 | ---- | C] () -- C:\Users\Raymond\cp1.PNG
[2010/12/12 16:17:09 | 000,048,654 | ---- | C] () -- C:\Users\Raymond\cp3.PNG
[2010/12/11 01:14:37 | 000,266,458 | ---- | C] () -- C:\Users\Raymond\crouton dave.PNG
[2010/12/11 01:14:37 | 000,092,145 | ---- | C] () -- C:\Users\Raymond\teatime.PNG
[2010/12/03 09:59:21 | 000,009,728 | ---- | C] () -- C:\Users\Raymond\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 23:44:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/11 18:11:56 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\.minecraft
[2013/05/25 02:57:16 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Audacity
[2012/12/13 15:40:35 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\AVG2013
[2013/06/18 14:43:54 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Awesomium
[2012/01/01 23:25:10 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Blender Foundation
[2013/02/20 13:05:10 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Blueberry
[2011/04/28 01:29:49 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/11 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Curse Advertising
[2013/04/24 12:46:56 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Dev-Cpp
[2011/02/05 16:07:43 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\dingogames
[2011/09/29 13:27:57 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Dyyno
[2011/09/16 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\fltk.org
[2013/05/04 08:32:19 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\GameMaker-Studio
[2013/02/05 19:17:06 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Gyazo
[2011/09/17 19:38:25 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\ijjigame
[2012/05/11 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\KlLauncherST
[2012/02/06 01:45:34 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\LEGO Company
[2010/12/03 14:55:24 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\LogSys
[2012/09/11 16:58:29 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Mumble
[2011/12/29 04:27:28 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Notepad++
[2013/09/10 21:42:02 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\OBS
[2012/01/01 15:49:56 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Origin
[2013/08/25 13:14:53 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\PFStaticIP
[2013/02/11 03:01:34 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Publish Providers
[2013/05/22 01:37:05 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Screaming Bee
[2013/09/02 18:32:05 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\SoftGrid Client
[2013/02/11 03:01:29 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Sony
[2012/04/27 09:53:02 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\SplitMediaLabs
[2011/10/09 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\SPORE
[2013/01/10 03:53:05 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Subversion
[2012/05/05 14:01:36 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\TeamViewer
[2011/07/01 13:40:23 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\TP
[2012/12/13 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\TuneUp Software
[2012/12/19 04:26:07 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\UDP Software
[2011/01/24 03:36:13 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Unity
[2013/05/11 19:41:13 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Windows Live Writer
[2013/04/19 15:11:19 | 000,000,000 | ---D | M] -- C:\Users\Raymond\AppData\Roaming\Wireshark

========== Purity Check ==========



< End of report >

Also here is the Extra log.


OTL Extras logfile created on: 9/23/2013 10:05:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raymond\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 23.38% Memory free
7.78 Gb Paging File | 3.63 Gb Available in Paging File | 46.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.28 Gb Total Space | 271.42 Gb Free Space | 59.75% Space Free | Partition Type: NTFS

