Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE Redirection and malware infected [Solved]


  • This topic is locked This topic is locked

#1
marman12

marman12

    New Member

  • Member
  • Pip
  • 5 posts
When i browse the web, sometimes when i type in an address on internet explorer, it would redirect me to a different link and my microsoft security essential would pick up malware saying it is cleaning the infection. Please help, at first i thought i typed in the wrong link but it has happened multiple times. Thank you very much





OTL logfile created on: 1/9/2013 7:40:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Harry\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.63 Gb Available Physical Memory | 80.29% Memory free
23.98 Gb Paging File | 21.60 Gb Available in Paging File | 90.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 489.07 Gb Free Space | 82.05% Space Free | Partition Type: NTFS

Computer Name: HARRY-PC | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/09 19:39:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
PRC - [2013/01/09 13:18:39 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/24 23:31:28 | 000,251,896 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/30 14:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/30 12:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2011/03/23 11:42:52 | 001,516,888 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G930\G930.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/07 09:56:52 | 000,436,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.2908\tipsclient.dll
MOD - [2012/12/26 14:11:38 | 000,088,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.2908\tipsdone.dll
MOD - [2012/12/24 23:31:20 | 000,570,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.2908\MngModule.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 12:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 13:18:40 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/24 23:31:52 | 000,505,312 | ---- | M] (PPTV) [Auto | Running] -- C:\Windows\SysWOW64\PPTVSvc.dll -- (PPTVService)
SRV - [2012/12/24 21:56:51 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/30 14:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A DF EE 34 BE E4 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.2908\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (BrowserHelper) - {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\ProgramData\PPBrowserHelper\BHO\TipsBHO.dll (TODO: <Company name>)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKCU..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - Startup: C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = C:\Program Files (x86)\Logitech\G930\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C788FF29-4637-4391-9FAA-FB81CDFAAE96}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/09 19:39:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2013/01/07 10:39:53 | 000,000,000 | ---D | C] -- C:\Users\Harry\Desktop\New folder
[2013/01/03 19:59:31 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Ventrilo
[2013/01/03 19:56:05 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2013/01/03 19:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2013/01/03 19:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/03 18:53:51 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Media Player Classic
[2013/01/03 18:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2013/01/03 18:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013/01/03 18:53:02 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Programs
[2013/01/02 22:34:02 | 000,000,000 | ---D | C] -- C:\Users\Harry\Desktop\Anime
[2013/01/02 22:32:29 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\FileZilla
[2013/01/02 22:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013/01/02 22:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012/12/25 01:55:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/12/25 01:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/12/25 01:55:18 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/12/25 01:55:18 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/12/25 01:55:18 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/12/25 01:55:18 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/12/25 01:55:18 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/12/25 01:55:17 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012/12/25 01:55:17 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012/12/25 01:55:17 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012/12/25 01:55:17 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012/12/25 01:55:16 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/12/25 01:55:16 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/12/25 01:55:16 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/12/25 01:55:16 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/12/25 01:55:16 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/12/25 01:55:16 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/12/25 01:55:16 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/12/25 01:55:16 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/12/25 01:55:16 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/12/25 01:55:16 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/12/25 01:55:16 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/12/25 01:55:15 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/12/25 01:55:15 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/12/25 01:55:15 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012/12/25 01:55:15 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012/12/25 01:55:15 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012/12/25 01:55:15 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/12/25 01:55:15 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/12/25 01:55:15 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/12/25 01:55:13 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/12/25 01:55:13 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/12/25 01:55:13 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/12/25 01:55:13 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/12/25 01:55:13 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/12/25 01:55:13 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/12/25 01:55:13 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/12/25 01:55:13 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012/12/25 01:55:13 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012/12/25 01:55:13 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/12/25 01:55:13 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012/12/25 01:55:13 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/12/25 01:55:13 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/12/25 01:55:13 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/12/25 01:55:13 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/12/25 01:55:13 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/12/25 01:55:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/12/25 01:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/12/25 01:55:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/12/25 01:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/12/24 23:31:52 | 000,505,312 | ---- | C] (PPTV) -- C:\Windows\SysWow64\PPTVSvc.dll
[2012/12/24 23:31:50 | 000,399,968 | ---- | C] (PPLive Corporation) -- C:\Windows\SysWow64\PPTVLauncher.exe
[2012/12/24 21:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/12/24 21:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/12/24 21:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/12/23 23:02:05 | 000,000,000 | ---D | C] -- C:\Users\Harry\Desktop\My books
[2012/12/22 22:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PPBrowserHelper
[2012/12/16 13:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/12/16 13:24:02 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Leadertech
[2012/12/16 13:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/12/16 13:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/12/16 13:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012/12/16 13:22:54 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Downloaded Installations
[2012/12/16 13:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012/12/15 00:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/12/15 00:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/12/15 00:46:38 | 123,231,216 | ---- | C] (Blizzard Entertainment) -- C:\Users\Harry\Desktop\World-of-Warcraft-Setup-enUS.exe

