Visenya

Last time you had given me a link that neatly cleaned up all the installs and log files - should I be using that again? There should be a paypal donation showing up momentarily to you as well. I apologize as I know I said I was going to send something last time, there have been some complex medical issues going on with the family and it sort of slipped through the cracks. So this is for this time and last time. Thank you again MrC!

Initial searching seems good. I will monitor over the next couple of days as the issue did not resurface until hours later when you previously helped me remove the virus that was causing the issue. As an addendum to the hosts file - I got a little scared when I saw all the websites showing up in the scan logs from the tools you gave me but when I open the actual file I see this above them: # Start of entries inserted by Spybot - Search & Destroy and an end comment below them saying # End of entries inserted by Spybot - Search & Destroy so I think I was alarmed by it for no reason - it is actually the sites that Spybot "immunizes" against.

Ok - another quick question. Should we be doing anything about the hosts file? When I looked at it after we last cleaned the computer it was very standard looking, empty. Now its FULL of weird spammy looking sites such as below: --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com

Firefox I have not noticed it in any other browser, however I don't use the other browsers on the PC very often if at all.

OTL.txt OTL logfile created on: 9/2/2012 3:52:29 PM - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Aryylas\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.57% Memory free 15.99 Gb Paging File | 14.29 Gb Available in Paging File | 89.36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.66 Gb Total Space | 210.84 Gb Free Space | 46.78% Space Free | Partition Type: NTFS Drive D: | 100.00 Mb Total Space | 70.80 Mb Free Space | 70.80% Space Free | Partition Type: NTFS Drive E: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ARYYLAS-PC | User Name: Aryylas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/02 15:52:12 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Aryylas\Desktop\OTL.exe PRC - [2012/08/31 18:24:57 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012/07/31 18:37:56 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/07/24 11:17:50 | 001,193,176 | ---- | M] () -- C:\Users\Aryylas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/07/21 09:55:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/08/10 05:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010/08/10 05:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010/06/28 19:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe PRC - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe ========== Modules (No Company Name) ========== MOD - [2012/08/31 18:24:57 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2012/07/24 11:17:50 | 001,193,176 | ---- | M] () -- C:\Users\Aryylas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012/07/21 09:55:41 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010/06/28 19:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/05/22 22:02:36 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/05/22 21:52:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/11 17:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/08/24 20:37:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/31 18:37:56 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/07/21 09:55:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/05/17 15:51:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Disabled | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/06/01 19:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/05/26 23:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe -- (AMD FusionUtility Service) SRV - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/05/22 23:15:36 | 010,248,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/05/22 21:08:40 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw) DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis) DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE) DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL) DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/07/08 23:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010/06/17 05:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/06/16 17:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010/05/14 17:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010/05/11 06:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/04/29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/04/19 22:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010/04/13 06:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 21:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/02 23:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/02 23:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/02 23:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV - [2012/08/16 22:34:41 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox) DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-500180581-3182723006-2823437177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-500180581-3182723006-2823437177-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-500180581-3182723006-2823437177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Aryylas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Aryylas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aryylas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aryylas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 09:55:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/05 10:48:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 09:55:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/05 10:48:14 | 000,000,000 | ---D | M] [2012/05/17 14:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aryylas\AppData\Roaming\Mozilla\Extensions [2012/08/01 06:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aryylas\AppData\Roaming\Mozilla\Firefox\Profiles\71tqzoiy.default\extensions [2012/07/23 10:43:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Aryylas\AppData\Roaming\Mozilla\Firefox\Profiles\71tqzoiy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/06/09 11:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [1832/11/29 00:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\ARYYLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\71TQZOIY.DEFAULT\EXTENSIONS\YDWAHSHKLP@YDWAHSHKLP.ORG.XPI [2012/07/21 09:55:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012/07/21 09:55:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/21 09:55:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/16 23:14:32 | 000,444,105 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15252 more lines... O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-500180581-3182723006-2823437177-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-500180581-3182723006-2823437177-1000..\Run: [spotify Web Helper] C:\Users\Aryylas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97F6DD8B-BE8B-4FDD-B0CF-2095CF0515DD}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/04/27 07:09:58 | 000,000,143 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{434ce64e-cede-11e1-badb-b870f477edad}\Shell - "" = AutoRun O33 - MountPoints2\{434ce64e-cede-11e1-badb-b870f477edad}\Shell\AutoRun\command - "" = F:\Setup\rsrc\AUTORUN.EXE -- [2000/01/17 00:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) O33 - MountPoints2\{434ce64e-cede-11e1-badb-b870f477edad}\Shell\dinstall\command - "" = F:\DirectX\dxsetup.exe -- [2003/08/18 08:15:00 | 000,467,456 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/02 15:52:11 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Aryylas\Desktop\OTL.exe [2012/09/02 14:44:13 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\Diagnostics [2012/09/02 14:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/09/02 13:45:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/02 13:45:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/09/02 13:41:18 | 004,742,930 | ---- | C] (Swearware) -- C:\Users\Aryylas\Desktop\ComboFix.exe [2012/09/02 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\Desktop\RK_Quarantine [2012/09/02 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/09/02 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/09/02 09:43:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aryylas\Desktop\dds.com [2012/08/31 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\Macromedia [2012/08/31 18:24:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/08/16 23:09:23 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aryylas\Desktop\tdsskiller.exe [2012/08/16 23:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/08/16 08:57:39 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JFK Reloaded [2012/08/16 08:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFK Reloaded [2012/08/16 08:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JFK Reloaded [2012/08/12 20:20:47 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Stardock [2012/08/12 20:20:47 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\GameStop [2012/08/12 20:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar [2012/08/12 20:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameStop App [2012/08/12 20:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameStop [2012/08/12 20:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\GameStop [2012/08/12 20:20:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AC1FA872-E696-4D01-A2D5-76D53ED9BA09} [2012/08/12 20:19:54 