Computer Name: RAYMOND-PC | User Name: Raymond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15349B81-78D7-4D4A-B951-38DBEAB6E604}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{355946CD-61DE-4E53-8D03-1EEC1DD6678A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{55F74CD0-3BC6-41F0-BC50-CE377B74B2B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F65F299-B34C-4960-9DCC-D9481BADEE1C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{601C3554-ED11-44B9-A629-3FA8D4F0AB82}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{830A5441-0CBE-4174-89D3-EE441DCBE073}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8D1695BF-D307-40F9-BAB3-E0DD219B9FA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F2D5069-2852-4331-9EBF-2FD4C87EEC95}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A09731AD-C376-43E3-80FB-7134A8896BC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BC1EC869-8453-4B07-83C5-A2816516A706}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D021B756-BEF6-45BF-8ED9-B4DCA5086EB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBAF1C79-54A4-4750-94BE-8FCCBDDE18A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E098E299-C0F0-41C3-8856-B34C85B2C229}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E646B4BE-9913-4D4F-BBED-62160A1BC222}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F962C467-FD24-41ED-94AE-9F7313CC7C4D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBC6F8B4-3D4A-4204-83A8-2E35FB5C0C43}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021BB24B-F940-49BC-8DB0-F17D1A4112F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{06189121-B9C4-4024-BA40-BFD2226C542D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{08EA83C3-FD1B-499D-AE70-34E316480405}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{097D2FAD-70F5-4C73-8923-151B3FDD02DB}" = protocol=17 | dir=in | app=d:\setupassistance\fscommand\dlact.exe |
"{0F9863A7-61C6-4B68-A7DE-D0C5EDD6C6F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{12EB0376-C1C5-4065-B427-316050F11919}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{160661B3-F902-41F9-84A3-2B26936C4B21}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17FFBC82-2273-4477-8E15-BC875C84D212}" = protocol=6 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dgcsrv.exe |
"{1811E5DC-3E7C-4018-B583-68AF10B9E97A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{1BF2F8AF-1538-4E5B-B59F-6178A15DA5AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{1CC1B5F3-4DB6-4865-9010-CFDE12466FFF}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{2C280F6F-D0E9-4475-B8CC-D1F3D003A068}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DAFCC29-B8AA-42E0-B0EC-A094AC44B4A6}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{31C3B60E-839C-46C6-9290-FDAFBD07B57D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{341B68B7-FF9A-4E5E-BD99-445498FC630C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{378CEBA0-16ED-42E7-A480-2EC171C5197A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{3992FDE3-C401-4B0E-8C46-F4B4183726E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{3E83019E-786B-49BC-947E-0AE28041EB60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{41DED2F3-2452-448E-951E-DE5F1BEFF229}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{4616083A-6611-4DE4-999B-CF7FE40A6CBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C97F2B9-2732-4E0E-9EEE-5BFE1D77B381}" = protocol=6 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dppm_source.exe |
"{4F404E88-52BD-4985-B0CD-718D2CC6F3A3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{53E0EDC5-D661-4FBB-BCBC-3372CFB5D81D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{59621420-4AB2-49D5-B585-189CDE6E7F5B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{5A4015AD-3E88-4F32-AF98-ED02DB679FFB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5E4544D9-3064-4869-9FB3-962772438B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"{68112DCD-1249-457B-B985-119FEC88C0C5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6B1854F9-CD85-4E7D-AB06-799FDC4C93CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C47C05B-4F67-4F7A-9661-D2A0633C446F}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{72135397-6D9F-4C4B-AAAA-DD9E2040677E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{75A0C1E1-DB96-41E6-8A92-822BDBE0EE8B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{7607CE5E-27E3-4114-A306-EBD63EEA5B56}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{7977C8C5-5AB2-4AC8-BD65-7BB4F0165B05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F4B492E-65DC-444C-A566-A1A39712E249}" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"{8C2AC98B-C642-4704-8B39-7470FD9814E1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8DFA13B4-FDC1-474D-BA16-2397EF3CC320}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{910461C9-A7F1-4E60-803F-274BA8F28896}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{92496D45-AA48-46AA-914E-877C8933A376}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{9A3CFBBC-A562-47AF-986A-07070F4AF1EB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A0D460D9-F30E-4EA0-B7B4-62824A44869A}" = protocol=6 | dir=in | app=d:\setupassistance\fscommand\dlact.exe |
"{B1203B33-B711-4245-99E6-57D79DF5F715}" = protocol=17 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dgcsrv.exe |
"{B29EBD58-5DF9-458F-8D2E-518D656EEB8C}" = protocol=17 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dppm_source.exe |
"{B500B900-8CAF-4616-AE3A-CCD182DEE516}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCED8533-3FFB-412C-8A7E-2E726D53FAA2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{BECFF8CD-374C-48ED-84DF-65B3C8F3AB75}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C26088A8-21A7-4BE1-94F4-A77D7C20307A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C67C12BE-279C-4829-A6F4-DA6AA84BF26F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF1B7CEA-8B83-4A26-BC59-57057146ACAC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D716D9D5-F1E6-491C-B2F1-300B148DFCC4}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{DEEA3B55-82ED-4487-8EB0-A8F9E9FFBE65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E09CA45E-8549-4995-A251-7CF87C9E47D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7DB0CFC-A5A9-467E-91DD-CB6B5D910E49}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{ED51FB1C-B067-4433-A7B5-54E52941A4BE}" = protocol=6 | dir=in | app=c:\users\raymond\appdata\local\temp\set8ca4.tmp |
"{F62BBD36-9F35-49D1-80AC-EE02DF8A3CC4}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F954EC47-8999-4DCD-83BC-A791CE76E6BE}" = protocol=17 | dir=in | app=c:\users\raymond\appdata\local\temp\set8ca4.tmp |
"{FB983D5D-5733-4639-9A00-7C320430CB56}" = protocol=6 | dir=out | app=system |
"{FD4A91ED-C9AA-4838-8449-0B9D5355DE88}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FF5F7289-3862-436C-9108-ED43450A5F4F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{0BA0926E-9266-418F-84AD-D7D307BD501E}C:\program files (x86)\java\jdk1.6.0_23\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_23\jre\bin\javaw.exe |
"TCP Query User{18C5F7BB-7FD1-48C5-BEA8-0B24D1DC4515}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{2E25EB1C-B870-4A0E-B0AE-5BCFC53E81B8}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"TCP Query User{355F3607-6ED3-4702-A065-1D6283C0B6A2}C:\users\raymond\appdata\local\temp\set8ca4.tmp" = protocol=6 | dir=in | app=c:\users\raymond\appdata\local\temp\set8ca4.tmp |
"TCP Query User{9762A704-32E6-4382-B614-BB6AFA944392}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"TCP Query User{A6A7B0FF-8288-421C-B633-3D7B48726883}C:\users\raymond\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\raymond\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C3B20643-719E-4F92-827C-D0254C5737A4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C5B6599E-86FA-4C6A-B760-B70DA5E18F52}D:\setupassistance\fscommand\dlact.exe" = protocol=6 | dir=in | app=d:\setupassistance\fscommand\dlact.exe |
"TCP Query User{CACD28EF-4C0C-4B3B-BDF1-58EA1592010C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{EF931D30-33FE-452B-9CE4-A1C722316466}C:\users\raymond\desktop\bin\byond.exe" = protocol=6 | dir=in | app=c:\users\raymond\desktop\bin\byond.exe |
"TCP Query User{F3F7DA8F-8742-44E5-B8D9-E8F73D096354}C:\program files (x86)\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"UDP Query User{0358219C-1361-4C3C-8473-82D72AA7446A}D:\setupassistance\fscommand\dlact.exe" = protocol=17 | dir=in | app=d:\setupassistance\fscommand\dlact.exe |
"UDP Query User{1238615A-0321-4EDD-8E44-B271A6C2BB21}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{25AF1C54-4E41-4736-AEA0-5F37FB043A30}C:\users\raymond\desktop\bin\byond.exe" = protocol=17 | dir=in | app=c:\users\raymond\desktop\bin\byond.exe |
"UDP Query User{371777A1-3F0A-434A-BE02-4FD4F87DBF1E}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"UDP Query User{371F0B1B-75D9-4487-877D-92A85BBF5998}C:\users\raymond\appdata\local\temp\set8ca4.tmp" = protocol=17 | dir=in | app=c:\users\raymond\appdata\local\temp\set8ca4.tmp |