========== Files - Modified Within 30 Days ==========

[2013/01/09 19:39:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2013/01/09 19:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/09 12:53:06 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 12:53:06 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 12:50:01 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 12:50:01 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 12:50:01 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 12:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/09 12:45:34 | 1066,803,198 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/03 19:56:06 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/01/03 19:56:05 | 000,000,917 | ---- | M] () -- C:\Users\Harry\Desktop\Ventrilo.lnk
[2013/01/02 22:32:27 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/01/02 16:44:45 | 000,001,120 | ---- | M] () -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/12/31 20:43:41 | 000,046,364 | ---- | M] () -- C:\Users\Harry\Desktop\Disney_Busted.jpg
[2012/12/31 20:42:51 | 000,029,884 | ---- | M] () -- C:\Users\Harry\Desktop\donald_008.jpg
[2012/12/25 10:11:43 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\PPTV Online Video.lnk
[2012/12/24 23:31:52 | 000,505,312 | ---- | M] (PPTV) -- C:\Windows\SysWow64\PPTVSvc.dll
[2012/12/24 23:31:50 | 000,399,968 | ---- | M] (PPLive Corporation) -- C:\Windows\SysWow64\PPTVLauncher.exe
[2012/12/24 23:31:42 | 002,585,056 | ---- | M] () -- C:\Windows\SysNative\kindling.dll
[2012/12/24 23:31:42 | 002,299,360 | ---- | M] () -- C:\Windows\SysWow64\kindling.dll
[2012/12/24 21:54:23 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/12/20 23:45:07 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/15 00:53:32 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/12/15 00:52:41 | 123,231,216 | ---- | M] (Blizzard Entertainment) -- C:\Users\Harry\Desktop\World-of-Warcraft-Setup-enUS.exe

========== Files Created - No Company Name ==========

[2013/01/03 19:56:05 | 000,000,917 | ---- | C] () -- C:\Users\Harry\Desktop\Ventrilo.lnk
[2013/01/03 19:56:02 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/01/02 22:32:27 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/01/02 16:44:45 | 000,001,120 | ---- | C] () -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/12/31 20:42:16 | 000,029,884 | ---- | C] () -- C:\Users\Harry\Desktop\donald_008.jpg
[2012/12/31 20:36:09 | 000,046,364 | ---- | C] () -- C:\Users\Harry\Desktop\Disney_Busted.jpg
[2012/12/25 01:55:16 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012/12/24 23:31:42 | 002,585,056 | ---- | C] () -- C:\Windows\SysNative\kindling.dll
[2012/12/24 23:31:42 | 002,299,360 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll
[2012/12/24 21:54:23 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/12/15 00:53:25 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/08/23 23:09:35 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/25 22:10:56 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\acccore
[2013/01/07 02:42:42 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\FileZilla
[2013/01/05 03:08:22 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\KuGou7
[2012/12/16 13:24:02 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Leadertech
[2012/11/01 18:57:31 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PPLive

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/12/30 23:00:55 | 000,001,719 | ---- | M] ()(C:\Users\Harry\Desktop\PP????.lnk) -- C:\Users\Harry\Desktop\PP年度必看.lnk
[2012/11/01 18:45:26 | 000,001,719 | ---- | C] ()(C:\Users\Harry\Desktop\PP????.lnk) -- C:\Users\Harry\Desktop\PP年度必看.lnk

< End of report >







OTL Extras logfile created on: 1/9/2013 7:40:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Harry\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.63 Gb Available Physical Memory | 80.29% Memory free
23.98 Gb Paging File | 21.60 Gb Available in Paging File | 90.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 489.07 Gb Free Space | 82.05% Space Free | Partition Type: NTFS