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\PackageAware [2012/08/12 20:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2012/08/11 13:20:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/08/11 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Malwarebytes [2012/08/11 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/11 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/11 10:58:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/11 10:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/04 20:34:00 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\Documents\Bioshock [2012/08/04 20:34:00 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Bioshock [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/02 15:52:12 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Aryylas\Desktop\OTL.exe [2012/09/02 15:20:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-500180581-3182723006-2823437177-1000UA.job [2012/09/02 15:15:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/02 15:15:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/02 15:08:12 | 000,001,204 | ---- | M] () -- C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2012/09/02 15:07:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/02 15:07:43 | 2143,469,567 | -HS- | M] () -- C:\hiberfil.sys [2012/09/02 13:41:21 | 004,742,930 | ---- | M] (Swearware) -- C:\Users\Aryylas\Desktop\ComboFix.exe [2012/09/02 12:43:21 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aryylas\Desktop\tdsskiller.exe [2012/09/02 11:41:42 | 001,377,280 | ---- | M] () -- C:\Users\Aryylas\Desktop\RogueKiller.exe [2012/09/02 09:43:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aryylas\Desktop\dds.com [2012/09/02 09:40:33 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-500180581-3182723006-2823437177-1000Core.job [2012/08/31 18:25:35 | 000,804,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/31 18:25:35 | 000,678,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/31 18:25:35 | 000,127,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/31 17:40:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012/08/24 21:33:11 | 000,001,036 | ---- | M] () -- C:\Users\Aryylas\Desktop\The Secret World.lnk [2012/08/16 23:14:32 | 000,444,105 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/16 22:34:41 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys [2012/08/11 10:58:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/10 20:11:39 | 000,000,000 | ---- | M] () -- C:\Users\Aryylas\AppData\Local\census.cache [2012/08/10 20:11:39 | 000,000,000 | ---- | M] () -- C:\Users\Aryylas\AppData\Local\ars.cache [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/02 11:41:42 | 001,377,280 | ---- | C] () -- C:\Users\Aryylas\Desktop\RogueKiller.exe [2012/08/31 17:40:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012/08/24 21:33:11 | 000,001,036 | ---- | C] () -- C:\Users\Aryylas\Desktop\The Secret World.lnk [2012/08/16 22:34:34 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys [2012/08/12 20:20:48 | 000,001,204 | ---- | C] () -- C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2012/08/11 10:58:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/10 20:05:50 | 000,000,000 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\census.cache [2012/08/10 20:05:50 | 000,000,000 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\ars.cache [2012/07/31 15:52:34 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/07/31 15:52:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/07/31 15:17:06 | 000,000,036 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\housecall.guid.cache [2012/07/31 12:09:44 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/07/31 11:41:06 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini [2012/07/16 13:21:01 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini [2012/06/01 14:38:22 | 000,007,620 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\Resmon.ResmonCfg [2012/05/25 11:15:49 | 000,001,053 | ---- | C] () -- C:\Users\Aryylas\Documents - Shortcut.lnk [2012/05/22 21:29:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/05/22 21:29:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/05/17 15:39:08 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012/05/17 15:39:08 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe [2012/05/17 15:39:08 | 000,000,321 | ---- | C] () -- C:\Windows\PidList_C.ini [2012/05/17 15:31:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/05/17 14:09:13 | 000,799,096 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll ========== LOP Check ========== [2012/08/05 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\.minecraft [2012/06/09 08:45:01 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Ad-Aware Antivirus [2012/08/04 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Bioshock [2012/06/15 09:34:21 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\GermanDarknes [2012/07/21 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Hive Cluster [2012/05/18 10:02:49 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\LolClient [2012/05/23 14:05:37 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\LolClient2 [2012/05/20 11:12:05 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Natural Selection 2 [2012/06/17 11:19:12 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\NeopleLauncherDFO [2012/07/31 11:41:43 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Origin [2012/06/15 19:59:07 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\RotMG.Production [2012/08/23 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Spotify [2012/08/12 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Stardock [2012/07/26 14:12:50 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\SystemRequirementsLab [2012/07/27 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\TeamViewer [2012/05/17 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\WildTangent [2012/06/16 23:48:53 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 9/2/2012 3:52:29 PM - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Aryylas\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.57% Memory free 15.99 Gb Paging File | 14.29 Gb Available in Paging File | 89.36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.66 Gb Total Space | 210.84 Gb Free Space | 46.78% Space Free | Partition Type: NTFS Drive D: | 100.00 Mb Total Space | 70.80 Mb Free Space | 70.80% Space Free | Partition Type: NTFS Drive E: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ARYYLAS-PC | User Name: Aryylas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-500180581-3182723006-2823437177-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2E43B4A7-0A40-4765-9CA6-782A7611EDDC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{ED9900F4-3EE8-4F7A-89BB-52ACCDF2550B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00974591-EB90-4F4C-946C-9A3EE7F757CF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{031B8EF5-1259-44D4-AE53-C966BA199065}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | "{09A6C68C-E9D7-43D2-BFCC-26C48C6DAC39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0BDA57B8-BB32-49A8-B87C-32C5AC549AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{0DB99DD0-1357-491B-8A47-FF62011B0841}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | "{1215D748-2700-4992-A93E-15C20BB902E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{13EBC6F1-804B-4359-B23B-C850B6F97D69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{17624373-2938-4F58-AAB6-EC1D5A6EA6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{1A25817B-CD55-4777-AA4D-0FBDF701E3D2}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{1ED888F4-4717-451E-A379-E4A109440452}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | "{2B322CA2-9BEB-4D5A-B8A0-F89F30050753}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{2BAB2017-D443-4462-85E2-6D0926BEFE7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{2C1555DB-23C4-4708-9241-0C8390373D22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{2C1B87FF-99C8-45E6-8563-F2FCC603A073}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe | "{2E969FAB-35B5-4EA6-8B5C-FF7DB2777F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe | "{32E5DDF5-14B0-419A-886A-05E6F16F0BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{3938D7BD-FBC5-45A1-9388-EBCBA8EED4C7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{3F8C768E-04AA-4697-8159-BAE2FD7C2AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{48A6F7ED-4E9F-4D8C-9CF1-3BF0723497BB}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{4BAF92FB-153F-4A3A-8B4B-306352C24025}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{4E0EA1EE-ABAD-49F9-8B17-D304840314F2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{55F7E1F1-581D-408D-BE7E-586959434DE4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe | "{5B3150FA-9FA2-40A6-882B-6EE45FE0EEF3}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{5CABEE34-C3FE-407E-8CD1-99C7A3117E04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{60BA722C-B5EE-4DB6-8A41-B26F43D08147}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{62E09651-85F1-48F9-918E-F265AF099985}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{64E75F63-8791-4E18-BE78-EE8498549582}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{67B31539-6731-4C59-B941-9DC78DA036E6}" = protocol=17 | dir=in | app=c:\users\aryylas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{69329F3B-F26B-4D70-B565-F9D3209A7B2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe | "{6E14BA49-432F-4F84-BD78-03A0066DB8A8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{71D49B40-D217-463F-8EF0-1259A816B837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{72CC9928-E408-42EF-B725-A832A189C69E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{72F2C548-90A1-446B-90C5-8DAF63E62D25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{743F2453-CA9B-4205-9BCA-D942368A0A3F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{85CFC214-EE8F-4CA2-8EEA-5CDD787BF63C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe | "{8842690F-E5B6-4CC7-A649-369A3E3EE9CF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{8F143CB5-3294-4677-A256-BB0F187A03A7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{8F1B3031-05DB-4B8F-877F-20CD43540AE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | "{9AF74214-2D82-4425-A1C0-0940349D5D8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe | "{9EF6F2EB-6C1E-4164-BD0C-BE681C6FC9D3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{9F6B0970-D640-440E-A7D5-EA5F211A74CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe | "{A1D54C36-0EA4-4345-84FB-41E6822ACF4E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{A3EFB500-03A0-4DD4-86DD-0F6264B83CEA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{A51E2538-1201-4F30-ABAA-9304E38561D8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{AA42B8D7-BC66-440C-9771-B73C043D6D86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{B1015E68-9DCC-4796-AA7B-B2069789D51A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B5B39D8E-6E85-41E5-BEBD-28BF0E81058A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{BA96AECD-4D28-4102-8045-6A6C9B0D33D8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{BCC05CC6-2FB1-48B9-83C8-CCD7414F1A09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{C311E312-BE50-4BDC-8861-3326F14076F5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C477681B-81D6-4EC2-918B-F31892012BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | "{C6BD4585-D5B3-4772-BFB9-F350BE0FA1E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{CBCE0576-C3FE-4962-AD88-4CE7CEF25AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{CD73E465-4A56-4E2C-B329-EDE031080DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{D602283D-A144-4BB3-9B66-F9D6BB4701DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | "{D717DE22-965E-437E-A74B-33F39E609154}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe | "{DD954020-0536-46DC-A919-F0A25A22A302}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{DF2C913E-4486-4DB8-9D96-829ABF093B3E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{E4EA57BD-4326-4619-BEAD-971695356566}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{E5DEFE05-0D4D-4ABC-A7BF-BE2E4BEB68F3}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{E9E79850-65F8-4C21-B1E6-2E92FE2849BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | "{EE85E797-3584-4A62-882D-4FE5D2F1D89B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F7081FCC-23EB-48BF-9AC3-692688037A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{F83633B0-42DA-4DDA-A258-91566FF594AC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FE7E2321-1D28-4B0F-A453-7655B7AF71D9}" = protocol=6 | dir=in | app=c:\users\aryylas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{FEFC172F-CF3D-40A1-85F8-CEA6953C0283}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | "TCP Query User{06994CFC-234F-4E8B-829E-24E9C216A638}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{0D08C6D3-E5AE-407A-8CC2-E2809C22D42A}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe | "TCP Query User{1FD62D85-30C3-4370-B6BF-ED8CC67F72D4}C:\users\aryylas\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\aryylas\appdata\roaming\spotify\spotify.exe | "TCP Query User{2D2DD710-C575-41FC-97AD-5F97AA1EDE7A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{2DACF7AE-96E2-4F22-A41A-9FDE497CB6BD}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "TCP Query User{60217BAC-8B53-4BAA-A81B-79108F0E7B9B}C:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe | "TCP Query User{8B7977F1-8B50-4BCA-A055-0F3E6A3F289F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{B1977E23-86C6-4CBD-8939-F0CC3ED04888}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{B1F5284A-6DAC-406E-AD8C-C87EFB755578}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{CE9F5771-E5F1-4290-8A19-E587C5EF58A1}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "TCP Query User{DB87BA24-2B6F-44E6-86D4-71BFDEF2A0C3}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{E0A887B8-2670-4466-9BE8-0C47CFC1EE7F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{F589514F-CBDB-401E-B98D-3BF72C591569}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | "UDP Query User{0EDEF8C4-FD0E-420C-AA8A-9BD03FE20DB2}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{1EC321FC-47B8-48D3-B900-6824A5E382E7}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "UDP Query User{4FD8E087-0774-45F1-BC39-6552D64D701A}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "UDP Query User{8BEC165F-C66D-4B91-AB57-495FC756235C}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{92653D68-ED93-4E33-8E22-21816F32BCE4}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{A163DCBF-8AE5-43F3-AC2A-D6E7FBCDFE73}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{A3F0D4C5-FDDA-4969-8A7E-59A97AAB4585}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{ABC248D9-1324-484F-B12E-3518DD1D070F}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "UDP Query User{B1E4C5ED-DC9E-453B-A780-B9D98C124848}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe | "UDP Query User{BC514CAD-A2B3-4371-BE58-FB0461237931}C:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe | "UDP Query User{CB7668B5-C078-4B08-934B-150ABA434C73}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | "UDP Query User{E8E14F96-6613-41F7-9CEB-A898A505DE19}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{EC0DADCB-FAD0-421D-8A9C-E4A082AC2D84}C:\users\aryylas\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\aryylas\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07D1CCC7-85B8-802A-A3D3-19EA4488CC22}" = AMD Media Foundation Decoders "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{4C569ABA-8FE0-DC22-5550-FC0D4837F6B0}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8D2B792E-2738-FA40-0CE9-9531F9C47E6E}" = AMD Fuel "{8DDDD1B7-CB3E-3270-6EC0-581C7C7CAE68}" = AMD Catalyst Install Manager "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8F617308-573A-513C-8F73-5F2C2157124B}" = AMD Accelerated Video Transcoding "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{AADE1FBC-E59B-AD50-83A3-8EBEB5A07252}" = AMD Drag and Drop Transcoding "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "The Secret World_is1" = The Secret World [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{121E6FA9-6633-1FB3-473F-6EED2CC9D96A}" = CCC Help English "{1429F2F7-C307-94C3-025C-754E7B23C195}" = CCC Help Finnish "{15157B88-3773-FE29-99A3-065749EA2DF7}" = CCC Help Danish "{1583C05E-2AB7-7892-6A73-3E671B79F26C}" = CCC Help Czech "{15E642CC-E176-5962-8A9B-6E3E44AC413A}" = CCC Help Swedish "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1BC4F235-FCFB-54EE-E05B-551D8DA20164}" = CCC Help Greek "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28D67165-E575-5F18-ED79-6C8ABBFC23A7}" = Catalyst Control Center Localization All "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{2E9CBC83-B021-4118-8BB9-40FFF1179C3C}" = AMD Fusion Utility "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D96BC8B-3945-D6F1-87BC-B32029BBC07F}" = CCC Help Turkish "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{5FADC5E2-3564-7601-471B-B3648D26FBAC}" = CCC Help Spanish "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71A2554B-5DAE-86F9-AA6C-E773B1F41EB0}" = AMD VISION Engine Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{736C6F0E-A133-9BA8-1567-C32615B56606}" = Catalyst Control Center Graphics Previews Common "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85257426-38D5-F3BB-533F-14AD95510CD8}" = Catalyst Control Center InstallProxy "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7BFDD0-D33E-A654-88E5-0AA86CDD712D}" = CCC Help Chinese Standard "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B326B27-315A-5268-2EA0-37183003C55F}" = CCC Help Chinese Traditional "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78A44C4-2406-971B-A844-2DBD7AA4EF1D}" = CCC Help Thai "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AFFC96D1-1341-9A0D-5C6B-86C129E0DE99}" = CCC Help French "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B428FE8F-C5C1-1013-F595-CE60F33796C0}" = CCC Help Korean "{B890C235-856E-974C-34E1-4BA27190B269}" = CCC Help Japanese "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C496E361-159F-5E56-DEBC-2AFE49AEF5F3}" = CCC Help German "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C9559D7E-1CE6-F543-A474-0351AEDCD553}" = CCC Help Dutch "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.199.107 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4E133B8-6359-B9D6-D82D-3E021570F88A}" = CCC Help Hungarian "{DC58EF47-72CC-2499-7D1A-E8F662B68BC1}" = CCC Help Polish "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC409068-9252-2A42-0E4D-E2A4EF612810}" = CCC Help Portuguese "{ECD71D86-8D8E-B8D4-3B04-DCBBE70E8D54}" = CCC Help Norwegian "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3FC97A4-7E43-8230-61FD-5784B5F5D580}" = CCC Help Italian "{F7B1FFCA-7ED4-C50E-F98F-6DE383C8AF66}" = CCC Help Russian "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Game Console" = Acer Game Console "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Battlelog Web Plugins" = Battlelog Web Plugins "Cisco Connect" = Cisco Connect "DFO" = DFOLauncher "Diablo III" = Diablo III "ESN Sonar-0.70.4" = ESN Sonar "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "GameStop App" = GameStop App "hon" = Heroes of Newerth "Identity Card" = Identity Card "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "JFK Reloaded" = JFK Reloaded 1.1 "LManager" = Launch Manager "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Steam App 102600" = Orcs Must Die! "Steam App 105600" = Terraria "Steam App 113200" = The Binding of Isaac "Steam App 15700" = Oddworld: Abe's Oddysee "Steam App 15710" = Oddworld: Abe's Exoddus "Steam App 207170" = Legend of Grimrock "Steam App 220" = Half-Life 2 "Steam App 240" = Counter-Strike: Source "Steam App 24240" = PAYDAY: The Heist "Steam App 340" = Half-Life 2: Lost Coast "Steam App 39160" = Dungeon Siege III "Steam App 440" = Team Fortress 2 "Steam App 4920" = Natural Selection 2 "Steam App 550" = Left 4 Dead 2 "Steam App 570" = Dota 2 "Steam App 7670" = BioShock "Steam App 8980" = Borderlands "TeamViewer 7" = TeamViewer 7 "Vindictus" = Vindictus "WildTangent acer Master Uninstall" = Acer Games "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-bit) "World of Warcraft" = World of Warcraft "WT088295" = Agatha Christie - Death on the Nile "WT088300" = Bejeweled 2 Deluxe "WT088310" = Build-a-lot 2 "WT088312" = Chuzzle Deluxe "WT088318" = Diner Dash 2 Restaurant Rescue "WT088350" = Jewel Quest Solitaire 2 "WT088364" = Plants vs. Zombies "WT088373" = Blackhawk Striker 2 "WT088393" = Dora's Carnival Adventure "WT088413" = FATE "WT088445" = John Deere Drive Green "WT088449" = Penguins! "WT088453" = Polar Bowler "WT088457" = Polar Golfer "WT088517" = Zuma's Revenge "WT088553" = Virtual Villagers 4 - The Tree of Life "WT088649" = 18 Wheels of Steel - American Long Haul "WT088653" = Jewel Quest - Heritage ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-500180581-3182723006-2823437177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "NCsoft-Aion" = Aion "SOE-EverQuest II" = EverQuest II "Spotify" = Spotify "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/13/2012 7:59:31 AM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 12.0.0.4493 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 734 Start Time: 01cd495b8d68dfa0 Termination Time: 20 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 3989eae6-b54f-11e1-83b5-b870f477edad Error - 6/14/2012 10:41:19 AM | Computer Name = Aryylas-PC | Source = Application Error | ID = 1000 Description = Faulting application name: TheSecretWorldDX11.exe, version: 1.0.0.0, time stamp: 0x4fd91c77 Faulting module name: TheSecretWorldDX11.exe, version: 1.0.0.0, time stamp: 0x4fd91c77 Exception code: 0xc0000005 Fault offset: 0x00e0a8bc Faulting process id: 0xc10 Faulting application start time: 0x01cd4a2f6bf716d9 Faulting application path: C:\Program Files\Funcom\The Secret World\TheSecretWorldDX11.exe Faulting module path: C:\Program Files\Funcom\The Secret World\TheSecretWorldDX11.exe Report Id: 004d35c0-b62f-11e1-8719-b870f477edad Error - 6/14/2012 3:57:59 PM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program PowerDVD9.exe version 9.0.3216.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 504 Start Time: 01cd4a5d7061fe6a Termination Time: 48 Application Path: C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe Report Id: Error - 6/17/2012 12:05:58 AM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program FusionUI.exe version 2.0.1.117 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3bc Start Time: 01cd4c3e6cb2de0a Termination Time: 6 Application Path: C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUI.exe Report Id: bad238dc-b831-11e1-b7e9-b870f477edad Error - 6/17/2012 12:09:57 AM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program DFO.exe version 1.0.44.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ee8 Start Time: 01cd4c3edc4dfd74 Termination Time: 208 Application Path: C:\Nexon\DFO\DFO.exe Report Id: 47d8992c-b832-11e1-b7e9-b870f477edad Error - 6/17/2012 1:22:46 AM | Computer Name = Aryylas-PC | Source = Application Error | ID = 1000 Description = Faulting application name: DFO.exe, version: 1.0.44.1, time stamp: 0x4fd73d37 Faulting module name: DFO.exe, version: 1.0.44.1, time stamp: 0x4fd73d37 Exception code: 0xc0000005 Fault offset: 0x00a23998 Faulting process id: 0x644 Faulting application start time: 0x01cd4c4938532ffe Faulting application path: C:\Nexon\DFO\DFO.exe Faulting module path: C:\Nexon\DFO\DFO.exe Report Id: 7859f703-b83c-11e1-b7e9-b870f477edad Error - 6/26/2012 4:05:14 PM | Computer Name = Aryylas-PC | Source = SignInAssistant | ID = 0 Description = Error - 6/28/2012 8:06:37 PM | Computer Name = Aryylas-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x6b68e36c Faulting process id: 0xec8 Faulting application start time: 0x01cd55898e4c8606 Faulting application path: c:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe Faulting module path: filesystem_steam.dll Report Id: 4b01ab70-c17e-11e1-b8ea-b870f477edad Error - 6/28/2012 10:33:12 PM | Computer Name = Aryylas-PC | Source = SignInAssistant | ID = 0 Description = Error - 7/15/2012 5:39:41 PM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program Steam.exe version 1.0.1065.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: be0 Start Time: 01cd62b140507e08 Termination Time: 0 Application Path: C:\Program Files (x86)\Steam\Steam.exe Report Id: 910d6b67-cec5-11e1-8860-b870f477edad [ Media Center Events ] Error - 8/4/2012 3:52:27 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 3:52:27 AM - Failed to retrieve Directory (Error: Unable to connect to the remote server) Error - 8/4/2012 8:12:40 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 8:12:17 AM - Error connecting to the internet. 8:12:17 AM - Unable to contact server.. Error - 8/12/2012 5:57:43 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 5:57:43 AM - Failed to retrieve MCEClientUX (Error: Unable to connect to the remote server) Error - 8/12/2012 5:57:43 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 5:57:43 AM - Failed to retrieve SportsSchedule (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com') Error - 8/12/2012 5:57:43 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 5:57:43 AM - Failed to retrieve SportsV2 (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com') Error - 8/12/2012 11:07:14 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 5:57:43 AM - Failed to retrieve Broadband (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com') [ System Events ] Error - 6/5/2012 6:26:45 AM | Computer Name = Aryylas-PC | Source = DCOM | ID = 10010 Description = < End of report >

No need for any sorry! You are helping me out here! Contents of quarentine file from Combofix: 2012-09-02 18:14:16 . 2012-09-02 18:14:16 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ETDWare.reg.dat 2012-09-02 18:14:14 . 2012-09-02 18:14:14 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat 2012-09-02 18:12:17 . 2012-09-02 18:12:17 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-83345985.sys.reg.dat 2012-09-02 18:11:51 . 2012-09-02 18:11:51 101 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-PlayNC Launcher.reg.dat 2012-09-02 18:11:47 . 2012-09-02 18:11:47 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat 2012-09-02 17:55:17 . 2012-09-02 17:55:17 13,295 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-09-02 17:46:05 . 2012-09-02 17:46:05 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2007-11-07 12:03:18 . 2007-11-07 12:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir

System restore completed, I am now able to connect to the internet from the effected machine. Awaiting further instruction.

ok doing that now wil report back shortly

in regards to the internet access, it is not working wired or wireless. when i run windows network diagnostics it says there is not a valid ip configuration.

Ran combofix... now have no ability to connect to internet. It did not restore internet connection as it said it would. transferred log to my phone, which im posting from now. ComboFix-230790420.txt

No issues were found. Log claims it is too long to copy to the post itself so I am attaching it. TDSSKiller.2.8.8.0_02.09.2012_12.46.28_log.txt

I realized that was a rather silly question - I uninstalled both the 64 bit and 32 bit outdated versions that were on the machine and have updated to the latest version. Still uncertain why I was missing the update tab though! RKReport: RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Aryylas [Admin rights] Mode : Scan -- Date : 09/02/2012 11:50:17 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++ --- User --- [MBR] f3303991d5b74a996e8ec357ed534486 [bSP] cdd3c03a49747ac14386905d6b4f674b : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Mr Charlie Strangely enough my java control panel only has the other four tabs - no update tab. Should I just go directly to the Java website and download the latest version?

Good Morning, A very helpful forum member here helped me previously to clean up and remove a root kit and a trojan causing web redirects. At the time I had thought I was all set but later in the day the redirects started again. All scanning programs I was instructed to use continued to come up clean so I think the issue was just some residual clean up still needed. When I search in google I get redirected when clicking on results for example when searching for this forum and clicking on the link I was redirected to http://63.209.69.107/search/web/malwarebytes+computer+help/a22/46355-8911_1340/v5 (please do not click this link as I am sure it is full of nasty things - I am hoping that maybe the IP it is redirecting to can help someone in troubleshooting). I also get redirected to various other sites of the same type - click.getanswersfast, etc. Attach.txt DDS.txt