"UDP Query User{54FC3AA9-10F8-4F0D-AD75-7DA85AB53B04}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{57179C44-C232-4B56-BC49-1CBEB24008FD}C:\program files (x86)\java\jdk1.6.0_23\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_23\jre\bin\javaw.exe |
"UDP Query User{58F786D4-9400-499B-A67E-6F13C6CB6006}C:\program files (x86)\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"UDP Query User{9D7841B7-C890-4925-B20B-3FA02177AD38}C:\users\raymond\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\raymond\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BAE4A57A-D0F6-455C-8764-EC5B261C1082}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F8B13FB1-3A9F-4347-A852-CF597D800C12}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BF37E58-2346-AE28-8B9A-BEFCB27DA8F1}" = AMD Drag and Drop Transcoding
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{301DAC0A-285C-4BB1-A68E-7393673E9E69}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{30B7A7A6-D519-3332-BEB3-D105EFC7389A}" = Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
"{458707CD-9D7A-477F-B925-02242A29673B}" = Microsoft Web Platform Installer 4.5
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013
"{6B13A3F1-F66A-42FB-9E62-98952D582187}" = TortoiseSVN 1.7.11.23600 (64 bit)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{72934D7D-3379-497D-8FA4-1E28D21AFA20}" = Windows Azure Libraries for .NET – October 2012
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8748EE66-A92C-472A-805A-A86C41D22848}" = Windows Azure Authoring Tools - October 2012 Release
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E9E84FE-29DD-487B-B57D-237459B85359}" = Windows Azure Emulator - October 2012 Release
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A1D577BD-692D-4AC9-98DF-8E3C33B792E4}" = Oracle VM VirtualBox 4.1.20
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BC20D4CC-C409-42A9-A783-B3ACBD5ABE91}" = AVG 2013
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CD3E12D6-5B22-CB69-1D1C-FC484B25D9EB}" = AMD AVIVO64 Codecs
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E75776B2-EAE5-42F9-A800-0A10763DEDF0}" = Microsoft SQL Server 2012 Express LocalDB
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"AVG" = AVG 2013
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"Windows Azure Emulator - October 2012 Release" = Windows Azure Emulator - October 2012 Release
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A1A1D48-DB23-443A-BC7B-49255D138020}" = Entity Framework Designer for Visual Studio 2012 - enu
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14FE48DA-E172-4CC5-B397-92ECA4B0E088}" = STOnline
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1D3F5D17-BAD3-4D33-9F4E-AFCC44238626}" = Microsoft Visual Studio 2012 Preparation
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{23A3E3F8-91B4-4C5A-9E69-6747CF6D426B}" = Microsoft SQL Server Data Tools - enu (11.1.20905.0)
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{2517B728-76EC-4D19-A7B2-C0C5B68F8C7A}" = Windows Azure Tools for Microsoft Visual Studio 2012 - October 2012
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{286033D3-C1C2-458A-B42B-0AC9C4E62B90}" = Scid
"{291EB324-0F47-44B3-8526-A11C7C3B4D8F}" = XSplit Broadcaster
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{417A3FEE-BDB8-3CAA-819C-766E79CD2E0F}" = Microsoft Visual Studio Express 2012 for Web - ENU
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4bd1cdab-bf82-42c1-af37-e4918141913f}" = Microsoft Visual Studio Express 2012 for Web - ENU
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{503336C5-965C-415B-B535-CD42C0FD013E}" = Microsoft ASP.NET MVC 4 - Visual Studio Express 2012 for Web - ENU
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{623ABB38-F593-3706-B799-EEEC72ED96F4}" = Microsoft Visual Studio Express 2012 for Web - ENU
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{62BC36B2-F9FB-405F-94B4-F2D3A71C402D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio Express 2012 for Web - ENU
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{652CD1F7-23C6-462D-963C-60F92C3BF332}" = BB FlashBack Pro
"{67ED4F6B-BE85-410B-A60E-793CEB7D7DAD}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C97C223-520B-4282-9A41-510C5D9B3A25}" = Windows Azure Tools for Microsoft Visual Studio 2012 Core
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71a40c60-27c2-443a-b7c7-6e4f3aad1d5a}" = Microsoft ASP.NET and Web Frameworks 2012.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{74E5BE40-C54E-11E1-ABC3-F04DA23A5C58}" = Vegas Movie Studio HD 11.0
"{78AE10E1-C54E-11E1-AC47-F04DA23A5C58}" = MSVCRT Redists
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E6316CA-5ED0-4EF9-9920-A92115E286B7}" = BlueStacks Notification Center
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{899c21e3-a373-47ea-bf3f-59eeae908cdb}" = Windows Azure Tools for Microsoft Visual Studio 2012 - October 2012
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CBACD80-1E12-4F88-9E3B-7942FDE60368}" = Study Guide
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A456DFB-5404-471D-8C7B-0E2A155E999B}" = Microsoft ASP.NET Visual Studio 2012 Uninstall Finalizer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{9F15C44D-A5CE-0250-4A42-48B774571934}" = HydraVision
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA338F1C-F8E8-4FA7-A728-55489F2C688E}" = Microsoft Web Developer Tools 2012.2 - Visual Studio Express 2012 for Web
"{BAFB067B-DAF4-44E4-9D7C-5E5DEF82F074}" = ActiveWorlds
"{BCEBC40A-16A1-4CCD-A917-887749706088}" = Microsoft ASP.NET MVC 3 - Visual Studio Express 2012 for Web
"{BFE16218-BBA6-4FE3-BE07-505AA7C418C7}" = Microsoft NuGet - Visual Studio Express 2012 for Web
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C0770F76-6923-4EC4-A062-E688B99DCE40}" = Microsoft ASP.NET Visual Studio 2012 Finalizer
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C75EF0A9-F228-40E9-AA20-B832F8350A4C}" = Microsoft ASP.NET Web Pages - Visual Studio Express 2012 for Web
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2964C0D-477B-4914-B791-1D80E61E85E6}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20905.0)
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D4E348C7-FEEE-4AA4-BCF9-44EF00BDC40B}" = ActiveWorlds
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F617CEFF-8242-42AF-95BE-2545DB029A0C}" = The Sims™ 3 Pets Create A Pet Demo
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE2D627E-D7E0-46EA-93A6-8583420285FA}" = Aeria Ignite
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = „Der Herr der Ringe Online™“ v1100.0052.1373.8030
"ActiveWorlds" = ActiveWorlds
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aeria Ignite" = Aeria Ignite
"Akamai" = Akamai NetSession Interface Service
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BB FlashBack Express" = BB FlashBack Express
"BlueStacks App Player" = BlueStacks App Player
"BYOND" = BYOND
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Dell Dock" = Dell Dock
"Desura" = Desura
"Dev-C++" = Dev-C++
"Disney Toontown Online" = Disney Toontown Online
"Dyyno Broadcaster" = Dyyno Broadcaster
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps
"Giant Savings" = Giant Savings
"Git_is1" = Git version 1.8.3-preview20130601
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Open Broadcaster Software" = Open Broadcaster Software
"Origin" = Origin
"OVERGROWTH" = Overgrowth (remove only)
"PFPortChecker" = PFPortChecker 1.0.39
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Portforward Static IP Address" = Portforward Static IP Address 1.0.45
"searchcom_001" = Search.com Bar
"Soldier Front 2" = Soldier Front 2
"Splashtop Software Updater" = Splashtop Software Updater
"Steam App 204300" = Awesomenauts
"Steam App 212680" = FTL: Faster Than Light
"Steam App 218" = Source SDK Base 2007
"Steam App 220200" = Kerbal Space Program
"Steam App 239200" = Amnesia: A Machine for Pigs
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 440" = Team Fortress 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 7660" = X-COM: Apocalypse
"Steam App 7730" = X-COM: Interceptor
"Steam App 7760" = X-COM: UFO Defense
"Steam App 7770" = X-COM: Enforcer
"Steam App 9160" = Master Levels for DOOM II
"Tasty Planet - Back for Seconds" = Tasty Planet - Back for Seconds
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Vindictus" = Vindictus
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.6 (64-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BB FlashBack Pro" = BB FlashBack Pro
"c5c968b829b4973b" = Curse Client - Test
"CodeBlocks" = CodeBlocks
"GameMaker-Studio11" = GameMaker-Studio 1.1
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2013 1:32:54 AM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/31/2013 1:33:33 AM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/1/2013 1:32:52 AM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/1/2013 1:33:40 AM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/10/2013 11:50:03 PM | Computer Name = Raymond-PC | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 5.10.0.116 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1020 Start
Time: 01ce8f28389ff86c Termination Time: 396 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report
Id: 1745721a-0239-11e3-9f43-b8ac6fdcfc79