Computer Name: HARRY-PC | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014A7A67-F791-4921-A3D1-D2EF4BE184DE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{09DC6123-7281-48FD-B867-4F0E6377852A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C03FC99-A3F8-44C4-8B2D-20C2C78DD700}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{119BA825-C54D-49B5-A9ED-F2296561291D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14EA3534-CEAC-49DE-B098-BE546C03A571}" = lport=137 | protocol=17 | dir=in | app=system |
"{24A5C394-19D3-44C5-AADF-A5DF376DF1E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{2EB238B6-CC0A-4C50-AAD3-3EC97E8476F4}" = lport=138 | protocol=17 | dir=in | app=system |
"{33E8DFF7-4F16-4652-98B0-9E795CB892DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C8AE693-CF62-4BCE-BC41-2F1E0C7488AC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43CC289A-2F61-4E3D-9D2C-1BBB13120693}" = rport=138 | protocol=17 | dir=out | app=system |
"{65F489B7-B2ED-4C30-A9F8-8E5106FBC272}" = rport=137 | protocol=17 | dir=out | app=system |
"{74F3F4E9-55BA-4B28-ABA8-B0658365BD28}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F101281-661F-408B-A99A-00B9B35A9E93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80593FEA-B656-48D3-81DD-A81F534E1E0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90C1B1A5-065C-40DE-9C12-95A8FB5F607E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{925C60E7-5E5D-4009-8123-170A6DE754A8}" = lport=139 | protocol=6 | dir=in | app=system |
"{96E43B24-11A6-4E8C-8E2C-44A9F92439B2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9E3A8030-998C-448B-9E04-E3747C82AD6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AC385187-FB3A-4102-B041-A9254B47CD54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B5A4DE6A-D75D-4404-A0A0-FB2FAF8E1052}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB69285E-8CC2-4A7F-98A2-695C3ADB2233}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BD84294D-B9ED-486F-8815-81CF9E7B18E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C73F7C9F-2495-46C1-A908-9DD3464A80CF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E21F99A9-360D-4748-9E71-7ACEE2A9E19B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEC3592D-E82C-4765-B8DF-4773B8DF8E9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD6DEB88-4DB6-444B-A8EE-EFB89B004CEB}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FFA784-4104-4587-8081-0F15C0257BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{03404352-A0E3-4FB3-AE98-46985506A716}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0944A650-95D3-496E-A3C9-5E32235196AE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D018E28-3D56-41E2-9739-3A458135F3EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D6EAA6F-2603-4A79-AB4E-12F66CD79BC2}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0EED199A-51DA-48E5-856C-44443B794755}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\ppliveu.exe |
"{134072B7-D09C-43AD-9543-75A816B7390C}" = dir=in | app=c:\users\harry\appdata\local\microsoft\skydrive\skydrive.exe |
"{157A0186-D0E6-4E86-BEF8-969F85954E77}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1F3D0A91-BD0D-41EE-A94A-DE81A044B540}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1F7C962F-8A00-40B9-8B4A-0E7EE5EEC500}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{210E0E6B-5182-4749-A105-09FA568B712B}" = protocol=58 | dir=in | [email protected],-28545 |
"{28DEC3B6-E4FC-414C-983D-910036FA0D42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2AEC411C-BC54-49D7-946B-01852DE340AE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{320BB8A4-A4B8-4720-96A9-3C505E4359D3}" = protocol=1 | dir=in | [email protected],-28543 |
"{3524B5BC-2D90-49DC-9B38-6F974C143B89}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2542\plugininstaller.exe |
"{3B8D5F55-61DA-4F6C-8A46-61C21DD89432}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C1C559D-AD00-468A-9C72-9109B927E8DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FB74856-147C-4ED1-9966-EDA4DFCDDA1A}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2542\plugininstaller.exe |
"{4076A524-C87E-4805-BE73-834A49875C2D}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4316C718-916A-4AF6-9B5E-D317AA5FFA83}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{43B6873E-488D-41EF-8AA6-8030B7B76CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2906\plugininstaller.exe |
"{44812B3C-B6ED-48E3-B0ED-ED058F01FC5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{511B410B-BF6E-498E-8A96-DCF136643F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\repairsetup.exe |
"{5495ACDA-8020-4732-A174-0864ADEB6B45}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{55D3090F-03DE-420E-878D-5FA758AD92C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{598BF4D8-6116-4073-BE3E-707ABB54E67F}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"{5A6697CB-3A5B-4F78-9A8D-99654D955B66}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5BC87EF1-C8E3-4AF0-B8F0-4A5483D2B6DE}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2908\plugininstaller.exe |
"{637EAAD7-98B8-41DC-A2EF-3F943F18713D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{65611E19-2952-40C6-A724-EB26DDCEAC2C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{660469CE-481B-46A6-BEF7-C5801BDE5F97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66A8A180-FA7B-4E52-96B5-41EB35E3C187}" = protocol=17 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{702B888A-D7C1-436A-88CF-D8150B70DEAE}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2906\plugininstaller.exe |
"{72C566DF-CB2E-4B29-A8C7-254D70F8972D}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\ppliveu.exe |
"{76013234-7AA2-468F-BEB9-1AFD898385F1}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\crashreporter.exe |
"{778CA3FD-29D0-4E57-9617-B322140892F4}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{79DB47F5-F872-444B-8183-FBC49093DD35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82E93230-6399-4D63-840B-F2AC2FBA972E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{856C64C9-0189-4E4A-9676-3FB572F74971}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8675BC5D-0C07-4E3D-9619-BDDBAF8F38FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89597ACC-239A-4F1A-A212-124A555A20C8}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2908\plugininstaller.exe |
"{8993A924-12AE-4E32-B985-F2BDC2C8371B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8D4E1E39-EB82-4F40-B8A3-7EBAE981BE8A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9175360A-F7BE-4E10-B513-1102D01BCD2C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{918E1621-C90B-4571-ACEE-3D7F2E629612}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{92FA7003-CA51-465A-8BEB-43969E3718A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{973994DB-B689-4B87-AF26-91B53202B842}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"{9FFB7472-2943-4F5C-9D37-6A92C94E5711}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A7A2E9C6-ACE7-4731-9E81-CD35F4213C75}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\repairsetup.exe |
"{AE5E652B-C454-4EF8-BD5F-DDD90750E48C}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\crashreporter.exe |
"{BE7788F9-D01C-457E-85A3-734D66F727B8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{C2ABCC59-834B-4010-984D-4AD8DDE96EF5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{C89BF4DA-B615-4146-983B-1F22B95F04B2}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"{CE7733ED-48BA-4901-B14D-65A027D688E6}" = protocol=1 | dir=out | [email protected],-28544 |
"{D1C90578-54D3-437E-90E1-8B6B59362EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D40CA211-8427-4FCD-A1C1-22EDAEF3DC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D53FB2A9-8B18-4F97-8F44-D01E268B212B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"{D58CFF8E-488B-4A06-9124-93583B9E63FB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{D86F4164-9641-469A-AA56-EDE227FABF71}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1C44436-3329-40CA-99AA-C2B27B66AD8A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{E27011AA-38CD-4836-8AA4-0ECBA23164A3}" = protocol=6 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{E72F4243-82B0-4FFD-BF87-09BA629B50ED}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EAE97616-614F-49DE-91E8-D2E6F1BDD115}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{EB9E8D4C-5EB0-48B2-B731-D5485DEF8C71}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{EE2DBDFA-AD7C-439F-BF1D-0D579A835DCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7D6930D-1407-4148-A28B-61B131EED23E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FAD7CDDA-DF6C-4A90-ACE5-463C8C280C07}" = protocol=6 | dir=out | app=system |
"TCP Query User{3F32C3A0-3F47-44D8-BB00-A95605C01B36}C:\program files (x86)\pplive\pptv\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"TCP Query User{D0FD546B-8774-45AB-806A-B7047A772C8A}C:\program files (x86)\kugou2012\kugou.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"TCP Query User{F5DC0159-95A2-4F35-9D31-B6700F382AB9}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{FF0F0F34-B227-4152-9BA7-AB619324DF67}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{3D3BD28F-2C66-41CD-9C3C-960A4DC833D9}C:\program files (x86)\pplive\pptv\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"UDP Query User{887D0163-989B-45AB-9633-000D7A0A5B80}C:\program files (x86)\kugou2012\kugou.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"UDP Query User{B3C2815B-61A6-4D26-A980-F689267D4755}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{B5414D7B-45E8-470A-BF40-0FE9587C374C}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91C4D79C-3579-48E8-ADFA-8818042AEB73}" = Logitech G930
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"¿á¹·̉ôÀÖ2012_is1" = ¿á¹·̉ôÀÖ2012
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_7" = AIM 7
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2012-12-30
"Diablo III" = Diablo III
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.6.0.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PPLive" = PPTV V3.3.0.0061
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2013 10:44:00 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 1/8/2013 10:44:00 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 1/8/2013 10:44:00 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 1/8/2013 10:44:00 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1/8/2013 10:44:00 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 1/8/2013 10:44:00 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 1/8/2013 10:45:26 AM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/8/2013 1:13:37 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/8/2013 7:49:00 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2013 1:47:25 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/8/2013 7:47:09 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 7 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/8/2013 7:47:09 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/9/2013 1:45:34 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/9/2013 1:45:34 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 4 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/9/2013 1:45:34 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 6 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/9/2013 1:45:34 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 2 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/9/2013 1:45:34 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 5 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/9/2013 1:45:34 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/9/2013 1:45:34 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 7 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/9/2013 1:45:34 PM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.


< End of report >
  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Throughout our interactions I will be using canned speeches. These are premade speeches for different scenarios we will encounter. If you find errors like bad links in my canned speeches please let me know so I can fix them.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

Step 1

The first step is to get a special OTL log by doing the following. Then we can begin disinfection. Please do the following:

  • Download OTL from here
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    WSHELPER.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic.

Step 2

The next step is to run aswMBR to look for infections prevalent these days.

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
OTL.txt
aswMBR log

  • 0

#3
marman12

marman12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi, thank you for responding to my post, I hadn't realized i received a response until today. On another note regarding the computer, before i've read your reply I did a system restore to a previous date in trying to fix the problem. Also as for the MBR scan, since you did not specific what type of scan, it was defaulted as a quick scan and used that for the scan. Below are the logs that you request, thank you once again.






OTL Extras logfile created on: 1/12/2013 1:24:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Harry\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 10.24 Gb Available Physical Memory | 85.37% Memory free
23.98 Gb Paging File | 22.07 Gb Available in Paging File | 92.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 487.60 Gb Free Space | 81.80% Space Free | Partition Type: NTFS

Computer Name: HARRY-PC | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014A7A67-F791-4921-A3D1-D2EF4BE184DE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{09DC6123-7281-48FD-B867-4F0E6377852A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C03FC99-A3F8-44C4-8B2D-20C2C78DD700}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{119BA825-C54D-49B5-A9ED-F2296561291D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14EA3534-CEAC-49DE-B098-BE546C03A571}" = lport=137 | protocol=17 | dir=in | app=system |
"{24A5C394-19D3-44C5-AADF-A5DF376DF1E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{2EB238B6-CC0A-4C50-AAD3-3EC97E8476F4}" = lport=138 | protocol=17 | dir=in | app=system |
"{33E8DFF7-4F16-4652-98B0-9E795CB892DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C8AE693-CF62-4BCE-BC41-2F1E0C7488AC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43CC289A-2F61-4E3D-9D2C-1BBB13120693}" = rport=138 | protocol=17 | dir=out | app=system |
"{65F489B7-B2ED-4C30-A9F8-8E5106FBC272}" = rport=137 | protocol=17 | dir=out | app=system |
"{74F3F4E9-55BA-4B28-ABA8-B0658365BD28}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F101281-661F-408B-A99A-00B9B35A9E93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80593FEA-B656-48D3-81DD-A81F534E1E0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90C1B1A5-065C-40DE-9C12-95A8FB5F607E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{925C60E7-5E5D-4009-8123-170A6DE754A8}" = lport=139 | protocol=6 | dir=in | app=system |
"{96E43B24-11A6-4E8C-8E2C-44A9F92439B2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9E3A8030-998C-448B-9E04-E3747C82AD6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AC385187-FB3A-4102-B041-A9254B47CD54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B5A4DE6A-D75D-4404-A0A0-FB2FAF8E1052}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB69285E-8CC2-4A7F-98A2-695C3ADB2233}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BD84294D-B9ED-486F-8815-81CF9E7B18E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C73F7C9F-2495-46C1-A908-9DD3464A80CF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E21F99A9-360D-4748-9E71-7ACEE2A9E19B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEC3592D-E82C-4765-B8DF-4773B8DF8E9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD6DEB88-4DB6-444B-A8EE-EFB89B004CEB}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FFA784-4104-4587-8081-0F15C0257BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{03404352-A0E3-4FB3-AE98-46985506A716}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0944A650-95D3-496E-A3C9-5E32235196AE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D018E28-3D56-41E2-9739-3A458135F3EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D6EAA6F-2603-4A79-AB4E-12F66CD79BC2}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0EED199A-51DA-48E5-856C-44443B794755}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\ppliveu.exe |
"{134072B7-D09C-43AD-9543-75A816B7390C}" = dir=in | app=c:\users\harry\appdata\local\microsoft\skydrive\skydrive.exe |
"{157A0186-D0E6-4E86-BEF8-969F85954E77}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1F3D0A91-BD0D-41EE-A94A-DE81A044B540}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1F7C962F-8A00-40B9-8B4A-0E7EE5EEC500}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{210E0E6B-5182-4749-A105-09FA568B712B}" = protocol=58 | dir=in | [email protected],-28545 |
"{28DEC3B6-E4FC-414C-983D-910036FA0D42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2AEC411C-BC54-49D7-946B-01852DE340AE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{320BB8A4-A4B8-4720-96A9-3C505E4359D3}" = protocol=1 | dir=in | [email protected],-28543 |
"{3524B5BC-2D90-49DC-9B38-6F974C143B89}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2542\plugininstaller.exe |
"{3B8D5F55-61DA-4F6C-8A46-61C21DD89432}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C1C559D-AD00-468A-9C72-9109B927E8DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FB74856-147C-4ED1-9966-EDA4DFCDDA1A}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2542\plugininstaller.exe |
"{4076A524-C87E-4805-BE73-834A49875C2D}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4316C718-916A-4AF6-9B5E-D317AA5FFA83}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{43B6873E-488D-41EF-8AA6-8030B7B76CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2906\plugininstaller.exe |
"{44812B3C-B6ED-48E3-B0ED-ED058F01FC5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{511B410B-BF6E-498E-8A96-DCF136643F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\repairsetup.exe |
"{5495ACDA-8020-4732-A174-0864ADEB6B45}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{55D3090F-03DE-420E-878D-5FA758AD92C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{598BF4D8-6116-4073-BE3E-707ABB54E67F}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"{5A6697CB-3A5B-4F78-9A8D-99654D955B66}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5BC87EF1-C8E3-4AF0-B8F0-4A5483D2B6DE}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2908\plugininstaller.exe |
"{637EAAD7-98B8-41DC-A2EF-3F943F18713D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{65611E19-2952-40C6-A724-EB26DDCEAC2C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{660469CE-481B-46A6-BEF7-C5801BDE5F97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66A8A180-FA7B-4E52-96B5-41EB35E3C187}" = protocol=17 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{702B888A-D7C1-436A-88CF-D8150B70DEAE}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2906\plugininstaller.exe |
"{72C566DF-CB2E-4B29-A8C7-254D70F8972D}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\ppliveu.exe |
"{76013234-7AA2-468F-BEB9-1AFD898385F1}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\crashreporter.exe |
"{778CA3FD-29D0-4E57-9617-B322140892F4}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{79DB47F5-F872-444B-8183-FBC49093DD35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82E93230-6399-4D63-840B-F2AC2FBA972E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{856C64C9-0189-4E4A-9676-3FB572F74971}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8675BC5D-0C07-4E3D-9619-BDDBAF8F38FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89597ACC-239A-4F1A-A212-124A555A20C8}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2908\plugininstaller.exe |
"{8993A924-12AE-4E32-B985-F2BDC2C8371B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8D4E1E39-EB82-4F40-B8A3-7EBAE981BE8A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9175360A-F7BE-4E10-B513-1102D01BCD2C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{918E1621-C90B-4571-ACEE-3D7F2E629612}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{92FA7003-CA51-465A-8BEB-43969E3718A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{973994DB-B689-4B87-AF26-91B53202B842}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"{9FFB7472-2943-4F5C-9D37-6A92C94E5711}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A7A2E9C6-ACE7-4731-9E81-CD35F4213C75}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\repairsetup.exe |
"{AE5E652B-C454-4EF8-BD5F-DDD90750E48C}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\crashreporter.exe |
"{BE7788F9-D01C-457E-85A3-734D66F727B8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{C2ABCC59-834B-4010-984D-4AD8DDE96EF5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{C89BF4DA-B615-4146-983B-1F22B95F04B2}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"{CE7733ED-48BA-4901-B14D-65A027D688E6}" = protocol=1 | dir=out | [email protected],-28544 |
"{D1C90578-54D3-437E-90E1-8B6B59362EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D40CA211-8427-4FCD-A1C1-22EDAEF3DC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D53FB2A9-8B18-4F97-8F44-D01E268B212B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"{D58CFF8E-488B-4A06-9124-93583B9E63FB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{D86F4164-9641-469A-AA56-EDE227FABF71}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1C44436-3329-40CA-99AA-C2B27B66AD8A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{E27011AA-38CD-4836-8AA4-0ECBA23164A3}" = protocol=6 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{E72F4243-82B0-4FFD-BF87-09BA629B50ED}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EAE97616-614F-49DE-91E8-D2E6F1BDD115}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{EB9E8D4C-5EB0-48B2-B731-D5485DEF8C71}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{EE2DBDFA-AD7C-439F-BF1D-0D579A835DCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7D6930D-1407-4148-A28B-61B131EED23E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FAD7CDDA-DF6C-4A90-ACE5-463C8C280C07}" = protocol=6 | dir=out | app=system |
"TCP Query User{3F32C3A0-3F47-44D8-BB00-A95605C01B36}C:\program files (x86)\pplive\pptv\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"TCP Query User{D0FD546B-8774-45AB-806A-B7047A772C8A}C:\program files (x86)\kugou2012\kugou.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"TCP Query User{F5DC0159-95A2-4F35-9D31-B6700F382AB9}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{FF0F0F34-B227-4152-9BA7-AB619324DF67}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{3D3BD28F-2C66-41CD-9C3C-960A4DC833D9}C:\program files (x86)\pplive\pptv\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"UDP Query User{887D0163-989B-45AB-9633-000D7A0A5B80}C:\program files (x86)\kugou2012\kugou.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"UDP Query User{B3C2815B-61A6-4D26-A980-F689267D4755}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{B5414D7B-45E8-470A-BF40-0FE9587C374C}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91C4D79C-3579-48E8-ADFA-8818042AEB73}" = Logitech G930
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"¿á¹·̉ôÀÖ2012_is1" = ¿á¹·̉ôÀÖ2012
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_7" = AIM 7
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2012-12-30
"Diablo III" = Diablo III
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.6.0.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PPLive" = PPTV V3.3.0.0061
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3499646766-3053666113-3188202255-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3499646766-3053666113-3188202255-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2013 12:05:48 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 1/12/2013 12:05:48 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 1/12/2013 12:05:48 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 1/12/2013 12:05:48 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 1/12/2013 12:05:49 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 1/12/2013 12:05:49 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1/12/2013 12:05:49 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 1/12/2013 12:05:49 AM | Computer Name = Harry-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 1/12/2013 12:07:11 AM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/12/2013 2:01:21 AM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/12/2013 12:05:49 AM | Computer Name = Harry-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 1/12/2013 12:05:49 AM | Computer Name = Harry-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 1/12/2013 1:59:30 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/12/2013 1:59:30 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 2 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/12/2013 1:59:30 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 4 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/12/2013 1:59:30 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 6 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/12/2013 1:59:30 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/12/2013 1:59:30 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 5 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/12/2013 1:59:30 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 7 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 1/12/2013 1:59:30 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.


< End of report >







aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-12 01:30:20
-----------------------------
01:30:20.539 OS Version: Windows x64 6.1.7601 Service Pack 1
01:30:20.539 Number of processors: 8 586 0x1A05
01:30:20.540 ComputerName: HARRY-PC UserName: Harry
01:30:21.706 Initialize success
01:32:36.767 AVAST engine defs: 13011101
01:33:25.632 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
01:33:25.633 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
01:33:25.639 Disk 0 MBR read successfully
01:33:25.641 Disk 0 MBR scan
01:33:25.644 Disk 0 Windows 7 default MBR code
01:33:25.648 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:33:25.680 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 610378 MB offset 206848
01:33:25.731 Disk 0 scanning C:\Windows\system32\drivers
01:33:34.101 Service scanning
01:33:54.087 Modules scanning
01:33:54.091 Disk 0 trace - called modules:
01:33:54.104 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:33:54.107 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800b3a9790]
01:33:54.441 3 CLASSPNP.SYS[fffff8800199a43f] -> nt!IofCallDriver -> [0xfffffa800b1799b0]
01:33:54.444 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa800b182060]
01:33:55.817 AVAST engine scan C:\Windows
01:33:58.324 AVAST engine scan C:\Windows\system32
01:36:52.479 AVAST engine scan C:\Windows\system32\drivers
01:37:03.563 AVAST engine scan C:\Users\Harry
01:37:47.829 Disk 0 MBR has been saved successfully to "C:\Users\Harry\Desktop\MBR.dat"
01:37:47.877 The log file has been saved successfully to "C:\Users\Harry\Desktop\aswMBR.txt"
  • 0

#4
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
For OTL it appears you have copied the wrong log. We need the OTL.txt generated from the custom scan I instructed you to do. It will be in the same directory as OTL. It should say:

OTL logfile created on: 1/11/2013 *time* - Run 2

at the very beginning. Let me know if you have any questions.
  • 0

#5
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Also please try using Firefox and see if you get redirects in Firefox as well.
  • 0

#6
marman12

marman12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I think this is the log that you requested. As for the redirection, I haven't gotten one since i system restored my computer back so maybe it is gone?





OTL logfile created on: 1/12/2013 6:51:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Harry\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.84 Gb Available Physical Memory | 82.10% Memory free
23.98 Gb Paging File | 21.62 Gb Available in Paging File | 90.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 491.46 Gb Free Space | 82.45% Space Free | Partition Type: NTFS

Computer Name: HARRY-PC | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/12 01:22:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
PRC - [2013/01/09 20:21:34 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/24 23:31:28 | 000,251,896 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/30 14:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/03/23 11:42:52 | 001,516,888 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G930\G930.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/09 19:52:55 | 000,436,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.2908\tipsclient.dll
MOD - [2012/12/26 14:11:38 | 000,088,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.2908\tipsdone.dll
MOD - [2012/12/24 23:31:20 | 000,570,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.2908\MngModule.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 20:21:37 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/24 23:31:52 | 000,505,312 | ---- | M] (PPTV) [Auto | Running] -- C:\Windows\SysWOW64\PPTVSvc.dll -- (PPTVService)
SRV - [2012/12/24 21:56:51 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/30 14:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A DF EE 34 BE E4 CD 01 [binary data]
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 9C 4D 3E 38 DF CD 01 [binary data]
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.2908\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (BrowserHelper) - {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\ProgramData\PPBrowserHelper\BHO\TipsBHO.dll (TODO: <Company name>)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3499646766-3053666113-3188202255-1001..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3499646766-3053666113-3188202255-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = C:\Program Files (x86)\Logitech\G930\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C788FF29-4637-4391-9FAA-FB81CDFAAE96}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/12 01:29:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Harry\Desktop\aswMBR.exe
[2013/01/12 01:22:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2013/01/03 19:59:31 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Ventrilo
[2013/01/03 19:56:05 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2013/01/03 19:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2013/01/03 19:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/03 18:53:51 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Media Player Classic
[2013/01/03 18:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2013/01/03 18:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013/01/03 18:53:02 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Programs
[2013/01/02 22:34:02 | 000,000,000 | ---D | C] -- C:\Users\Harry\Desktop\Anime
[2013/01/02 22:32:29 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\FileZilla
[2013/01/02 22:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013/01/02 22:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012/12/25 01:55:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/12/25 01:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/12/25 01:55:18 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/12/25 01:55:18 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/12/25 01:55:18 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/12/25 01:55:18 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/12/25 01:55:18 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/12/25 01:55:17 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012/12/25 01:55:17 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012/12/25 01:55:17 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012/12/25 01:55:17 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012/12/25 01:55:16 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/12/25 01:55:16 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/12/25 01:55:16 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/12/25 01:55:16 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/12/25 01:55:16 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/12/25 01:55:16 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/12/25 01:55:16 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/12/25 01:55:16 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/12/25 01:55:16 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/12/25 01:55:16 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/12/25 01:55:16 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/12/25 01:55:15 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/12/25 01:55:15 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/12/25 01:55:15 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012/12/25 01:55:15 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012/12/25 01:55:15 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012/12/25 01:55:15 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/12/25 01:55:15 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/12/25 01:55:15 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/12/25 01:55:13 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/12/25 01:55:13 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/12/25 01:55:13 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/12/25 01:55:13 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/12/25 01:55:13 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/12/25 01:55:13 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/12/25 01:55:13 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/12/25 01:55:13 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012/12/25 01:55:13 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012/12/25 01:55:13 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/12/25 01:55:13 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012/12/25 01:55:13 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/12/25 01:55:13 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/12/25 01:55:13 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/12/25 01:55:13 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/12/25 01:55:13 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/12/25 01:55:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/12/25 01:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/12/25 01:55:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/12/25 01:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/12/24 23:31:52 | 000,505,312 | ---- | C] (PPTV) -- C:\Windows\SysWow64\PPTVSvc.dll
[2012/12/24 23:31:50 | 000,399,968 | ---- | C] (PPLive Corporation) -- C:\Windows\SysWow64\PPTVLauncher.exe
[2012/12/24 21:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/12/24 21:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/12/24 21:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/12/23 23:02:05 | 000,000,000 | ---D | C] -- C:\Users\Harry\Desktop\My books
[2012/12/22 22:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PPBrowserHelper
[2012/12/16 13:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/12/16 13:24:02 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Leadertech
[2012/12/16 13:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/12/16 13:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/12/16 13:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012/12/16 13:22:54 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Downloaded Installations
[2012/12/16 13:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012/12/15 00:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/12/15 00:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/12/15 00:46:38 | 123,231,216 | ---- | C] (Blizzard Entertainment) -- C:\Users\Harry\Desktop\World-of-Warcraft-Setup-enUS.exe

========== Files - Modified Within 30 Days ==========

[2013/01/12 18:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/12 14:11:42 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/12 14:11:42 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/12 14:10:17 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/12 14:10:17 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/12 14:10:17 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/12 14:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/12 14:04:23 | 1066,803,198 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/12 01:37:47 | 000,000,512 | ---- | M] () -- C:\Users\Harry\Desktop\MBR.dat
[2013/01/12 01:30:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Harry\Desktop\aswMBR.exe
[2013/01/12 01:22:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2013/01/10 12:51:17 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/03 19:56:06 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/01/03 19:56:05 | 000,000,917 | ---- | M] () -- C:\Users\Harry\Desktop\Ventrilo.lnk
[2013/01/02 22:32:27 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/01/02 16:44:45 | 000,001,120 | ---- | M] () -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/12/31 20:43:41 | 000,046,364 | ---- | M] () -- C:\Users\Harry\Desktop\Disney_Busted.jpg
[2012/12/31 20:42:51 | 000,029,884 | ---- | M] () -- C:\Users\Harry\Desktop\donald_008.jpg
[2012/12/25 10:11:43 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\PPTV Online Video.lnk
[2012/12/24 23:31:52 | 000,505,312 | ---- | M] (PPTV) -- C:\Windows\SysWow64\PPTVSvc.dll
[2012/12/24 23:31:50 | 000,399,968 | ---- | M] (PPLive Corporation) -- C:\Windows\SysWow64\PPTVLauncher.exe
[2012/12/24 23:31:42 | 002,585,056 | ---- | M] () -- C:\Windows\SysNative\kindling.dll
[2012/12/24 23:31:42 | 002,299,360 | ---- | M] () -- C:\Windows\SysWow64\kindling.dll
[2012/12/24 21:54:23 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/12/15 00:53:32 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/12/15 00:52:41 | 123,231,216 | ---- | M] (Blizzard Entertainment) -- C:\Users\Harry\Desktop\World-of-Warcraft-Setup-enUS.exe

========== Files Created - No Company Name ==========

[2013/01/12 01:37:47 | 000,000,512 | ---- | C] () -- C:\Users\Harry\Desktop\MBR.dat
[2013/01/03 19:56:05 | 000,000,917 | ---- | C] () -- C:\Users\Harry\Desktop\Ventrilo.lnk
[2013/01/03 19:56:02 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/01/02 22:32:27 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/01/02 16:44:45 | 000,001,120 | ---- | C] () -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/12/31 20:42:16 | 000,029,884 | ---- | C] () -- C:\Users\Harry\Desktop\donald_008.jpg
[2012/12/31 20:36:09 | 000,046,364 | ---- | C] () -- C:\Users\Harry\Desktop\Disney_Busted.jpg
[2012/12/25 01:55:16 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012/12/24 23:31:42 | 002,585,056 | ---- | C] () -- C:\Windows\SysNative\kindling.dll
[2012/12/24 23:31:42 | 002,299,360 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll
[2012/12/24 21:54:23 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/12/15 00:53:25 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/08/23 23:09:35 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/25 22:10:56 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\acccore
[2013/01/11 16:51:36 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\FileZilla
[2013/01/12 12:20:49 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\KuGou7
[2012/12/16 13:24:02 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Leadertech
[2012/11/01 18:57:31 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PPLive

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/12/18 09:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2011/04/12 03:17:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\SysWOW64\en-US\wshelper.dll.mui
[2011/04/12 03:17:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_adb3c1d9fa188607\wshelper.dll.mui
[2011/04/12 03:17:20 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- C:\Windows\SysNative\en-US\wshelper.dll.mui
[2011/04/12 03:17:20 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_09d25d5db275f73d\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,566 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/23 23:10:18 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: HARRY-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 596 GB Healthy Boot

========== Files - Unicode (All) ==========
[2012/12/30 23:00:55 | 000,001,719 | ---- | M] ()(C:\Users\Harry\Desktop\PP????.lnk) -- C:\Users\Harry\Desktop\PP年度必看.lnk
[2012/11/01 18:45:26 | 000,001,719 | ---- | C] ()(C:\Users\Harry\Desktop\PP????.lnk) -- C:\Users\Harry\Desktop\PP年度必看.lnk

< End of report >
  • 0

#7
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi marman12. I finished looking at your OTL and aswMBR logs. Everything looks clean. Considering you are no longer having symptoms everything is almost certainly clean. If you want we can run a couple scans to pick up any remainders of any infections that system restore did not fix (I would recommend this just to be safe). If interested please do the following; if not let me know and I will give you my all done speech to help you stay clean in the future.

Step 1

  • Go to here
  • Click the download button under Kaspersky Security Scan
  • Download and run the file
  • It will start to download the Kaspersky Security Scan program data
  • Once downloaded the installer will begin
  • Click Next
  • Accept the License Agreement
  • Click Install
  • The program will now install
  • Click Finish
  • Kaspersky Security Scan will now start

    Posted Image
  • Click the Full Scan button

    Posted Image
  • The scan will take about an hour or two depending on the amount of data on your hard drive
  • If the scan detects problems it will open a Problems found window
  • Click Details to generate a scan results report

    Posted Image
  • Once the scan is complete do the following:
    • For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
      For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
    • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
    • Attach the HtmlReport zipped folder to your next post
      Posted Image
      Posted Image
      Posted Image
  • You can now close Kaspersky Security Scan

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Things to see in your ntext post:
KSS log
MBAM log

  • 0

#8
marman12

marman12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi, Sorry about this but i will be away from home for a couple of weeks and i am interested in thoroughly checking my computer so is it possible if i can check back with you once i get back? I will let you know when i will be back. Thank you very much
  • 0

#9
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Yeah that'll be fine. Post in this thread or message me when you return. Can you give me an estimate of when? Thanks.
  • 0

#10
marman12

marman12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi, so sorry for the super late reply as i finally got to doing this after the long wait. Below are the posted logs that you requested and i believe that i am all cleaned since nothing malicious was detected, Thank you soo muchh!!


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Harry :: HARRY-PC [administrator]

2/16/2013 10:31:38 PM
mbam-log-2013-02-16 (22-31-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226463
Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files


Edited by marman12, 16 February 2013 - 09:37 PM.

  • 0

#11
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Now that we're done scanning for and disinfecting malware it's time to clean up. I noticed you have an outdated adobe reader. You will want to upgrade this to prevent possible infection through this app in the future.

Posted Image You have Java installed. Java is a security risk nowadays. If you don't use Java please follow these steps to remove Java.

Removing Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Close JavaRa

Upgrading Adobe Reader:
  • For XP: Go to Start Menu --> Control Panel --> Add or Remove Programs
  • For Vista/7: Go to Start Menu --> Control Panel --> Programs and Features
  • Scroll to and select the Adobe Reader entry
  • Click Remove or Uninstall
  • Follow the instructions
  • Go to this site: http://get.adobe.com/reader/ or http://www.foxitsoft...ure_PDF_Reader/ for Foxit Reader (I prefer Foxit - it is less targeted by malware and allows pdf form editing)
  • Download and install the newest Adobe Reader (or Foxit)

Please use your computer a couple hours at least and make sure there are no remaining symptoms. If there are no symptoms proceed with the following instructions. One final step to take in disinfecting your computer is to purge all system restore points. This ensures that you will not get reinfected by files hiding in the system restore points. To do this follow these instructions:

  • Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [ClearAllRestorePoints]
  • Then click the Run Fix button at the top
  • OTL may ask to reboot the machine. Please do so if asked.
  • Post the log it produces in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. Make sure to grab the contents of this file before following the cleanup procedure described next.

You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus . Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly including Windows Updates. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. Updates close these holes. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated.

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#12
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP