Google Redirect Virus - Issues still remaining

[Visenya]

Good Morning,

A very helpful forum member here helped me previously to clean up and remove a root kit and a trojan causing web redirects. At the time I had thought I was all set but later in the day the redirects started again. All scanning programs I was instructed to use continued to come up clean so I think the issue was just some residual clean up still needed.

When I search in google I get redirected when clicking on results for example when searching for this forum and clicking on the link I was redirected to http://63.209.69.107/search/web/malwarebytes+computer+help/a22/46355-8911_1340/v5 (please do not click this link as I am sure it is full of nasty things - I am hoping that maybe the IP it is redirecting to can help someone in troubleshooting). I also get redirected to various other sites of the same type - click.getanswersfast, etc.

Attach.txt

DDS.txt

[MrCharlie]

Welcome back to the forum.

Java 7 Update 4 <----out of date >please update it now!!

Please go to your control panel > Java > Update Tab > Update Now

Here's the Java Update info:

http://www.java.com/...va_update12.jpg

~~~~~~~~~~~~~~~~~~~~~

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[Visenya]

Mr Charlie

Strangely enough my java control panel only has the other four tabs - no update tab.

Should I just go directly to the Java website and download the latest version?

[Visenya]

I realized that was a rather silly question - I uninstalled both the 64 bit and 32 bit outdated versions that were on the machine and have updated to the latest version. Still uncertain why I was missing the update tab though!

RKReport:

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Aryylas [Admin rights]

Mode : Scan -- Date : 09/02/2012 11:50:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++

--- User ---

[MBR] f3303991d5b74a996e8ec357ed534486

[bSP] cdd3c03a49747ac14386905d6b4f674b : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[Visenya]

No issues were found. Log claims it is too long to copy to the post itself so I am attaching it.

TDSSKiller.2.8.8.0_02.09.2012_12.46.28_log.txt

[MrCharlie]

That log was clean.

Please create a new system restore point before you run ComboFix.

~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[Visenya]

Ran combofix... now have no ability to connect to internet. It did not restore internet connection as it said it would.  transferred log to my phone, which im posting from now.

ComboFix-230790420.txt

[Visenya]

in regards to the internet access, it is not working wired or wireless. when i run windows network diagnostics it says there is not a valid ip configuration.

[MrCharlie]

Use the system restore point I had you create just before you ran ComboFix, MrC

[Visenya]

ok doing that now wil report back shortly

[Visenya]

System restore completed, I am now able to connect to the internet from the effected machine.

Awaiting further instruction.

[MrCharlie]

Sorry about that, can you find the ComboFix-quarantined-files.txt and post it for me:

C:\Qoobox\ComboFix-quarantined-files.txt

Thanks.....MrC

[Visenya]

No need for any sorry! You are helping me out here!

Contents of quarentine file from Combofix:

2012-09-02 18:14:16 . 2012-09-02 18:14:16 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ETDWare.reg.dat

2012-09-02 18:14:14 . 2012-09-02 18:14:14 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat

2012-09-02 18:12:17 . 2012-09-02 18:12:17 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-83345985.sys.reg.dat

2012-09-02 18:11:51 . 2012-09-02 18:11:51 101 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-PlayNC Launcher.reg.dat

2012-09-02 18:11:47 . 2012-09-02 18:11:47 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat

2012-09-02 17:55:17 . 2012-09-02 17:55:17 13,295 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-09-02 17:46:05 . 2012-09-02 17:46:05 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2007-11-07 12:03:18 . 2007-11-07 12:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir

[MrCharlie]

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[Visenya]

OTL.txt

OTL logfile created on: 9/2/2012 3:52:29 PM - Run 1

OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Aryylas\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.57% Memory free

15.99 Gb Paging File | 14.29 Gb Available in Paging File | 89.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.66 Gb Total Space | 210.84 Gb Free Space | 46.78% Space Free | Partition Type: NTFS

Drive D: | 100.00 Mb Total Space | 70.80 Mb Free Space | 70.80% Space Free | Partition Type: NTFS

Drive E: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ARYYLAS-PC | User Name: Aryylas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/02 15:52:12 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Aryylas\Desktop\OTL.exe

PRC - [2012/08/31 18:24:57 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

PRC - [2012/07/31 18:37:56 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/07/24 11:17:50 | 001,193,176 | ---- | M] () -- C:\Users\Aryylas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/07/21 09:55:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/08/10 05:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010/08/10 05:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010/06/28 19:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe

PRC - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe

PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/31 18:24:57 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

MOD - [2012/07/24 11:17:50 | 001,193,176 | ---- | M] () -- C:\Users\Aryylas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

MOD - [2012/07/21 09:55:41 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2010/06/28 19:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/05/22 22:02:36 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/05/22 21:52:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/06/11 17:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/08/24 20:37:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/07/31 18:37:56 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/07/21 09:55:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/05/17 15:51:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)

SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Disabled | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)

SRV - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010/06/01 19:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/05/26 23:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)

SRV - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe -- (AMD FusionUtility Service)

SRV - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/05/22 23:15:36 | 010,248,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/05/22 21:08:40 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)

DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)

DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)

DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)

DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)

DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/07/08 23:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010/06/17 05:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/06/16 17:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)

DRV:64bit: - [2010/05/14 17:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2010/05/11 06:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/04/29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2010/04/19 22:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2010/04/13 06:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 21:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/02 23:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/02 23:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/02 23:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV - [2012/08/16 22:34:41 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)

DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-500180581-3182723006-2823437177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-500180581-3182723006-2823437177-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-500180581-3182723006-2823437177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Aryylas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Aryylas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aryylas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aryylas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 09:55:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/05 10:48:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 09:55:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/05 10:48:14 | 000,000,000 | ---D | M]

[2012/05/17 14:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aryylas\AppData\Roaming\Mozilla\Extensions

[2012/08/01 06:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aryylas\AppData\Roaming\Mozilla\Firefox\Profiles\71tqzoiy.default\extensions

[2012/07/23 10:43:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Aryylas\AppData\Roaming\Mozilla\Firefox\Profiles\71tqzoiy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/06/09 11:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[1832/11/29 00:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\ARYYLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\71TQZOIY.DEFAULT\EXTENSIONS\YDWAHSHKLP@YDWAHSHKLP.ORG.XPI

[2012/07/21 09:55:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012/07/21 09:55:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/07/21 09:55:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/16 23:14:32 | 000,444,105 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.123fporn.info

O1 - Hosts: 15252 more lines...

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-500180581-3182723006-2823437177-1000..\Run: [PlayNC Launcher] File not found

O4 - HKU\S-1-5-21-500180581-3182723006-2823437177-1000..\Run: [spotify Web Helper] C:\Users\Aryylas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97F6DD8B-BE8B-4FDD-B0CF-2095CF0515DD}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/04/27 07:09:58 | 000,000,143 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{434ce64e-cede-11e1-badb-b870f477edad}\Shell - "" = AutoRun

O33 - MountPoints2\{434ce64e-cede-11e1-badb-b870f477edad}\Shell\AutoRun\command - "" = F:\Setup\rsrc\AUTORUN.EXE -- [2000/01/17 00:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>)

O33 - MountPoints2\{434ce64e-cede-11e1-badb-b870f477edad}\Shell\dinstall\command - "" = F:\DirectX\dxsetup.exe -- [2003/08/18 08:15:00 | 000,467,456 | R--- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/02 15:52:11 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Aryylas\Desktop\OTL.exe

[2012/09/02 14:44:13 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\Diagnostics

[2012/09/02 14:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012/09/02 13:45:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/09/02 13:45:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/09/02 13:41:18 | 004,742,930 | ---- | C] (Swearware) -- C:\Users\Aryylas\Desktop\ComboFix.exe

[2012/09/02 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\Desktop\RK_Quarantine

[2012/09/02 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/09/02 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/09/02 09:43:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aryylas\Desktop\dds.com

[2012/08/31 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\Macromedia

[2012/08/31 18:24:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/08/16 23:09:23 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aryylas\Desktop\tdsskiller.exe

[2012/08/16 23:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/08/16 08:57:39 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JFK Reloaded

[2012/08/16 08:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFK Reloaded

[2012/08/16 08:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JFK Reloaded

[2012/08/12 20:20:47 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Stardock

[2012/08/12 20:20:47 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\GameStop

[2012/08/12 20:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar

[2012/08/12 20:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameStop App

[2012/08/12 20:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameStop

[2012/08/12 20:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\GameStop

[2012/08/12 20:20:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AC1FA872-E696-4D01-A2D5-76D53ED9BA09}

[2012/08/12 20:19:54 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\PackageAware

[2012/08/12 20:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock

[2012/08/11 13:20:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/08/11 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Malwarebytes

[2012/08/11 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/11 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/11 10:58:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/11 10:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/04 20:34:00 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\Documents\Bioshock

[2012/08/04 20:34:00 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Bioshock

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/02 15:52:12 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Aryylas\Desktop\OTL.exe

[2012/09/02 15:20:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-500180581-3182723006-2823437177-1000UA.job

[2012/09/02 15:15:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/02 15:15:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/02 15:08:12 | 000,001,204 | ---- | M] () -- C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk

[2012/09/02 15:07:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/02 15:07:43 | 2143,469,567 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/02 13:41:21 | 004,742,930 | ---- | M] (Swearware) -- C:\Users\Aryylas\Desktop\ComboFix.exe

[2012/09/02 12:43:21 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aryylas\Desktop\tdsskiller.exe

[2012/09/02 11:41:42 | 001,377,280 | ---- | M] () -- C:\Users\Aryylas\Desktop\RogueKiller.exe

[2012/09/02 09:43:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aryylas\Desktop\dds.com

[2012/09/02 09:40:33 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-500180581-3182723006-2823437177-1000Core.job

[2012/08/31 18:25:35 | 000,804,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/31 18:25:35 | 000,678,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/31 18:25:35 | 000,127,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/31 17:40:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2012/08/24 21:33:11 | 000,001,036 | ---- | M] () -- C:\Users\Aryylas\Desktop\The Secret World.lnk

[2012/08/16 23:14:32 | 000,444,105 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/16 22:34:41 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys

[2012/08/11 10:58:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 20:11:39 | 000,000,000 | ---- | M] () -- C:\Users\Aryylas\AppData\Local\census.cache

[2012/08/10 20:11:39 | 000,000,000 | ---- | M] () -- C:\Users\Aryylas\AppData\Local\ars.cache

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/02 11:41:42 | 001,377,280 | ---- | C] () -- C:\Users\Aryylas\Desktop\RogueKiller.exe

[2012/08/31 17:40:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2012/08/24 21:33:11 | 000,001,036 | ---- | C] () -- C:\Users\Aryylas\Desktop\The Secret World.lnk

[2012/08/16 22:34:34 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys

[2012/08/12 20:20:48 | 000,001,204 | ---- | C] () -- C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk

[2012/08/11 10:58:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 20:05:50 | 000,000,000 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\census.cache

[2012/08/10 20:05:50 | 000,000,000 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\ars.cache

[2012/07/31 15:52:34 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/07/31 15:52:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/07/31 15:17:06 | 000,000,036 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\housecall.guid.cache

[2012/07/31 12:09:44 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012/07/31 11:41:06 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini

[2012/07/16 13:21:01 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini

[2012/06/01 14:38:22 | 000,007,620 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\Resmon.ResmonCfg

[2012/05/25 11:15:49 | 000,001,053 | ---- | C] () -- C:\Users\Aryylas\Documents - Shortcut.lnk

[2012/05/22 21:29:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/05/22 21:29:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/05/17 15:39:08 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2012/05/17 15:39:08 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe

[2012/05/17 15:39:08 | 000,000,321 | ---- | C] () -- C:\Windows\PidList_C.ini

[2012/05/17 15:31:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/05/17 14:09:13 | 000,799,096 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

[2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== LOP Check ==========

[2012/08/05 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\.minecraft

[2012/06/09 08:45:01 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Ad-Aware Antivirus

[2012/08/04 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Bioshock

[2012/06/15 09:34:21 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\GermanDarknes

[2012/07/21 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Hive Cluster

[2012/05/18 10:02:49 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\LolClient

[2012/05/23 14:05:37 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\LolClient2

[2012/05/20 11:12:05 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Natural Selection 2

[2012/06/17 11:19:12 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\NeopleLauncherDFO

[2012/07/31 11:41:43 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Origin

[2012/06/15 19:59:07 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\RotMG.Production

[2012/08/23 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Spotify

[2012/08/12 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Stardock

[2012/07/26 14:12:50 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\SystemRequirementsLab

[2012/07/27 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\TeamViewer

[2012/05/17 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\WildTangent

[2012/06/16 23:48:53 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 9/2/2012 3:52:29 PM - Run 1

OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Aryylas\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.57% Memory free

15.99 Gb Paging File | 14.29 Gb Available in Paging File | 89.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.66 Gb Total Space | 210.84 Gb Free Space | 46.78% Space Free | Partition Type: NTFS

Drive D: | 100.00 Mb Total Space | 70.80 Mb Free Space | 70.80% Space Free | Partition Type: NTFS

Drive E: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ARYYLAS-PC | User Name: Aryylas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-500180581-3182723006-2823437177-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2E43B4A7-0A40-4765-9CA6-782A7611EDDC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{ED9900F4-3EE8-4F7A-89BB-52ACCDF2550B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00974591-EB90-4F4C-946C-9A3EE7F757CF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{031B8EF5-1259-44D4-AE53-C966BA199065}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |

"{09A6C68C-E9D7-43D2-BFCC-26C48C6DAC39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0BDA57B8-BB32-49A8-B87C-32C5AC549AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{0DB99DD0-1357-491B-8A47-FF62011B0841}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |

"{1215D748-2700-4992-A93E-15C20BB902E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |

"{13EBC6F1-804B-4359-B23B-C850B6F97D69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{17624373-2938-4F58-AAB6-EC1D5A6EA6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{1A25817B-CD55-4777-AA4D-0FBDF701E3D2}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |

"{1ED888F4-4717-451E-A379-E4A109440452}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |

"{2B322CA2-9BEB-4D5A-B8A0-F89F30050753}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{2BAB2017-D443-4462-85E2-6D0926BEFE7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{2C1555DB-23C4-4708-9241-0C8390373D22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{2C1B87FF-99C8-45E6-8563-F2FCC603A073}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |

"{2E969FAB-35B5-4EA6-8B5C-FF7DB2777F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe |

"{32E5DDF5-14B0-419A-886A-05E6F16F0BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{3938D7BD-FBC5-45A1-9388-EBCBA8EED4C7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{3F8C768E-04AA-4697-8159-BAE2FD7C2AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{48A6F7ED-4E9F-4D8C-9CF1-3BF0723497BB}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |

"{4BAF92FB-153F-4A3A-8B4B-306352C24025}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{4E0EA1EE-ABAD-49F9-8B17-D304840314F2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{55F7E1F1-581D-408D-BE7E-586959434DE4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe |

"{5B3150FA-9FA2-40A6-882B-6EE45FE0EEF3}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{5CABEE34-C3FE-407E-8CD1-99C7A3117E04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{60BA722C-B5EE-4DB6-8A41-B26F43D08147}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{62E09651-85F1-48F9-918E-F265AF099985}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{64E75F63-8791-4E18-BE78-EE8498549582}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{67B31539-6731-4C59-B941-9DC78DA036E6}" = protocol=17 | dir=in | app=c:\users\aryylas\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{69329F3B-F26B-4D70-B565-F9D3209A7B2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |

"{6E14BA49-432F-4F84-BD78-03A0066DB8A8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{71D49B40-D217-463F-8EF0-1259A816B837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |

"{72CC9928-E408-42EF-B725-A832A189C69E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{72F2C548-90A1-446B-90C5-8DAF63E62D25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |

"{743F2453-CA9B-4205-9BCA-D942368A0A3F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{85CFC214-EE8F-4CA2-8EEA-5CDD787BF63C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |

"{8842690F-E5B6-4CC7-A649-369A3E3EE9CF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{8F143CB5-3294-4677-A256-BB0F187A03A7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{8F1B3031-05DB-4B8F-877F-20CD43540AE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |

"{9AF74214-2D82-4425-A1C0-0940349D5D8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |

"{9EF6F2EB-6C1E-4164-BD0C-BE681C6FC9D3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{9F6B0970-D640-440E-A7D5-EA5F211A74CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |

"{A1D54C36-0EA4-4345-84FB-41E6822ACF4E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{A3EFB500-03A0-4DD4-86DD-0F6264B83CEA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{A51E2538-1201-4F30-ABAA-9304E38561D8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{AA42B8D7-BC66-440C-9771-B73C043D6D86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |

"{B1015E68-9DCC-4796-AA7B-B2069789D51A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{B5B39D8E-6E85-41E5-BEBD-28BF0E81058A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{BA96AECD-4D28-4102-8045-6A6C9B0D33D8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{BCC05CC6-2FB1-48B9-83C8-CCD7414F1A09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"{C311E312-BE50-4BDC-8861-3326F14076F5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{C477681B-81D6-4EC2-918B-F31892012BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |

"{C6BD4585-D5B3-4772-BFB9-F350BE0FA1E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{CBCE0576-C3FE-4962-AD88-4CE7CEF25AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |

"{CD73E465-4A56-4E2C-B329-EDE031080DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{D602283D-A144-4BB3-9B66-F9D6BB4701DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |

"{D717DE22-965E-437E-A74B-33F39E609154}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |

"{DD954020-0536-46DC-A919-F0A25A22A302}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{DF2C913E-4486-4DB8-9D96-829ABF093B3E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{E4EA57BD-4326-4619-BEAD-971695356566}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{E5DEFE05-0D4D-4ABC-A7BF-BE2E4BEB68F3}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{E9E79850-65F8-4C21-B1E6-2E92FE2849BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |

"{EE85E797-3584-4A62-882D-4FE5D2F1D89B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{F7081FCC-23EB-48BF-9AC3-692688037A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |

"{F83633B0-42DA-4DDA-A258-91566FF594AC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{FE7E2321-1D28-4B0F-A453-7655B7AF71D9}" = protocol=6 | dir=in | app=c:\users\aryylas\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{FEFC172F-CF3D-40A1-85F8-CEA6953C0283}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |

"TCP Query User{06994CFC-234F-4E8B-829E-24E9C216A638}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"TCP Query User{0D08C6D3-E5AE-407A-8CC2-E2809C22D42A}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |

"TCP Query User{1FD62D85-30C3-4370-B6BF-ED8CC67F72D4}C:\users\aryylas\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\aryylas\appdata\roaming\spotify\spotify.exe |

"TCP Query User{2D2DD710-C575-41FC-97AD-5F97AA1EDE7A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{2DACF7AE-96E2-4F22-A41A-9FDE497CB6BD}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"TCP Query User{60217BAC-8B53-4BAA-A81B-79108F0E7B9B}C:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe |

"TCP Query User{8B7977F1-8B50-4BCA-A055-0F3E6A3F289F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"TCP Query User{B1977E23-86C6-4CBD-8939-F0CC3ED04888}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"TCP Query User{B1F5284A-6DAC-406E-AD8C-C87EFB755578}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"TCP Query User{CE9F5771-E5F1-4290-8A19-E587C5EF58A1}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |

"TCP Query User{DB87BA24-2B6F-44E6-86D4-71BFDEF2A0C3}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"TCP Query User{E0A887B8-2670-4466-9BE8-0C47CFC1EE7F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"TCP Query User{F589514F-CBDB-401E-B98D-3BF72C591569}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

"UDP Query User{0EDEF8C4-FD0E-420C-AA8A-9BD03FE20DB2}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"UDP Query User{1EC321FC-47B8-48D3-B900-6824A5E382E7}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |

"UDP Query User{4FD8E087-0774-45F1-BC39-6552D64D701A}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"UDP Query User{8BEC165F-C66D-4B91-AB57-495FC756235C}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"UDP Query User{92653D68-ED93-4E33-8E22-21816F32BCE4}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{A163DCBF-8AE5-43F3-AC2A-D6E7FBCDFE73}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"UDP Query User{A3F0D4C5-FDDA-4969-8A7E-59A97AAB4585}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"UDP Query User{ABC248D9-1324-484F-B12E-3518DD1D070F}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"UDP Query User{B1E4C5ED-DC9E-453B-A780-B9D98C124848}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |

"UDP Query User{BC514CAD-A2B3-4371-BE58-FB0461237931}C:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe |

"UDP Query User{CB7668B5-C078-4B08-934B-150ABA434C73}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

"UDP Query User{E8E14F96-6613-41F7-9CEB-A898A505DE19}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"UDP Query User{EC0DADCB-FAD0-421D-8A9C-E4A082AC2D84}C:\users\aryylas\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\aryylas\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07D1CCC7-85B8-802A-A3D3-19EA4488CC22}" = AMD Media Foundation Decoders

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{4C569ABA-8FE0-DC22-5550-FC0D4837F6B0}" = ccc-utility64

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8D2B792E-2738-FA40-0CE9-9531F9C47E6E}" = AMD Fuel

"{8DDDD1B7-CB3E-3270-6EC0-581C7C7CAE68}" = AMD Catalyst Install Manager

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8F617308-573A-513C-8F73-5F2C2157124B}" = AMD Accelerated Video Transcoding

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{AADE1FBC-E59B-AD50-83A3-8EBEB5A07252}" = AMD Drag and Drop Transcoding

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"The Secret World_is1" = The Secret World

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{121E6FA9-6633-1FB3-473F-6EED2CC9D96A}" = CCC Help English

"{1429F2F7-C307-94C3-025C-754E7B23C195}" = CCC Help Finnish

"{15157B88-3773-FE29-99A3-065749EA2DF7}" = CCC Help Danish

"{1583C05E-2AB7-7892-6A73-3E671B79F26C}" = CCC Help Czech

"{15E642CC-E176-5962-8A9B-6E3E44AC413A}" = CCC Help Swedish

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1BC4F235-FCFB-54EE-E05B-551D8DA20164}" = CCC Help Greek

"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28D67165-E575-5F18-ED79-6C8ABBFC23A7}" = Catalyst Control Center Localization All

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish

"{2E9CBC83-B021-4118-8BB9-40FFF1179C3C}" = AMD Fusion Utility

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4D96BC8B-3945-D6F1-87BC-B32029BBC07F}" = CCC Help Turkish

"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{5FADC5E2-3564-7601-471B-B3648D26FBAC}" = CCC Help Spanish

"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71A2554B-5DAE-86F9-AA6C-E773B1F41EB0}" = AMD VISION Engine Control Center

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{736C6F0E-A133-9BA8-1567-C32615B56606}" = Catalyst Control Center Graphics Previews Common

"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85257426-38D5-F3BB-533F-14AD95510CD8}" = Catalyst Control Center InstallProxy

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B7BFDD0-D33E-A654-88E5-0AA86CDD712D}" = CCC Help Chinese Standard

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B326B27-315A-5268-2EA0-37183003C55F}" = CCC Help Chinese Traditional

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78A44C4-2406-971B-A844-2DBD7AA4EF1D}" = CCC Help Thai

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{AFFC96D1-1341-9A0D-5C6B-86C129E0DE99}" = CCC Help French

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B428FE8F-C5C1-1013-F595-CE60F33796C0}" = CCC Help Korean

"{B890C235-856E-974C-34E1-4BA27190B269}" = CCC Help Japanese

"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C496E361-159F-5E56-DEBC-2AFE49AEF5F3}" = CCC Help German

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C9559D7E-1CE6-F543-A474-0351AEDCD553}" = CCC Help Dutch

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian

"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.199.107

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4E133B8-6359-B9D6-D82D-3E021570F88A}" = CCC Help Hungarian

"{DC58EF47-72CC-2499-7D1A-E8F662B68BC1}" = CCC Help Polish

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC409068-9252-2A42-0E4D-E2A4EF612810}" = CCC Help Portuguese

"{ECD71D86-8D8E-B8D4-3B04-DCBBE70E8D54}" = CCC Help Norwegian

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9

"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F3FC97A4-7E43-8230-61FD-5784B5F5D580}" = CCC Help Italian

"{F7B1FFCA-7ED4-C50E-F98F-6DE383C8AF66}" = CCC Help Russian

"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch

"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Acer Game Console" = Acer Game Console

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"Battlelog Web Plugins" = Battlelog Web Plugins

"Cisco Connect" = Cisco Connect

"DFO" = DFOLauncher

"Diablo III" = Diablo III

"ESN Sonar-0.70.4" = ESN Sonar

"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]

"GameStop App" = GameStop App

"hon" = Heroes of Newerth

"Identity Card" = Identity Card

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3

"JFK Reloaded" = JFK Reloaded 1.1

"LManager" = Launch Manager

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"Steam App 102600" = Orcs Must Die!

"Steam App 105600" = Terraria

"Steam App 113200" = The Binding of Isaac

"Steam App 15700" = Oddworld: Abe's Oddysee

"Steam App 15710" = Oddworld: Abe's Exoddus

"Steam App 207170" = Legend of Grimrock

"Steam App 220" = Half-Life 2

"Steam App 240" = Counter-Strike: Source

"Steam App 24240" = PAYDAY: The Heist

"Steam App 340" = Half-Life 2: Lost Coast

"Steam App 39160" = Dungeon Siege III

"Steam App 440" = Team Fortress 2

"Steam App 4920" = Natural Selection 2

"Steam App 550" = Left 4 Dead 2

"Steam App 570" = Dota 2

"Steam App 7670" = BioShock

"Steam App 8980" = Borderlands

"TeamViewer 7" = TeamViewer 7

"Vindictus" = Vindictus

"WildTangent acer Master Uninstall" = Acer Games

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.11 (32-bit)

"World of Warcraft" = World of Warcraft

"WT088295" = Agatha Christie - Death on the Nile

"WT088300" = Bejeweled 2 Deluxe

"WT088310" = Build-a-lot 2

"WT088312" = Chuzzle Deluxe

"WT088318" = Diner Dash 2 Restaurant Rescue

"WT088350" = Jewel Quest Solitaire 2

"WT088364" = Plants vs. Zombies

"WT088373" = Blackhawk Striker 2

"WT088393" = Dora's Carnival Adventure

"WT088413" = FATE

"WT088445" = John Deere Drive Green

"WT088449" = Penguins!

"WT088453" = Polar Bowler

"WT088457" = Polar Golfer

"WT088517" = Zuma's Revenge

"WT088553" = Virtual Villagers 4 - The Tree of Life

"WT088649" = 18 Wheels of Steel - American Long Haul

"WT088653" = Jewel Quest - Heritage

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-500180581-3182723006-2823437177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"NCsoft-Aion" = Aion

"SOE-EverQuest II" = EverQuest II

"Spotify" = Spotify

"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/13/2012 7:59:31 AM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 12.0.0.4493 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 734 Start

Time: 01cd495b8d68dfa0 Termination Time: 20 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: 3989eae6-b54f-11e1-83b5-b870f477edad

Error - 6/14/2012 10:41:19 AM | Computer Name = Aryylas-PC | Source = Application Error | ID = 1000

Description = Faulting application name: TheSecretWorldDX11.exe, version: 1.0.0.0,

time stamp: 0x4fd91c77 Faulting module name: TheSecretWorldDX11.exe, version: 1.0.0.0,

time stamp: 0x4fd91c77 Exception code: 0xc0000005 Fault offset: 0x00e0a8bc Faulting

process id: 0xc10 Faulting application start time: 0x01cd4a2f6bf716d9 Faulting application

path: C:\Program Files\Funcom\The Secret World\TheSecretWorldDX11.exe Faulting module

path: C:\Program Files\Funcom\The Secret World\TheSecretWorldDX11.exe Report Id:

004d35c0-b62f-11e1-8719-b870f477edad

Error - 6/14/2012 3:57:59 PM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002

Description = The program PowerDVD9.exe version 9.0.3216.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 504 Start

Time: 01cd4a5d7061fe6a Termination Time: 48 Application Path: C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe

Report

Id:

Error - 6/17/2012 12:05:58 AM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002

Description = The program FusionUI.exe version 2.0.1.117 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 3bc Start

Time: 01cd4c3e6cb2de0a Termination Time: 6 Application Path: C:\Program Files (x86)\AMD\Fusion

Utility for Desktop\FusionUI.exe Report Id: bad238dc-b831-11e1-b7e9-b870f477edad

Error - 6/17/2012 12:09:57 AM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002

Description = The program DFO.exe version 1.0.44.1 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: ee8 Start Time:

01cd4c3edc4dfd74 Termination Time: 208 Application Path: C:\Nexon\DFO\DFO.exe Report

Id: 47d8992c-b832-11e1-b7e9-b870f477edad

Error - 6/17/2012 1:22:46 AM | Computer Name = Aryylas-PC | Source = Application Error | ID = 1000

Description = Faulting application name: DFO.exe, version: 1.0.44.1, time stamp:

0x4fd73d37 Faulting module name: DFO.exe, version: 1.0.44.1, time stamp: 0x4fd73d37

Exception

code: 0xc0000005 Fault offset: 0x00a23998 Faulting process id: 0x644 Faulting application

start time: 0x01cd4c4938532ffe Faulting application path: C:\Nexon\DFO\DFO.exe Faulting

module path: C:\Nexon\DFO\DFO.exe Report Id: 7859f703-b83c-11e1-b7e9-b870f477edad

Error - 6/26/2012 4:05:14 PM | Computer Name = Aryylas-PC | Source = SignInAssistant | ID = 0

Description =

Error - 6/28/2012 8:06:37 PM | Computer Name = Aryylas-PC | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x6b68e36c Faulting

process id: 0xec8 Faulting application start time: 0x01cd55898e4c8606 Faulting application

path: c:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike

source\hl2.exe Faulting module path: filesystem_steam.dll Report Id: 4b01ab70-c17e-11e1-b8ea-b870f477edad

Error - 6/28/2012 10:33:12 PM | Computer Name = Aryylas-PC | Source = SignInAssistant | ID = 0

Description =

Error - 7/15/2012 5:39:41 PM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002

Description = The program Steam.exe version 1.0.1065.11 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: be0 Start

Time: 01cd62b140507e08 Termination Time: 0 Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report

Id: 910d6b67-cec5-11e1-8860-b870f477edad

[ Media Center Events ]

Error - 8/4/2012 3:52:27 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0

Description = 3:52:27 AM - Failed to retrieve Directory (Error: Unable to connect

to the remote server)

Error - 8/4/2012 8:12:40 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0

Description = 8:12:17 AM - Error connecting to the internet. 8:12:17 AM - Unable

to contact server..

Error - 8/12/2012 5:57:43 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0

Description = 5:57:43 AM - Failed to retrieve MCEClientUX (Error: Unable to connect

to the remote server)

Error - 8/12/2012 5:57:43 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0

Description = 5:57:43 AM - Failed to retrieve SportsSchedule (Error: The remote

name could not be resolved: 'data.tvdownload.microsoft.com')

Error - 8/12/2012 5:57:43 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0

Description = 5:57:43 AM - Failed to retrieve SportsV2 (Error: The remote name could

not be resolved: 'data.tvdownload.microsoft.com')

Error - 8/12/2012 11:07:14 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0

Description = 5:57:43 AM - Failed to retrieve Broadband (Error: The remote name

could not be resolved: 'data.tvdownload.microsoft.com')

[ System Events ]

Error - 6/5/2012 6:26:45 AM | Computer Name = Aryylas-PC | Source = DCOM | ID = 10010

Description =

< End of report >

[MrCharlie]

What browser are you using when you get the directs? MrC

[Visenya]

Firefox

I have not noticed it in any other browser, however I don't use the other browsers on the PC very often if at all.

[MrCharlie]

Lets do this.....

Uninstall firefox and if asked about user data or settings > remove them also.

Test the other browsers and if no problems reinstall FF, don't import and settings > bookmarks are OK.

Let me know, MrC

[Visenya]

Ok - another quick question. Should we be doing anything about the hosts file? When I looked at it after we last cleaned the computer it was very standard looking, empty. Now its FULL of weird spammy looking sites such as below:

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[Visenya]

Initial searching seems good. I will monitor over the next couple of days as the issue did not resurface until hours later when you previously helped me remove the virus that was causing the issue.

As an addendum to the hosts file - I got a little scared when I saw all the websites showing up in the scan logs from the tools you gave me but when I open the actual file I see this above them: # Start of entries inserted by Spybot - Search & Destroy and an end comment below them saying # End of entries inserted by Spybot - Search & Destroy so I think I was alarmed by it for no reason - it is actually the sites that Spybot "immunizes" against.

[MrCharlie]

OK, let me know and you're right about the host file > i's from Spybot.

MrC

[Visenya]

Last time you had given me a link that neatly cleaned up all the installs and log files - should I be using that again?

There should be a paypal donation showing up momentarily to you as well. I apologize as I know I said I was going to send something last time, there have been some complex medical issues going on with the family and it sort of slipped through the cracks. So this is for this time and last time.

Thank you again MrC!

[MrCharlie]

Please let me know how it is >>>OK!!

This is my closing post to everyone >>>>>

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!