Error - 8/11/2013 8:02:42 PM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/11/2013 8:04:19 PM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/16/2013 4:01:17 PM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/16/2013 4:02:40 PM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/18/2013 2:36:46 AM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/18/2013 2:37:55 AM | Computer Name = Raymond-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Dell Events ]
Error - 11/24/2010 5:59:16 PM | Computer Name = Raymond-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/24/2010 5:59:16 PM | Computer Name = Raymond-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/16/2010 5:35:37 AM | Computer Name = Raymond-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/24/2010 6:14:06 PM | Computer Name = Raymond-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 9/17/2013 3:31:07 PM | Computer Name = Raymond-PC | Source = Service Control Manager | ID = 7001
Description = The IKE and AuthIP IPsec Keying Modules service depends on the Base
Filtering Engine service which failed to start because of the following error:
%%5

Error - 9/17/2013 3:31:07 PM | Computer Name = Raymond-PC | Source = Service Control Manager | ID = 7001
Description = The IPsec Policy Agent service depends on the Base Filtering Engine
service which failed to start because of the following error: %%5

Error - 9/17/2013 3:31:14 PM | Computer Name = Raymond-PC | Source = Service Control Manager | ID = 7001
Description = The Internet Connection Sharing (ICS) service depends on the Base
Filtering Engine service which failed to start because of the following error: %%5

Error - 9/17/2013 3:31:14 PM | Computer Name = Raymond-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/17/2013 3:55:51 PM | Computer Name = Raymond-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 9/17/2013 3:56:21 PM | Computer Name = Raymond-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 9/19/2013 5:02:37 PM | Computer Name = Raymond-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 9/21/2013 5:43:05 PM | Computer Name = Raymond-PC | Source = bowser | ID = 8003
Description =

Error - 9/22/2013 5:48:03 AM | Computer Name = Raymond-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "C63F0E8DC7E7" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 9/22/2013 5:48:03 AM | Computer Name = Raymond-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "C63F0E8DC7E7" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.


< End of report >


:thumbsup:
  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,974 posts
Hello Raymond , Welcome to Malware Removal section of the forum.

My name is SleepyDude I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Please note I'm currently in training, all my responses will be revised by my Teacher before I post so expect a slight delay between replies. On the bright side, you have two people to examine your problem!

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.

I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.

I need some time to check your logs and to discuss your problem with my Teacher, I will post back shortly...
  • 0

#3
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Copy that! Also, I have a request which may or may not be simple. Since this is a possible rootkit, and the attacker could be visiting my PC from time to time..Is it possible to catch the attackers I.P address so I can report him or her to the proper authorities? I am planning on filing a report to the FBI and other agencies where I can report them. Even though I may not hear about it, at least I would know someone has an eye on them now. If it is too much trouble to do so, I would understand. :)
  • 0

#4
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,974 posts
Hi Raymond,

Copy that! Also, I have a request which may or may not be simple. Since this is a possible rootkit, and the attacker could be visiting my PC from time to time..Is it possible to catch the attackers I.P address so I can report him or her to the proper authorities? I am planning on filing a report to the FBI and other agencies where I can report them. Even though I may not hear about it, at least I would know someone has an eye on them now. If it is too much trouble to do so, I would understand. :)

That is not something we can truly determine via the level of support we provide also in many cases it's the infected machine that connects to a control center to get updates and new orders and not the other way around.

Now I have checked your logs and I have some tasks for you to do...


Step 1 - Uninstall Programs

You have some programs installed considered Adware that I would like you to Uninstall.

Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them:
  • Giant Savings
  • Search.com Bar
  • Java™ 6 Update 31 (Outdated and vulnerable)
  • HiJackThis (Outdated)
Note:If you can't uninstall any of the programs on the list don't worry we will remove it latter just move to the next item.


Step 2 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Posted Image box at the bottom, paste in the following:
    :Commands
    [CreateRestorePoint]
    
    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2612669
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.blekk...DC&tbp=homepage
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekk...q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2612669
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files (x86)\searchcom_001\searchcom_001X.dll ()
    O3 - HKLM\..\Toolbar: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files (x86)\searchcom_001\searchcom_001X.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
    [2011/11/28 19:04:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/28 19:04:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/28 19:04:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/28 19:04:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/28 19:04:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    
    :Files
    netsh advfirewall reset /c
    netsh advfirewall set allprofiles state on /c
    C:\Program Files (x86)\searchcom_001
    C:\Program Files\Java\jre6
    
    :Commands
    [EmptyTemp]
    [Reboot]
    
  • click the Run Fix button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 3 - AdwCleaner Scan

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Right click on the Adwcleaner icon and choose Run as Administrator to execute the program
    Posted Image
  • Click the Scan button and wait for the program to finish.
  • For now click the Report button, Notepad will open please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt


Step 4 - TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    (Accept the UAC prompt to allow changes to the computer).
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file on your next post.


Things I would like to see in your next reply:
  • Any problem uninstalling the programs?
  • The OTL Fix log
  • AdwCleaner log AdwCleaner[R0].txt
  • The TDSSKiller log

  • 0

#5
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Here you go. :) OTL log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80987362-6216-49bc-98e4-77e6cf71a5d7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80987362-6216-49bc-98e4-77e6cf71a5d7}\ deleted successfully.
File C:\Program Files (x86)\searchcom_001\searchcom_001X.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{80987362-6216-49bc-98e4-77e6cf71a5d7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80987362-6216-49bc-98e4-77e6cf71a5d7}\ not found.
File C:\Program Files (x86)\searchcom_001\searchcom_001X.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
========== FILES ==========
< netsh advfirewall reset /c >
An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.
C:\Users\Raymond\Desktop\cmd.bat deleted successfully.
C:\Users\Raymond\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.
C:\Users\Raymond\Desktop\cmd.bat deleted successfully.
C:\Users\Raymond\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\searchcom_001 not found.
File\Folder C:\Program Files\Java\jre6 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Raymond
->Temp folder emptied: 6218280 bytes
->Temporary Internet Files folder emptied: 63039044 bytes
->Java cache emptied: 1125177 bytes
->FireFox cache emptied: 19344580 bytes
->Flash cache emptied: 16998 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131439099 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 82816 bytes

Total Files Cleaned = 211.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09242013_121320

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


For Adware Cleaner I clicked clean when it found these.

# AdwCleaner v3.005 - Report created 24/09/2013 at 12:21:54
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Raymond - RAYMOND-PC
# Running from : C:\Users\Raymond\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : SSUService

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Splashtop
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\Splashtop
Folder Found C:\Users\Raymond\AppData\Local\Conduit
Folder Found C:\Users\Raymond\AppData\Local\PackageAware
Folder Found C:\Users\Raymond\AppData\Local\searchcom_001
Folder Found C:\Users\Raymond\AppData\Local\Splashtop
Folder Found C:\Users\Raymond\AppData\LocalLow\Conduit
Folder Found C:\Users\Raymond\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{80987362-6216-49BC-98E4-77E6CF71A5D7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80987362-6216-49BC-98E4-77E6CF71A5D7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Splashtop Inc.
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Splashtop Inc.
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Splashtop Inc.
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v19.0 (en-US)

[ File : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\emjns1bq.default-1366000464933\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[R0].txt - [8502 octets] - [24/09/2013 12:21:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8562 octets] ##########

I have to post the TDDS log in the next post.
  • 0

#6
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Apparently the log is too long to post here. So can I attach it to a file?
  • 0

#7
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,974 posts

Apparently the log is too long to post here. So can I attach it to a file?


Yes, please.
  • 0

#8
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Here you are then. :)

Attached Files


  • 0

#9
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,974 posts
Hello Raymond,

AdwCleaner log show some adware junk we need to remove and lets do another scan...


Step 1 - AdwCleaner Remove

  • Close all open windows and browsers
  • Right click on the Posted Image icon you have on the Desktop and choose Run as Administrator to execute the program
    Posted Image
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S1].txt


Step 2 - ComboFix scan

Download ComboFix from one of the following locations:
Link 1, Link 2 or Link 3

VERY IMPORTANT!!!

  • Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with ComboFix. If you have difficulty properly disabling your security programs, refer to this link.

  • Right click on the icon Posted Image and choose Run as Administrator. Make sure all other windows are closed & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
  • click I Agree and let the program run uninterrupted
  • when finished, a log will be presented and also saved on c:\combofix.txt, post the log in your replay
Notes:
  • The scan can take from 10 min. to several hours depending if the machine is very infected
  • Do not mouse-click ComboFix's window while it is running. That may cause it to stall
  • If after running ComboFix you get errors about program's being marked for deletion, Please reboot! that will cure it


Things I would like to see in your next reply:
  • AdwCleaner log AdwCleaner[S1].txt
  • The ComboFix log
  • How is the computer running?

  • 0

#10
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
AdwCleaner found nothing so there isn't a log. However here is the Comobofix log. also

computer seems to run a bit faster. :)


ComboFix 13-09-24.02 - Raymond 09/24/2013 21:07:51.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1793 [GMT -5:00]
Running from: c:\users\Raymond\Desktop\loltrain.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\4f4f5e338be8bd6a.fb
c:\windows\SysWow64\Cache\5c54eb1a1655b076.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\a5c3badbed37d9ee.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
c:\windows\SysWow64\frapsvid.dll
.
----- File Replicators -----
.
c:\program files (x86)\Git\bin\git.exe
c:\program files (x86)\Git\libexec\git-core\git-add.exe
c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
c:\program files (x86)\Git\libexec\git-core\git-apply.exe
c:\program files (x86)\Git\libexec\git-core\git-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
c:\program files (x86)\Git\libexec\git-core\git-blame.exe
c:\program files (x86)\Git\libexec\git-core\git-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ignore.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
c:\program files (x86)\Git\libexec\git-core\git-clean.exe
c:\program files (x86)\Git\libexec\git-core\git-clone.exe
c:\program files (x86)\Git\libexec\git-core\git-column.exe
c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-commit.exe
c:\program files (x86)\Git\libexec\git-core\git-config.exe
c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-credential.exe
c:\program files (x86)\Git\libexec\git-core\git-describe.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-diff.exe
c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
c:\program files (x86)\Git\libexec\git-core\git-gc.exe
c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files (x86)\Git\libexec\git-core\git-grep.exe
c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
c:\program files (x86)\Git\libexec\git-core\git-help.exe
c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
c:\program files (x86)\Git\libexec\git-core\git-init.exe
c:\program files (x86)\Git\libexec\git-core\git-log.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge.exe
c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
c:\program files (x86)\Git\libexec\git-core\git-mv.exe
c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
c:\program files (x86)\Git\libexec\git-core\git-notes.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
c:\program files (x86)\Git\libexec\git-core\git-prune.exe
c:\program files (x86)\Git\libexec\git-core\git-push.exe
c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
c:\program files (x86)\Git\libexec\git-core\git-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-replace.exe
c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe
c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
c:\program files (x86)\Git\libexec\git-core\git-reset.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
c:\program files (x86)\Git\libexec\git-core\git-revert.exe
c:\program files (x86)\Git\libexec\git-core\git-rm.exe
c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-show.exe
c:\program files (x86)\Git\libexec\git-core\git-stage.exe
c:\program files (x86)\Git\libexec\git-core\git-status.exe
c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-var.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\10048\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\10048\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\10048\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\10048\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\10290\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\10290\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\10290\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\10290\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\12341\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\12341\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\12341\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\12341\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\13185\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\13185\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\13185\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\13185\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\13677\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\13677\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\13677\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\13677\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\153\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\153\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\153\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\153\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\18101\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\18101\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\18101\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\18101\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\18581\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\18581\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\18581\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\18581\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\20368\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\20368\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\20368\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\20368\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\23193\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\23193\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\23193\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\23193\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\23706\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\23706\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\23706\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\23706\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\24989\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\24989\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\24989\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\24989\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\25274\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\25274\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\25274\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\25274\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\27053\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\27053\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\27053\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\27053\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\27534\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\27534\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\27534\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\27534\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\28515\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\28515\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\28515\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\28515\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\28799\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\28799\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\28799\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\28799\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\29551\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\29551\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\29551\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\29551\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\30464\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\30464\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\30464\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\30464\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\3921\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\3921\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\3921\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\3921\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\6185\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\6185\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\6185\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\6185\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\6522\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\6522\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\6522\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\6522\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\7263\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\7263\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\7263\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\7263\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\9421\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\9421\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\9421\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.1\9421\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\15765\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\15765\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\15765\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\22688\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\22688\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\22688\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\23137\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\23137\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\23137\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\2523\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\2523\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\2523\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\25972\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\25972\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\25972\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\29138\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\29138\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\29138\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\7769\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\7769\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\7769\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\8926\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\8926\AdobeARMHelper.exe
c:\programdata\Adobe\ARM\Reader_10.1.4\8926\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\10048\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\10048\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\10048\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\10048\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\10290\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\10290\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\10290\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\10290\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\12341\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\12341\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\12341\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\12341\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\13185\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\13185\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\13185\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\13185\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\13677\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\13677\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\13677\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\13677\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\153\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\153\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\153\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\153\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\18101\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\18101\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\18101\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\18101\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\18581\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\18581\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\18581\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\18581\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\20368\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\20368\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\20368\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\20368\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\23193\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\23193\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\23193\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\23193\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\23706\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\23706\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\23706\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\23706\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\24989\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\24989\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\24989\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\24989\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\25274\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\25274\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\25274\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\25274\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\27053\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\27053\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\27053\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\27053\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\27534\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\27534\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\27534\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\27534\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\28515\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\28515\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\28515\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\28515\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\28799\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\28799\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\28799\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\28799\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\29551\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\29551\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\29551\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\29551\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\30464\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\30464\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\30464\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\30464\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\3921\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\3921\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\3921\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\3921\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\6185\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\6185\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\6185\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\6185\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\6522\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\6522\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\6522\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\6522\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\7263\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\7263\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\7263\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\7263\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\9421\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\9421\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.1\9421\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\15765\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\15765\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\15765\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\22688\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\22688\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\22688\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\23137\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\23137\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\23137\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\2523\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\2523\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\2523\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\25972\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\25972\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\25972\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\29138\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\29138\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\29138\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\7769\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\7769\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\7769\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\8926\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\8926\AdobeARMHelper.exe
c:\users\All Users\Adobe\ARM\Reader_10.1.4\8926\ReaderUpdater.exe
c:\windows\Installer\{0BF37E58-2346-AE28-8B9A-BEFCB27DA8F1}\ARPPRODUCTICON.exe
c:\windows\Installer\{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}\ARPPRODUCTICON.exe
c:\windows\Installer\{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}\ARPPRODUCTICON.exe
c:\windows\Installer\{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}\ARPPRODUCTICON.exe
c:\windows\Installer\{210DFA65-F805-1A2B-4F83-8E27279AE385}\ARPPRODUCTICON.exe
c:\windows\Installer\{29822CAD-C76A-0BEE-55F5-AAA524DA814F}\ARPPRODUCTICON.exe
c:\windows\Installer\{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}\ARPPRODUCTICON.exe
c:\windows\Installer\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}\ARPPRODUCTICON.exe
c:\windows\Installer\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{47416F0B-6589-591E-C6F8-4235D2230B14}\ARPPRODUCTICON.exe
c:\windows\Installer\{504184A2-1B0E-5D93-603A-517E93E7EDB3}\ARPPRODUCTICON.exe
c:\windows\Installer\{57580625-C673-7FEA-8791-E84B7AAF5069}\ARPPRODUCTICON.exe
c:\windows\Installer\{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}\ARPPRODUCTICON.exe
c:\windows\Installer\{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}\ARPPRODUCTICON.exe
c:\windows\Installer\{7F172E34-4107-8964-6AEA-5051FFD265FF}\ARPPRODUCTICON.exe
c:\windows\Installer\{86095E92-1959-8364-920E-82E81F64F8FB}\ARPPRODUCTICON.exe
c:\windows\Installer\{89D05F35-933A-89C0-B935-C92BEE4229BD}\ARPPRODUCTICON.exe
c:\windows\Installer\{8A30F0A5-0B9C-BB66-AE41-EDF2015920AD}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{8A30F0A5-0B9C-BB66-AE41-EDF2015920AD}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{8A30F0A5-0B9C-BB66-AE41-EDF2015920AD}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{8A30F0A5-0B9C-BB66-AE41-EDF2015920AD}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{959E4378-CCA1-E4E4-2425-793DA92E8D95}\ARPPRODUCTICON.exe
c:\windows\Installer\{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}\ARPPRODUCTICON.exe
c:\windows\Installer\{974F4B73-2017-E174-9070-3F58F01B341F}\ARPPRODUCTICON.exe
c:\windows\Installer\{98E20A18-3C29-86FA-50B4-918C2B34A082}\ARPPRODUCTICON.exe
c:\windows\Installer\{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}\ARPPRODUCTICON.exe
c:\windows\Installer\{AAACC0A5-4382-04D0-C75E-0669C7B949B6}\ARPPRODUCTICON.exe
c:\windows\Installer\{ACEF4078-9B86-2455-E18D-34D52D37D9D5}\ARPPRODUCTICON.exe
c:\windows\Installer\{B55FB422-B803-11F5-5582-B3666EA1B9AC}\ARPPRODUCTICON.exe
c:\windows\Installer\{B8010864-15F8-613B-20EF-AC35B14B3E0D}\ARPPRODUCTICON.exe
c:\windows\Installer\{C1342411-5A98-DE8A-5629-D0C518E1C280}\ARPPRODUCTICON.exe
c:\windows\Installer\{CD3E12D6-5B22-CB69-1D1C-FC484B25D9EB}\ARPPRODUCTICON.exe
c:\windows\Installer\{D08B4177-5160-6B66-8934-2F9012134D61}\ARPPRODUCTICON.exe
c:\windows\Installer\{D34A6029-FB1A-9EA8-A938-5393F82A3A00}\ARPPRODUCTICON.exe
c:\windows\Installer\{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}\ARPPRODUCTICON.exe
c:\windows\Installer\{F2C35491-9323-3AE7-6023-6B4128045153}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-08-25 to 2013-09-25 )))))))))))))))))))))))))))))))
.
.
2013-09-25 02:19 . 2013-09-25 02:19 -------- d-----w- c:\users\Raymond\AppData\Local\temp
2013-09-25 02:19 . 2013-09-25 02:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-25 02:19 . 2013-09-25 02:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-25 02:09 . 2013-09-25 02:09 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41B1A360-046A-42DA-BCC8-B547E558FA2F}\offreg.dll
2013-09-24 17:21 . 2013-09-25 01:53 -------- d-----w- C:\AdwCleaner
2013-09-24 17:13 . 2013-09-24 17:13 -------- d-----w- C:\_OTL
2013-09-24 09:19 . 2013-09-24 09:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-24 00:31 . 2013-09-24 00:33 -------- d-----w- c:\program files\Wireshark
2013-09-20 03:35 . 2013-09-20 03:35 3723656 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-19 03:38 . 2013-09-19 03:38 -------- dc-h--w- c:\programdata\{25E6D7F6-CF1E-44DE-A992-1BCCB8100732}
2013-09-16 08:57 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41B1A360-046A-42DA-BCC8-B547E558FA2F}\mpengine.dll
2013-09-15 07:20 . 2013-09-15 07:20 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2013-09-12 09:17 . 2013-09-12 09:17 -------- d-----w- c:\program files (x86)\BlueStacks
2013-09-12 09:16 . 2013-09-12 09:17 -------- d-----w- c:\programdata\BlueStacks
2013-09-11 02:42 . 2013-09-11 02:42 -------- d-----w- c:\users\Raymond\AppData\Roaming\OBS
2013-09-11 02:41 . 2013-09-11 02:42 -------- d-----w- c:\program files (x86)\OBS
2013-09-05 06:43 . 2013-09-05 06:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-08-27 06:22 . 2013-08-27 06:22 -------- d-----w- c:\program files (x86)\Aeria Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 03:36 . 2012-04-07 00:09 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 03:36 . 2011-06-09 17:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-15 11:18 . 2013-07-11 23:49 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-08-07 09:22 . 2010-12-09 16:45 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-20 06:51 . 2013-07-20 06:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-01 06:45 . 2013-07-01 06:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 07:46 1451680 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-09-06 1811368]
"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-15 2151776]
"Akamai NetSession Interface"="c:\users\Raymond\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-08-06 3414680]
"Facebook Update"="c:\users\Raymond\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-08-07 601928]
.
c:\users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-11-15 0]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R3 BlackBox;BlackBox SR2; [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys;c:\windows\SYSNATIVE\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys;c:\windows\SYSNATIVE\Drivers\PCASp50a64.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 uqk;uqk;c:\koramgame\STOnline\avital\wyqku64.sys;c:\koramgame\STOnline\avital\wyqku64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys;c:\windows\SYSNATIVE\DRIVERS\WN111v2w7x.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 03:36]
.
2013-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-846124840-1575257757-4093298459-1000Core.job
- c:\users\Raymond\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-02 21:17]
.
2013-09-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-846124840-1575257757-4093298459-1000UA.job
- c:\users\Raymond\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-02 21:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2010-06-01 913216]
"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2010-06-01 587584]
"DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2010-06-01 1284416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\emjns1bq.default-1366000464933\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={A896BD21-6E43-48B2-9004-0130699D5CD5}&mid=6d0a288c80a347d0a3a969e52938158a-2e02fea7cb7fc60c940d8c820a158f443230407d&lang=en&ds=AVG&pr=fr&d=2013-07-11 18:49&v=15.3.0.11&pid=safeguard&sg=0&sap=hp
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Raymond\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
SafeBoot-30655772.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-846124840-1575257757-4093298459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-846124840-1575257757-4093298459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-846124840-1575257757-4093298459-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2850E919-81C3-4258-2A56-BCB3A1A6749E}*]
"hahbmonnikefkkdf"=hex:63,62,61,68,67,67,6d,66,69,6b,6e,6f,6b,6a,6b,6d,69,68,
64,6f,63,65,6d,67,6d,62,62,6b,62,6e,66,65,6e,6f,6f,61,6c,62,00,00
"ianbgdopmgobnejjda"=hex:63,62,61,68,67,67,6d,66,69,6b,6e,6f,6b,6a,6b,6d,69,68,
64,6f,63,65,6d,67,6d,62,62,6b,62,6e,66,65,6e,6f,6f,61,6c,62,00,00
.
[HKEY_USERS\S-1-5-21-846124840-1575257757-4093298459-1000\Software\SecuROM\License information*]
"datasecu"=hex:98,53,11,28,c3,a1,65,87,d7,83,13,1e,10,05,70,74,82,af,c2,3c,7d,
05,11,49,82,45,a5,d3,09,66,ef,fb,c6,ac,ff,7b,fd,c3,e9,b1,4c,6a,6e,93,74,64,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2013-09-24 21:36:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-25 02:35
ComboFix2.txt 2011-12-23 09:28
ComboFix3.txt 2011-11-29 01:09
ComboFix4.txt 2011-11-29 00:43
.
Pre-Run: 290,663,555,072 bytes free
Post-Run: 290,537,357,312 bytes free
.
- - End Of File - - 5C9642C2DA1AA912F5D166192E4933CB
CDB4DE4BBD714F152979DA2DCBEF57EB

Edited by Down_with_malware, 24 September 2013 - 07:36 PM.

  • 0

Advertisements


#11
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,974 posts

AdwCleaner found nothing so there isn't a log.

Hi,

That is strange can you check if you have c:\AdwCleaner\AdwCleaner[S1].txt and post this log.
If the file doesn't exist please tell me the name of the files you have inside the c:\AdwCleaner folder.
  • 0

#12
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts

AdwCleaner found nothing so there isn't a log.

Hi,

That is strange can you check if you have c:\AdwCleaner\AdwCleaner[S1].txt and post this log.
If the file doesn't exist please tell me the name of the files you have inside the c:\AdwCleaner folder.


I have R0, R1, and S0. Would you like the S0 text file?
  • 0

#13
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,974 posts

I have R0, R1, and S0. Would you like the S0 text file?


Yes, please post that one.
  • 0

#14
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Here you go then. :)


# AdwCleaner v3.005 - Report created 24/09/2013 at 12:24:02
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Raymond - RAYMOND-PC
# Running from : C:\Users\Raymond\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : SSUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Splashtop
Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\Splashtop
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Raymond\AppData\Local\Conduit
Folder Deleted : C:\Users\Raymond\AppData\Local\PackageAware
Folder Deleted : C:\Users\Raymond\AppData\Local\searchcom_001
Folder Deleted : C:\Users\Raymond\AppData\Local\Splashtop
Folder Deleted : C:\Users\Raymond\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Raymond\AppData\LocalLow\PriceGong
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80987362-6216-49BC-98E4-77E6CF71A5D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{80987362-6216-49BC-98E4-77E6CF71A5D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Splashtop Inc.
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Splashtop Inc.
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v19.0 (en-US)

[ File : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\emjns1bq.default-1366000464933\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[R0].txt - [8686 octets] - [24/09/2013 12:21:54]
AdwCleaner[S0].txt - [8574 octets] - [24/09/2013 12:24:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8634 octets] ##########
  • 0

#15
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,974 posts
Hi Raymond,

Thanks for the AdwCleaner log is the one I wanted to see :thumbsup: and I have more work for you...


Step 1 - Run ComboFix Script

  • Close any open browsers and programs.
  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with ComboFix. If you have difficulty properly disabling your security programs, refer to this link.
  • Open notepad and copy/paste the text in the quotebox below into it:

    DEQUARANTINE::
    C:\Qoobox\Quarantine\C\windows\SysWow64\frapsvid.dll.vir
    QUIT::

  • Save this as CFScript.txt, in the same location as ComboFix.exe

    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • ComboFix will run a brief limited scan, after which a log will pop up (also located at C:\DeQuarantine.txt). please post the log in your next reply.

Step 2 - Upload file to Virus Scan

I need you to check if a file is infected or not...
  • Open the folder c:\windows\SysWow64 and copy the file frapsvid.dll to the Desktop
  • Visit the site www.virustotal.com
  • Click Choose File then on the File Upload window locate the file frapsvid.dll you have on the Desktop and click Open
  • If you see a pop-up with "File already analyzed" click Reanalyse and wait for the scan to finish
  • Copy the link you have on the address bar of the browser window, it should be something like this: https://www.virustotal.com/en/file/...
  • Delete the file frapsvid.dll from the Desktop


Things I would like to see in your next reply:
  • The DeQuarantine.txt log
  • The VirusTotal link for the scan result

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP