Jump to content


Photo
- - - - -

Internet Explorer infected with Livesearchnow redirect virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 Wyndwraith

Wyndwraith

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 January 2013 - 12:37 PM

Hello!

Last night, Google searches in Internet Explorer started randomly being redirected to other search engines, usually Livesearchnow.com. Searches in Chrome seem to be unaffected for now.

When I ran Malwarebytes, it found one file (Trojan.Happili) that I deleted. I've attached the log from that scan too. That didn't solve the problem, however. I've since done a full Malwarebytes and full McAfee scan that both came back clean, but the problem persists.

Attached Files



#2 TheDarkKnight

TheDarkKnight

    Elite Member

  • Trusted Advisors
  • PipPipPipPipPip
  • 1,126 posts
  • Gender:Male
  • Location:Gotham City
  • Interests:Malware Hunting, sport and of course listening to music ^_^

Posted 05 January 2013 - 04:10 PM

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please post the contents of the logs, as malware writers would like nothing more than to infect the computers of helpers, such as myself. Thanks!

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 Wyndwraith

Wyndwraith

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 January 2013 - 06:34 PM

No problem!

Logs are posted in the following order:
* Malwarebytes
* dds.txt
* attach.txt

--------------------------------------------------------------------------------


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.05.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Belisarius :: BYZANTIUM [administrator]

1/4/2013 11:34:47 PM
mbam-log-2013-01-04 (23-34-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232299
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Belisarius\AppData\Local\Temp\0.1243803411674812 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

-----------------------------------------------------------------------------


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Belisarius at 12:22:46 on 2013-01-05
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.5097 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: <No Name>: {0E4B7A1B-E325-4DB0-B6BF-68A892AB0962} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [PlayNC Launcher] <no file>
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{58BA7886-3C7A-44E1-92BA-9EB981D28175} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [UpdateUSB] C:\Windows\inf\UpdateUSB.exe
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 771096]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-9-25 339776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-9 236544]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 lxdx_device;lxdx_device;C:\Windows\System32\lxdxcoms.exe -service --> C:\Windows\System32\lxdxcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-4 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-4 682344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-25 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-25 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-25 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-25 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-25 241016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-25 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-9-25 177680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-7-9 92176]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-9-25 69672]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-4 24176]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-9-25 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-9-25 515528]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-6 391680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-13 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-9-12 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-1-4 25832]
S3 dc3d;USBCCGP filter driver (dc3d);C:\Windows\System32\drivers\dc3d.sys [2009-1-15 19968]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-27 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-9-25 106112]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-4 89920]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\TextPad.exe="C:\Program Files (x86)\TextPad 5\TextPad.exe" -s "%1" [UserChoice]
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-22 04:29:28 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 04:29:28 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-13 02:29:58 67413224 ----a-w- C:\Windows\System32\mrt.exe
2012-12-05 06:14:00 218624 ----a-w- C:\Windows\System32\bzpdf.dll
2012-12-05 06:14:00 139264 ----a-w- C:\Windows\SysWow64\bzpdfc.dll
2012-12-01 23:41:17 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-11-14 01:24:33 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-11-14 01:24:33 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-11-14 01:24:33 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-11-14 01:24:32 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-09 11:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-11-09 11:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-11-09 11:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe
2012-11-09 11:36:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-11-09 11:36:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-11-09 11:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-11-09 11:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-11-09 11:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-11-09 11:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 12:23:17.25 ===============

-------------------------------------------------------------------------------------


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2008 11:28:03 PM
System Uptime: 1/5/2013 5:19:55 AM (7 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q DELUXE
Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz | LGA 775 | 3166/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 334.224 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1
Age of Empires III - The Asian Dynasties Trial
AI Suite
AMD APP SDK Runtime
AMD Catalyst Install Manager
Anno 2070
ANNO 2070 DEMO
Apple Application Support
Apple Software Update
Assassin's Creed II
ASUSUpdate
Atom Zombie Smasher
Bastion
Bink and Smacker
BitTorrent
Borderlands
Bullzip PDF Printer 9.3.0.1516
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
Cave Story+
ccc-utility64
CCC Help English
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Crusader Kings II
Dangerous High School Girls in Trouble!
Dawn of Discovery
Dawn of Discovery - Venice
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Divine Divinity
Divine Wind version 5.1
Dragon Age: Origins - Ultimate Edition
DShow Viewer
Dungeon Defenders
EPU-6 Engine
Europa Universalis III
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.13.21
Fallout Mod Manager 0.9.14
Fallout: New Vegas
Freespace 2
Gnomoria Demo version 0.8.21
GOG.com Downloader
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto IV
Grand Theft Auto Vice City
GStreamer WinBuilds 0.10.6 (GPL)
Guild Wars
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HandBrake 0.9.8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Impulse
Impulse®
J2SE Runtime Environment 5.0 Update 10
Jade Empire
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 22
Juniper Networks Host Checker
Juniper Networks Network Connect 6.3.0
Juniper Networks Setup Client
Killing Floor
L.A. Noire: The Complete Edition
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.70.0.1100
Marvell Miniport Driver
Mass Effect
Mass Effect 2
McAfee AntiVirus Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NCsoft Launcher
Neverwinter Nights
NVIDIA PhysX
OpenAL
Origin
Pando Media Booster
Patrician IV: Rise of a Dynasty
Patrician IV: Steam Special Edition
PAYDAY: The Heist
PC Probe II
PCSX2 - Playstation 2 Emulator
Planescape - Torment
Plants vs. Zombies: Game of the Year
Portal
Portal 2
Prince of Persia: The Sands of Time
QuickTime
Railroad Tycoon 3
Realm of the Mad God
Red Faction: Guerrilla
RIFT
Rockstar Games Social Club
RollerCoaster Tycoon 3: Platinum!
Saints Row: The Third
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x64
Sims 3 - Nude Censor Remover
Sins of a Solar Empire Demo
Skype Toolbars
Skype™ 5.10
Space Rangers 2 Complete
SpaceChem
Spelling Dictionaries Support For Adobe Reader 9
Star Ruler
Steam
Sword of the Stars II
Sword of the Stars: Ultimate Collection
Team Fortress 2
Terraria
TextPad 5
The Settlers 7 - Paths to a Kingdom DEMO
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 World Adventures
The Witcher: Enhanced Edition
Trine 2
Tyrian 2000
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Victoria II
Vista Codec Package
Volume Panel
Windows Live ID Sign-in Assistant
Windows Sound Schemes
WinRAR archiver
X² All In One Bonus Package 1.04
X3 Bonus Package 3.1.07
XCOM: Enemy Unknown
Xfire (remove only)
YNAB 3
YNAB Pro version 2.9.6.0
.
==== End Of File ===========================

#4 TheDarkKnight

TheDarkKnight

    Elite Member

  • Trusted Advisors
  • PipPipPipPipPip
  • 1,126 posts
  • Gender:Male
  • Location:Gotham City
  • Interests:Malware Hunting, sport and of course listening to music ^_^

Posted 06 January 2013 - 06:10 AM

Good evening Wyndwraith. :)


Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply please provide the contents of the following logs:
  • ComboFix.txt.
  • AdwCleaner[R1].txt.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 Wyndwraith

Wyndwraith

    New Member

  • Members
  • Pip
  • 9 posts

Posted 06 January 2013 - 11:01 AM

I've run both ComboFix and AdwCleaner as instructed. Here are the logs:


ComboFix 13-01-05.01 - Belisarius 01/06/2013 10:37:18.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.5983 [GMT -5:00]
Running from: c:\users\Belisarius\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\cmdline.cfg
C:\Install.exe
c:\users\Belisarius\AppData\Local\Ascaron Entertainment\Apple Computer\gnscwgrmw.dll
c:\users\Belisarius\AppData\Local\assembly\tmp
c:\users\Belisarius\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD6F0B4A-2FA2-426C-8F1B-2B292D2F9AAF}.xps
c:\users\Belisarius\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE88F7D9-45B1-410E-9DC3-80C043ACAAA3}.xps
c:\users\Belisarius\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C0629BB5-E52F-40BE-9114-07AC6289B00F}.xps
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 15:50 . 2013-01-06 15:50 -------- d-----w- c:\users\Milka\AppData\Local\temp
2013-01-06 15:50 . 2013-01-06 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-05 16:50 . 2013-01-05 16:50 -------- d-----w- c:\windows\system32\appmgmt
2013-01-05 04:34 . 2013-01-05 04:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-05 04:34 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-22 17:59 . 2012-12-22 17:59 -------- d-----w- c:\users\Belisarius\AppData\Local\PDF Writer
2012-12-22 17:57 . 2008-01-21 02:46 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-12-22 17:56 . 2012-12-22 17:56 -------- d-----w- c:\users\Belisarius\AppData\Roaming\PDF Writer
2012-12-22 17:56 . 2012-12-22 17:56 -------- d-----w- c:\programdata\PDF Writer
2012-12-22 17:56 . 2012-12-22 17:56 -------- d-----w- c:\program files\Common Files\Bullzip
2012-12-22 17:56 . 2008-10-30 06:14 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-12-22 17:56 . 2008-07-09 06:14 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-12-22 17:56 . 2012-12-05 06:14 139264 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-12-22 17:56 . 2012-12-05 06:14 218624 ----a-w- c:\windows\system32\bzpdf.dll
2012-12-22 17:56 . 2012-12-22 17:56 -------- d-----w- c:\program files\Bullzip
2012-12-21 06:04 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:04 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 06:04 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:04 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 03:13 . 2012-12-21 03:16 -------- d-----w- c:\users\Belisarius\AppData\Roaming\Trine2
2012-12-13 02:26 . 2012-11-14 07:11 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-12-13 02:25 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 02:25 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2012-12-13 02:25 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 02:24 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 02:24 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 02:23 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 02:23 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-12-13 02:23 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-13 02:23 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 02:23 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 04:29 . 2012-04-09 03:21 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-22 04:29 . 2011-05-24 04:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 02:29 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe
2012-12-01 23:41 . 2012-12-01 23:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-14 01:24 . 2008-09-13 02:59 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-14 01:24 . 2008-09-13 02:59 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-11-14 01:24 . 2008-09-13 02:59 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-14 01:24 . 2008-09-13 02:59 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-11-09 11:40 . 2011-09-26 01:49 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 11:37 . 2011-09-26 01:49 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 11:37 . 2011-09-26 01:39 177680 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 11:36 . 2011-09-26 01:49 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 11:36 . 2011-09-26 01:49 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 11:35 . 2011-03-13 15:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 11:34 . 2011-09-26 01:49 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 11:34 . 2011-09-26 01:49 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 11:33 . 2011-03-13 15:20 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-19 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2010-05-06 51712]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"VolPanel"="c:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-05-06 47104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 03:15]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateUSB"="c:\windows\inf\UpdateUSB.exe" [2006-06-23 30720]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: geinfrastructure.com\time
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0E4B7A1B-E325-4DB0-B6BF-68A892AB0962} - c:\users\Belisarius\AppData\Local\Shellx86_x64.dll
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-KeyboardTrayProfile - c:\programdata\KeyboardTrayProfile.dll
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-Apple Computer - c:\users\Belisarius\AppData\Local\Ascaron Entertainment\Apple Computer\gnscwgrmw.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Impulse - c:\programdata\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\Impulse_setup.exe
AddRemove-Space Rangers 2 Complete - c:\program files (x86)\Stardock\Impulse\Impulse.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-943816074-3982256245-2976934357-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:fc,56,f5,29,ca,f5,e8,2b,5a,5a,be,ff,c1,b1,b3,28,17,c3,3f,ac,5d,c2,76,
89,39,83,d4,b1,7e,ba,e8,fd,05,f6,9f,a3,08,ee,18,16,f5,3f,9b,d3,d5,64,f7,38,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-943816074-3982256245-2976934357-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,13,6f,32,f1,a0,4f,06,bb,3d,47,46,c2,84,d1,4e,11,6f,be,86,b5,
11,c6,95,e4,e3,80,51,e9,8f,85,85,27,f4,23,30,e9,50,8c,27,69,ac,3d,13,50,d5,\
"rkeysecu"=hex:e5,50,3b,a4,dc,0c,5e,71,0f,e3,cc,95,9f,82,4a,4c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2013-01-06 10:53:21
ComboFix-quarantined-files.txt 2013-01-06 15:53
.
Pre-Run: 359,941,025,792 bytes free
Post-Run: 358,606,155,776 bytes free
.
- - End Of File - - 42D0312B8416002C7EBE909B22188AFC



# AdwCleaner v2.104 - Logfile created 01/06/2013 at 10:59:10
# Updated 29/12/2012 by Xplode
# Operating system : Windows ™ Vista Ultimate Service Pack 2 (64 bits)
# User : Belisarius - BYZANTIUM
# Boot Mode : Normal
# Running from : C:\Users\Belisarius\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [859 octets] - [06/01/2013 10:59:10]

########## EOF - C:\AdwCleaner[R1].txt - [918 octets] ##########

#6 TheDarkKnight

TheDarkKnight

    Elite Member

  • Trusted Advisors
  • PipPipPipPipPip
  • 1,126 posts
  • Gender:Male
  • Location:Gotham City
  • Interests:Malware Hunting, sport and of course listening to music ^_^

Posted 06 January 2013 - 03:35 PM

Good morning Wyndwraith. :)

Please do the following to re-run AdwCleaner:
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

=====

Also, please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

====

In your reply please provide the contents of the following logs:
  • AdwCleaner[R1].txt.
  • OTL.txt.
  • Extras.txt.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#7 Wyndwraith

Wyndwraith

    New Member

  • Members
  • Pip
  • 9 posts

Posted 06 January 2013 - 04:30 PM

I've run AdwCleaner in delete mode and OTL. Logs for AdwCleaner[S1].txt and OTL.txt are as follows.
Extras.txt will be in the next post

---------------------------------------------------------

# AdwCleaner v2.104 - Logfile created 01/06/2013 at 16:00:30
# Updated 29/12/2012 by Xplode
# Operating system : Windows ™ Vista Ultimate Service Pack 2 (64 bits)
# User : Belisarius - BYZANTIUM
# Boot Mode : Normal
# Running from : C:\Users\Belisarius\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [984 octets] - [06/01/2013 10:59:10]
AdwCleaner[S1].txt - [824 octets] - [06/01/2013 16:00:30]

########## EOF - C:\AdwCleaner[S1].txt - [883 octets] ##########

------------------------------------------------------


OTL logfile created on: 1/6/2013 4:07:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Belisarius\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.35% Memory free
16.05 Gb Paging File | 13.88 Gb Available in Paging File | 86.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 334.76 Gb Free Space | 35.94% Space Free | Partition Type: NTFS

Computer Name: BYZANTIUM | User Name: Belisarius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 15:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Belisarius\Desktop\OTL.exe
PRC - [2011/10/18 20:00:25 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/03/26 21:58:08 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/09/12 22:20:52 | 000,615,424 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe
PRC - [2008/08/06 15:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
PRC - [2008/06/03 00:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2008/05/21 12:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 20:00:25 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008/09/12 22:20:53 | 000,204,851 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\PowerDll.dll
MOD - [2008/09/12 22:20:53 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2008/09/12 22:20:52 | 000,615,424 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe
MOD - [2008/09/12 22:20:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\cpuutil.dll
MOD - [2008/06/03 00:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
MOD - [2008/05/21 12:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2008/02/25 14:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2007/01/03 21:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll
MOD - [2005/05/11 15:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/11/09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/07/09 21:38:07 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/10/16 18:10:46 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV:64bit: - [2008/01/20 21:50:31 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV:64bit: - [2008/01/20 21:50:31 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/19 18:36:54 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/13 20:18:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/04 00:55:59 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/26 21:58:08 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/09/12 21:59:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/11/09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/07/09 21:38:48 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/07/09 21:38:17 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/09 21:38:17 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/09 21:37:50 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/05/06 04:21:40 | 000,122,384 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/22 22:36:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/06/22 22:36:36 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/26 21:41:04 | 000,029,184 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dsNcAdX64.sys -- (dsNcAdpt)
DRV:64bit: - [2009/01/15 09:49:30 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\dc3d.sys -- (dc3d)
DRV:64bit: - [2007/12/06 08:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/10/31 10:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 7F D1 DA 01 EB CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/21 11:29:06 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Gmail = C:\Users\Belisarius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/06 10:50:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Reg Error: Value error.) - {0E4B7A1B-E325-4DB0-B6BF-68A892AB0962} - C:\Users\Belisarius\AppData\Local\Shellx86_x64.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [UpdateUSB] C:\Windows\inf\UpdateUSB.exe (AsusTek Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: geinfrastructure.com ([time] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58BA7886-3C7A-44E1-92BA-9EB981D28175}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Belisarius\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Belisarius\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.l3codec - c:\windows\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 16:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/01/06 16:04:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/06 15:57:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Belisarius\Desktop\OTL.exe
[2013/01/06 10:53:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/06 10:33:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/06 10:33:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/06 10:33:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/06 10:33:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/06 10:32:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/06 10:29:16 | 005,019,547 | R--- | C] (Swearware) -- C:\Users\Belisarius\Desktop\ComboFix.exe
[2013/01/05 12:20:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Belisarius\Desktop\dds.com
[2013/01/05 12:20:24 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Belisarius\Desktop\dds.scr
[2013/01/05 11:50:20 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\Desktop\RK_Quarantine
[2013/01/05 11:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/04 23:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/04 23:34:07 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/04 23:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/04 08:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/22 12:59:42 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\Desktop\Insurance Stuff
[2012/12/22 12:59:21 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\AppData\Local\PDF Writer
[2012/12/22 12:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
[2012/12/22 12:56:37 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzFlRdr.dll
[2012/12/22 12:56:37 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzDCT.dll
[2012/12/22 12:56:37 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\AppData\Roaming\PDF Writer
[2012/12/22 12:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2012/12/22 12:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2012/12/22 12:56:35 | 000,139,264 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll
[2012/12/22 12:56:29 | 000,218,624 | ---- | C] (Bullzip) -- C:\Windows\SysNative\bzpdf.dll
[2012/12/22 12:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2012/12/21 01:04:49 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 01:04:49 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/21 01:04:49 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 01:04:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/20 22:13:06 | 000,000,000 | ---D | C] -- C:\Users\Belisarius\AppData\Roaming\Trine2
[2012/12/12 21:28:02 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/12 21:28:02 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012/12/12 21:28:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/12 21:28:01 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/12 21:28:01 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/12 21:28:01 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/12 21:28:01 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/12 21:26:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 21:26:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 21:26:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 21:26:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 21:26:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 21:26:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 21:26:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 21:26:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 21:26:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 21:26:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 21:26:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 21:26:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 21:26:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 21:26:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 21:26:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 21:25:22 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 21:23:50 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 21:23:50 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 21:23:50 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012/12/12 21:23:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012/12/12 21:23:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/06 16:11:12 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/01/06 16:05:52 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 16:04:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 16:04:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 16:03:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/06 16:02:59 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
[2013/01/06 16:02:59 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
[2013/01/06 16:02:59 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
[2013/01/06 15:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Belisarius\Desktop\OTL.exe
[2013/01/06 15:55:56 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/06 10:50:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/06 10:29:18 | 005,019,547 | R--- | M] (Swearware) -- C:\Users\Belisarius\Desktop\ComboFix.exe
[2013/01/06 10:23:01 | 000,551,997 | ---- | M] () -- C:\Users\Belisarius\Desktop\adwcleaner.exe
[2013/01/06 00:50:39 | 000,379,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/05 12:20:31 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Belisarius\Desktop\dds.com
[2013/01/05 12:20:24 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Belisarius\Desktop\dds.scr
[2013/01/05 11:44:45 | 000,761,856 | ---- | M] () -- C:\Users\Belisarius\Desktop\RogueKiller.exe
[2013/01/04 23:34:12 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 08:53:50 | 000,002,031 | ---- | M] () -- C:\Users\Belisarius\Desktop\Google Chrome.lnk
[2012/12/22 23:33:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/12/21 23:29:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/21 23:29:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/16 08:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/16 06:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/15 09:39:05 | 000,824,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/15 09:39:05 | 000,688,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/15 09:39:05 | 000,137,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/11 23:06:58 | 998,003,357 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/06 10:33:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/06 10:33:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/06 10:33:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/06 10:33:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/06 10:33:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/06 10:22:56 | 000,551,997 | ---- | C] () -- C:\Users\Belisarius\Desktop\adwcleaner.exe
[2013/01/05 11:44:41 | 000,761,856 | ---- | C] () -- C:\Users\Belisarius\Desktop\RogueKiller.exe
[2013/01/04 23:34:12 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 08:53:50 | 000,002,031 | ---- | C] () -- C:\Users\Belisarius\Desktop\Google Chrome.lnk
[2012/12/22 23:33:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/12/12 21:28:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 21:28:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/11 23:06:58 | 998,003,357 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/09 21:37:57 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/02/13 00:08:56 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
[2012/02/13 00:08:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
[2012/02/13 00:08:56 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
[2012/02/10 17:38:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/25 11:31:06 | 000,184,434 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\census.cache
[2011/09/25 11:31:03 | 000,161,355 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\ars.cache
[2011/09/25 11:26:36 | 000,000,036 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\housecall.guid.cache
[2011/09/25 10:23:49 | 000,007,160 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\d3d9caps.dat
[2011/06/29 22:21:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/14 12:18:08 | 000,000,632 | RHS- | C] () -- C:\Users\Belisarius\ntuser.pol
[2008/09/21 13:50:20 | 000,000,098 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\fusioncache.dat
[2008/09/13 17:43:37 | 000,136,192 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/12 16:46:20 | 000,000,732 | ---- | C] () -- C:\Users\Belisarius\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2013/01/06 10:59:15 | 000,000,984 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/01/06 16:00:36 | 000,000,949 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/09/12 23:24:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2013/01/06 10:53:21 | 000,017,321 | ---- | M] () -- C:\ComboFix.txt
[2009/12/10 19:58:49 | 000,042,945 | ---- | M] () -- C:\CTSUFile.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 10:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2013/01/06 16:03:46 | 312,602,622 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#8 Wyndwraith

Wyndwraith

    New Member

  • Members
  • Pip
  • 9 posts

Posted 06 January 2013 - 04:31 PM

Extras.txt log follows:

--------------------------------------------------------


OTL Extras logfile created on: 1/6/2013 4:07:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Belisarius\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.35% Memory free
16.05 Gb Paging File | 13.88 Gb Available in Paging File | 86.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 334.76 Gb Free Space | 35.94% Space Free | Partition Type: NTFS

Computer Name: BYZANTIUM | User Name: Belisarius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 0F 71 3F BD A7 E5 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6DE569-F7E0-4FBF-89AC-453973A6F036}" = lport=59116 | protocol=17 | dir=in | name=pando media booster |
"{1B9B1246-182F-4ADA-A2A3-2B6A258E13A0}" = lport=21 | protocol=6 | dir=in | app=c:\windows\system32\inetsrv\inetinfo.exe |
"{3014E520-C9FE-4C84-81F5-712388D330A6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3EEC79AF-B799-4464-8FD6-35F2C06A7141}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B44BA3A5-7ACA-4B7F-AC73-E714DB74D689}" = lport=59116 | protocol=6 | dir=in | name=pando media booster |
"{D2C845B8-3013-4ADA-8D20-65B1B224D0BB}" = lport=59116 | protocol=17 | dir=in | name=pando media booster |
"{E527B72A-E092-4457-AF1C-421DE3E82B3F}" = lport=59116 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003675EE-06FE-499E-94B1-76D97C64BD55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{02152733-4626-4359-9E5E-8D4D60CCBCC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{0436B6EB-568F-465B-B39E-950FBC486059}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacechem\spacechem.exe |
"{05A44116-868A-416C-BA19-E1B7C9428833}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{05C38FA2-A8D6-40F1-A84D-364D502D3C19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{05F8FFF4-8206-4A6D-992F-DA46CCAE6F76}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{073A7901-DC57-4D33-B884-AE5A4237EE0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe |
"{082A58F9-78BD-46C0-8A1D-BFDE8DF72F67}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe |
"{09F173F3-4095-406A-A898-66612C9F556D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\addon.exe |
"{0A3CB196-463B-4F65-95C2-56B02FF1EDC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{0B244AFD-3E2D-4643-918F-EF008D0E6848}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
"{0D622203-7C50-44A2-A843-9163575F8E59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2 free to play\smp.exe |
"{0DB7E2BD-7116-4205-BACF-529C88DD1F92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{0E48F2A3-F403-4993-80B5-8B61408B2966}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip warlord\dedicated server\igwarlord.exe |
"{109E3F2C-A864-4D57-90DA-A321AF80C22E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{149C4CD9-3B8C-4190-AF28-944D3CD7A091}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe |
"{15F45AE4-EA92-45AA-8E9D-D8AC8ED3338E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{170D40E9-23BA-4F16-A40D-0EEA8FFB8469}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{19492C4C-B712-4DA4-A990-78888F264BAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{1A75F49A-DD70-4AF1-B49F-3D1C5EEFC66C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{1AB07A56-BA1E-4D24-9B88-C493F1A4CA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{1FD69528-15E4-4E30-B839-EB28BD845379}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe |
"{22E5A601-2D27-4405-AED0-63AC8807D8B8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{245924B0-03FA-480E-8C40-B084AE3017D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{24BC26CD-C957-406E-8BF0-3FCB0AE45E8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{267D9FBB-FE4C-4972-8D41-EB0AB945BBC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{26DE9335-E337-40FF-BDF6-6F2ECF9127ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2 free to play\smp.exe |
"{26F51786-3D16-4942-A8E4-5AEBB1E7E8C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{292EC23D-ECC7-4450-9460-4EBDC87510B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{2A8B361A-F833-4518-9BD8-2AE511FCA83E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{2BA138F5-0880-412E-BB32-99423C10CEF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\victoria2.exe |
"{2DC8701E-674E-4E7A-8B5A-D7872E1CF472}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{2DE08D9F-1281-4601-816E-B234EE160DDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{2E2FD915-0D80-4768-AF7E-545433C9EBEA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2F7BE6CD-F759-4097-B475-6E62B85FADC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\patrician iv\patrician4.exe |
"{3080A012-F145-480A-B4F2-5BA928F97020}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{35C75944-A08B-4B0E-BC19-D17F57EA1EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
"{35F485E6-5A16-46E5-B4D8-64600D4E6098}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{376DB214-94B6-48AD-ACE4-D53ABD738B02}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3BF7E2C5-114E-4C80-B957-241D1A53FFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sword of the stars ii\bin\x86\sots2.exe |
"{3C5B2EAB-2DD1-4944-8135-171C3B85BF1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{3D50742D-E73D-4E1E-9527-E91640D78EB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{3E64FB25-401A-43A3-82D6-9CE64498BDD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{3E8CC167-2107-4830-86D5-F842952960AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
"{3FB0BBB9-E35D-4C9C-881A-FC7E4687272A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{40D40DD5-9F4C-4052-B8CF-48F2F3E11167}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{443A34B9-6C91-436F-ABAD-A03873935074}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{459DE8C4-42B9-496D-BD67-DCAAB0982C14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{46FDC61D-C393-4EA6-A112-A9D8D3851EB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{48637371-6B9F-4C26-A2DA-3101FCE131D0}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{491C54FA-CB45-4654-8A90-610CD333F18C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4B879F8C-E02F-4D4A-89F5-2F1C57EFCD26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
"{4C85A560-5E70-4550-93A7-57DA7964A77F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 3\rt3.exe |
"{4ED1692A-58A1-442B-872A-8F6338B2ABAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{531949E2-4225-42A9-81E7-DEFC82AA9233}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{53BD1835-D37B-4203-9ED0-EA01814C64FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_quickstart.pdf |
"{5B70C685-565A-4971-8562-505880C8269E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sword of the stars ii\bin\x86\sots2.exe |
"{5CB33CE0-910D-421A-BB31-71B5C091BC0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{604917D6-8A09-4443-BBFA-E06E1BA4A09B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"{615451A9-19A5-4878-965D-143B178278D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\victoria2.exe |
"{634B804A-FFE2-402E-85DD-C4D8B57B450C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{6407C174-C4DF-4F13-8A61-9686C204DBF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{65158685-E143-4553-B443-63D93C3F6CE7}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{65ABCC43-955E-458C-B9AF-F34D1CC9B48C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star ruler\starruler.exe |
"{65C5D96E-7826-43A3-BF44-0EA46064067B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6799535C-BEA0-4086-9318-FD6F092413E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{68C09BE7-C97C-4A1D-BF6E-396E5EDB2C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{6AB39AA7-F159-42CA-8BC4-214E9538C7DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{6E2EFD28-6216-49E4-9A62-B568D12C64D2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\anno4.exe |
"{6EAA1227-A8DE-4C11-BFE8-E9E68BC7D686}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\anno4web.exe |
"{6EBC5C4D-A811-417A-BE25-C7D1D6578AA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{6F05AF84-31F8-44B0-85F4-3C80D27C27B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{766C53C2-9397-4BB4-AF26-72C060C99A6C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe |
"{780AEAFB-399A-4AA5-B09A-68136AE79AA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip warlord\dedicated server\igwarlord.exe |
"{78EEE5E4-F8C8-422A-AC60-F2E057A3B001}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{7A084ED7-F878-4F82-84B4-A44A6C7FCFFB}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire demo\sins of a solar empire.exe |
"{7B8DDA2F-24CD-448D-996C-90FC68FD2E84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{813D9F2B-E254-49C8-988F-8FCB2BC9E961}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{8262A927-E526-45F0-B6FE-1A45A2D6ACB5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{831C001B-EAC1-43FC-AA4F-196172CC9B05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{83A82055-0782-4FDC-B019-24F9B60BD599}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\anno4web.exe |
"{886D3AAC-9E94-4C5C-893F-FA17790132B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\patrician iv\patrician4.exe |
"{8960A879-D668-481C-A4FA-580E848139EB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\addonweb.exe |
"{8EBACF35-F543-4A2B-97FF-8DF26DA168F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{8FA566F1-E65E-4B10-BEE0-ABB573261441}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{92DD8615-9DDE-4166-AAA1-AB910C2C281D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\demo\the settlers 7 - paths to a kingdom demo\data\base\_dbg\bin\release\settlers7r.exe |
"{93B100A5-A369-4AFB-BDDC-8BB5AB7B3F47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{973D6288-F903-43D0-AF36-8BD6E2BB33E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\addon.exe |
"{9B31C940-6096-4A70-B1B4-E4E4350B2FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{9C579443-1DF4-4DEA-AAE3-7CEC380A2FF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{A2C358FF-1E55-4711-8CF6-F0B5EF6CF1F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sword of the stars\sword of the stars.exe |
"{A5091267-9057-43B5-B2A8-96472ECEF3BA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\anno4.exe |
"{A744B044-CA49-4210-AB6F-18D3F00B6DD5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\demo\the settlers 7 - paths to a kingdom demo\data\base\_dbg\bin\release\settlers7r.exe |
"{AE7FF0E9-0C0F-4DCE-9474-C931F9F881FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{AEB29A56-257D-4A5D-AF3A-633166E79B28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{AF96BD4E-5E98-4E5F-AEBF-99B5C4C8C7B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{B12C86E3-DBA8-4899-8056-95C9635A3398}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B136838F-2E61-4942-AB91-EB0A925DB092}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\patrician iv\patrician4_addon.exe |
"{B372D482-2199-435D-9788-4F2119A8F6C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe |
"{B3A4E4AA-07EB-4399-B45D-24FE15AED848}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{B5179A6C-D35B-46E8-BECC-95567CE1F8EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_manual_steam_english.pdf |
"{B5F65539-2EC9-4279-B0F0-CF8C3B70676D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B659CF73-6C80-441C-9964-788EB16D7BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"{B782E2F4-70A7-4577-A8DB-FA1FC9E3F43B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAD11C72-8412-470C-9642-C689EC20DF1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{BB6FA8D9-AA01-4814-A605-9CB476282B73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
"{BCA8E711-6638-4BB7-B942-16AC22BEAC9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_quickstart.pdf |
"{BDFFE099-B8CB-4491-BA88-C5C99BEC19F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{BF602329-0E43-45AC-91E5-C1E5156EE736}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{C1B65344-C3FE-4AED-A1A5-8E5E444861A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C21F0410-E5EE-4047-BF8B-44CE860475FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{C33552C3-8ACF-4851-9255-20A416C2A57E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery\tools\addonweb.exe |
"{C8E4DAC0-5687-42C4-A887-57F5D7A48456}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C99A1FDB-DAD8-44E4-ABA8-C7A4D6D16C34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\patrician iv\patrician4_addon.exe |
"{CC3C8056-AE9F-4618-8792-F23168D94029}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{CE02C983-F435-42E7-A9EF-6DA28FA5B2A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
"{CF3A0820-D530-43BE-B753-6EB7A2C1B9FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sword of the stars\sword of the stars.exe |
"{D1700A83-EAB0-460D-BC40-71E27E17C2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{D49FFC12-E0FE-4E2C-8A0A-8E1A21A9EF24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x3 - reunion\x3_reunion_manual_steam_english.pdf |
"{D6381741-A2CB-4ABD-967F-BD5B3E5E880F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{D87CAAA2-C6E4-42C1-B63C-3DE4C73E3C79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{D956DDD6-726B-40D6-B3D2-68729630563D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{DB3C88B3-D4D1-46A3-B73B-9AEAECAA35FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{DBE4DBDF-B511-4081-9046-58A6253B7F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"{DCE4AB55-4ED1-4B8F-96BC-CA5703A483F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{DE8D8C9E-1BBF-4415-982A-C07EB2821D30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe |
"{E17631E4-A1BF-4299-ACDA-D27EC5D78C64}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E503B2F1-D4A4-4D5F-B31C-1FFFFD0F3B44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{E6CD9285-DDE9-46CA-A11C-7D6168F8C77A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railroad tycoon 3\rt3.exe |
"{E7246669-B316-4B75-B5CE-B570E8C5FA0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star ruler\starruler.exe |
"{EA48DA2E-59E8-4E97-AB98-CA1416B28AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{EBBDF3E1-921B-4EBD-BA86-864238242AB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe |
"{F2C23B7B-C438-4666-9202-850E3BA5D3B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{F33CE2DF-4C02-4E2F-BBCA-829757A12D90}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F6D2A9E2-CE23-4C24-A2F4-720F9922FFFF}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire demo\sins of a solar empire.exe |
"{F7D613D0-4838-4B45-B772-F74731A5F278}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{F96D8090-0940-42BB-9627-8B16F3E1D2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FD514EB8-73F9-4890-8973-0DCF9D6A4623}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacechem\spacechem.exe |
"{FD714C6C-4A72-4E1D-81AE-BCFCA9770AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{FEC94BEF-5C45-4C35-954C-5CEAD38BE9C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{FF7044AE-097A-4B94-A0B8-754E34AB8CFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"TCP Query User{0062B45E-7053-4C46-9F2D-2C59A4AFD68E}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{07917B7C-21D9-40C3-B569-50437E01796F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{15ADE506-BBF1-4CDD-ACEF-4409D4487248}C:\program files (x86)\steam\steamapps\common\victoria 2\v2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\v2game.exe |
"TCP Query User{42AE63A9-B2CC-4F25-9A3C-0543B3F0B9B8}C:\program files (x86)\gog.com\freespace 2\fs2_open_3_6_10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2_open_3_6_10.exe |
"TCP Query User{52B38D0D-4F68-47F6-B344-2F60AE51F1EC}C:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
"TCP Query User{6BBED0A5-950B-4281-A22D-4DA7A30C52CD}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe |
"TCP Query User{7CF9B8E5-0C49-4326-9C91-0897E6708594}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{892EB2BF-82D7-40E6-8A26-052B08E65F9E}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe |
"TCP Query User{999F5AEF-BC24-46D0-BDFA-9F3CCA0ECD02}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe |
"TCP Query User{9D0F9987-0444-4850-82B9-07065287BBED}C:\users\belisarius\downloads\games\diablo3-monktrailer_en-us-downloader.exe" = protocol=6 | dir=in | app=c:\users\belisarius\downloads\games\diablo3-monktrailer_en-us-downloader.exe |
"TCP Query User{9DB1672B-3AF7-42AD-8D94-2EFC55D77805}C:\program files (x86)\gog.com\freespace 2\fs2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2.exe |
"TCP Query User{BA029574-0C60-408A-B77B-E352E9DFEFE4}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"TCP Query User{C70A5FC3-598B-4ECF-BE4F-D2A3647212F3}C:\program files (x86)\1701 a.d. demo\1701_demo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1701 a.d. demo\1701_demo.exe |
"TCP Query User{D8BEB993-D899-47EB-A03B-C5AD48E253D2}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{D9A05FAD-B25C-4C5D-8C2F-B1309A91FA37}C:\program files (x86)\steam\steamapps\wyndwraith\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\wyndwraith\team fortress 2\hl2.exe |
"TCP Query User{DC76F1C4-A68F-46C4-8566-75B179A017F7}C:\program files (x86)\neverwinternights\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\program files (x86)\neverwinternights\nwn\nwmain.exe |
"TCP Query User{E6BEDB7F-41ED-4D09-83A1-120AA964D256}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{03C5D8AC-A999-41CA-8BAC-37BB86EFC7C9}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{1AB730F5-D2E5-45C7-8197-6A9C8A5B6B4B}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"UDP Query User{31EAA966-7138-4E9C-82C0-9A8223B91782}C:\program files (x86)\1701 a.d. demo\1701_demo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1701 a.d. demo\1701_demo.exe |
"UDP Query User{3F43E0B1-05F6-431A-95B0-DE0A4F0E520C}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{40562B85-3D2F-45DB-BB61-B0573A6981D2}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe |
"UDP Query User{48FB5DD4-158E-4228-9285-35D0CB0482DE}C:\program files (x86)\gog.com\freespace 2\fs2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2.exe |
"UDP Query User{549D072A-AE19-42CD-A2F5-C3B4F6B3E78F}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe |
"UDP Query User{63BD542D-DBA7-4C46-A652-4DE68280B478}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe |
"UDP Query User{652D1969-9E01-4926-815E-11E15B2442DA}C:\program files (x86)\neverwinternights\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\program files (x86)\neverwinternights\nwn\nwmain.exe |
"UDP Query User{7015D25D-D820-40C4-B78A-028F2FE38C0A}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{76394802-BE1C-4622-AD7E-4BE56007976D}C:\program files (x86)\gog.com\freespace 2\fs2_open_3_6_10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\freespace 2\fs2_open_3_6_10.exe |
"UDP Query User{78C17655-2C6A-4E57-8DDF-4D2B018C7C5A}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{93997DD2-F692-44F0-9BF2-4BE0D054B409}C:\program files (x86)\steam\steamapps\wyndwraith\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\wyndwraith\team fortress 2\hl2.exe |
"UDP Query User{A245ED83-D695-4FFD-AD04-17023ACFD4DF}C:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
"UDP Query User{BAFDAE93-DA2B-4EAC-BCA7-49613511E429}C:\program files (x86)\steam\steamapps\common\victoria 2\v2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\victoria 2\v2game.exe |
"UDP Query User{DDEC548C-A315-4681-BCCD-F8CC8F5B3B62}C:\users\belisarius\downloads\games\diablo3-monktrailer_en-us-downloader.exe" = protocol=17 | dir=in | app=c:\users\belisarius\downloads\games\diablo3-monktrailer_en-us-downloader.exe |
"UDP Query User{FE81C9E8-77AF-48BC-8FCD-456ADE84FC98}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"UltSounds" = Windows Sound Schemes

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29BAD36F-F421-40F8-A128-E03382E59C70}" = Sins of a Solar Empire Demo
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{37DE9416-B259-4F40-8E8A-E6CAD69CB6BC}" = Dawn of Discovery - Venice
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = Catalyst Control Center
"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader
"{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54510837-BD04-4C32-9676-DB1000028201}" = Red Faction: Guerrilla
"{54510837-BD04-4C32-9676-DB1000028202}" = Red Faction: Guerrilla
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{57E71837-2A09-42B3-AAF6-FDFEF0DCFDDB}" = Dawn of Discovery
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial
"{6A09EC92-016B-4032-8CF1-6840B20C254A}" = Dawn of Discovery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93F2D1C-9146-41BC-B662-60DB662B1FFA}_is1" = Gnomoria Demo version 0.8.21
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B59D7E45-401F-9542-965A-5B76915B6E6A}" = YNAB 3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BABA6E74-615B-4105-A39C-EF20E99DB79B}" = GStreamer WinBuilds 0.10.6 (GPL)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C2E5BF6B-2DB2-4D18-BB27-75C20CC35A96}" = The Settlers 7 - Paths to a Kingdom DEMO
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"Bink and Smacker" = Bink and Smacker
"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader
"com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Volume Panel
"Divine Divinity_is1" = Divine Divinity
"Divine Wind_is1" = Divine Wind version 5.1
"DShow Viewer" = DShow Viewer
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.14
"Freespace 2_is1" = Freespace 2
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"HandBrake" = HandBrake 0.9.8
"Impulse" = Impulse
"Impulse®" = Impulse®
"InstallShield_{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2008b" = Microsoft Money Plus
"MSC" = McAfee AntiVirus Plus
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator
"Planescape - Torment" = Planescape - Torment
"Rockstar Games Social Club" = Rockstar Games Social Club
"Space Rangers 2 Complete" = Space Rangers 2 Complete
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 110800" = L.A. Noire: The Complete Edition
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 13600" = Prince of Persia: The Sands of Time
"Steam App 17460" = Mass Effect
"Steam App 200210" = Realm of the Mad God
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 200900" = Cave Story+
"Steam App 203770" = Crusader Kings II
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 220" = Half-Life 2
"Steam App 22300" = Fallout 3
"Steam App 22380" = Fallout: New Vegas
"Steam App 24240" = PAYDAY: The Heist
"Steam App 24980" = Mass Effect 2
"Steam App 25800" = Europa Universalis III
"Steam App 25860" = Sword of the Stars: Ultimate Collection
"Steam App 2700" = RollerCoaster Tycoon 3: Platinum!
"Steam App 27400" = Dangerous High School Girls in Trouble!
"Steam App 33230" = Assassin's Creed II
"Steam App 35720" = Trine 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42960" = Victoria II
"Steam App 42990" = Sword of the Stars II
"Steam App 440" = Team Fortress 2
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 48240" = Anno 2070
"Steam App 550" = Left 4 Dead 2
"Steam App 55040" = Atom Zombie Smasher
"Steam App 55230" = Saints Row: The Third
"Steam App 57620" = Patrician IV: Steam Special Edition
"Steam App 57730" = Patrician IV: Rise of a Dynasty
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"Steam App 70900" = Star Ruler
"Steam App 7110" = Jade Empire
"Steam App 7610" = Railroad Tycoon 3
"Steam App 8980" = Borderlands
"Steam App 92800" = SpaceChem
"Tyrian 2000_is1" = Tyrian 2000
"WinRAR archiver" = WinRAR archiver
"x2_allinone_bonus_package_is1" = X² All In One Bonus Package 1.04
"X3 Bonus Package_is1" = X3 Bonus Package 3.1.07
"Xfire" = Xfire (remove only)
"xSIMS_Censor_Remover_TS3" = Sims 3 - Nude Censor Remover
"YNAB_Pro_is1" = YNAB Pro version 2.9.6.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Sins of a Solar Empire Demo" = Sins of a Solar Empire Demo

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2013 3:36:39 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000
Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297,
faulting module gnscwgrmw.dll, version 4.0.31106.0, time stamp 0x4af3af84, exception
code 0xc0000005, fault offset 0x000020e7, process id 0xee4, application start time
0x01cdebe04c4794bb.

Error - 1/6/2013 3:39:50 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000
Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000281, process id 0x994, application start time 0x01cdebe0d0c9da4b.

Error - 1/6/2013 3:39:52 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000
Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297,
faulting module gnscwgrmw.dll, version 4.0.31106.0, time stamp 0x4af3af84, exception
code 0xc0000005, fault offset 0x000020e7, process id 0x994, application start time
0x01cdebe0d0c9da4b.

Error - 1/6/2013 4:09:46 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000
Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000284, process id 0x9fc, application start time 0x01cdebe4f0b5196b.

Error - 1/6/2013 4:09:50 AM | Computer Name = Byzantium | Source = Application Error | ID = 1000
Description = Faulting application v2game.exe, version 0.0.0.0, time stamp 0x4f8ee297,
faulting module gnscwgrmw.dll, version 4.0.31106.0, time stamp 0x4af3af84, exception
code 0xc0000005, fault offset 0x000020e7, process id 0x9fc, application start time
0x01cdebe4f0b5196b.

Error - 1/6/2013 12:28:05 PM | Computer Name = Byzantium | Source = Windows Search Service | ID = 3013
Description =

Error - 1/6/2013 12:56:03 PM | Computer Name = Byzantium | Source = System Restore | ID = 8193
Description =

Error - 1/6/2013 5:05:29 PM | Computer Name = Byzantium | Source = WinMgmt | ID = 10
Description =

Error - 1/6/2013 5:11:20 PM | Computer Name = Byzantium | Source = Windows Search Service | ID = 3013
Description =

Error - 1/6/2013 5:11:20 PM | Computer Name = Byzantium | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 1/5/2013 12:56:30 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7022
Description =

Error - 1/5/2013 1:08:29 AM | Computer Name = Byzantium | Source = DCOM | ID = 10005
Description =

Error - 1/5/2013 1:08:29 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7009
Description =

Error - 1/5/2013 1:08:29 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7000
Description =

Error - 1/5/2013 4:39:41 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7011
Description =

Error - 1/6/2013 11:20:36 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7011
Description =

Error - 1/6/2013 11:44:29 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7030
Description =

Error - 1/6/2013 11:50:05 AM | Computer Name = Byzantium | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 1/6/2013 11:50:44 AM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7030
Description =

Error - 1/6/2013 5:05:30 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#9 TheDarkKnight

TheDarkKnight

    Elite Member

  • Trusted Advisors
  • PipPipPipPipPip
  • 1,126 posts
  • Gender:Male
  • Location:Gotham City
  • Interests:Malware Hunting, sport and of course listening to music ^_^

Posted 07 January 2013 - 02:47 AM

Hello Wyndwraith,

Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
    O15 - HKCU\..Trusted Domains: geinfrastructure.com ([time] https in Trusted sites)

    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Is the issue still present?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#10 Wyndwraith

Wyndwraith

    New Member

  • Members
  • Pip
  • 9 posts

Posted 07 January 2013 - 07:43 PM

I ran OTL.exe with the custom scans as instructed and clicking Run Fix, but it closed with an APPCRASH error instead of opening a log. I tried rerunning a scan after that and none of

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: geinfrastructure.com ([time] https in Trusted sites)

showed up in the log when it finished. I guess that means it worked?

After clicking on 10 or so links from Google searches, I haven't been redirected. Looks like it's fixed.

Thanks so much for the help!

#11 TheDarkKnight

TheDarkKnight

    Elite Member

  • Trusted Advisors
  • PipPipPipPipPip
  • 1,126 posts
  • Gender:Male
  • Location:Gotham City
  • Interests:Malware Hunting, sport and of course listening to music ^_^

Posted 08 January 2013 - 12:08 AM

Hello Wyndwraith. :)


Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 Wyndwraith

Wyndwraith

    New Member

  • Members
  • Pip
  • 9 posts

Posted 10 January 2013 - 09:13 PM

Hi TheDarkKnight,

Sorry it's taken me a while to respond. I've run the scan and here are the results:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

The scanner found one result (It never made it into the log, somehow. I've copied and pasted from the results window instead.):


C:\Program Files (x86)\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application

#13 TheDarkKnight

TheDarkKnight

    Elite Member

  • Trusted Advisors
  • PipPipPipPipPip
  • 1,126 posts
  • Gender:Male
  • Location:Gotham City
  • Interests:Malware Hunting, sport and of course listening to music ^_^

Posted 11 January 2013 - 01:12 AM

Hello Wyndwraith. :)

That's fine. Are there any remaining issues?

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#14 Wyndwraith

Wyndwraith

    New Member

  • Members
  • Pip
  • 9 posts

Posted 12 January 2013 - 06:33 PM

Here are the results:


Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 22
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

#15 TheDarkKnight

TheDarkKnight

    Elite Member

  • Trusted Advisors
  • PipPipPipPipPip
  • 1,126 posts
  • Gender:Male
  • Location:Gotham City
  • Interests:Malware Hunting, sport and of course listening to music ^_^

Posted 12 January 2013 - 07:27 PM

Hello Wyndraith. :)

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:
  • Please go to the below link and download the latest Windows 7 version:
http://www.java.com/...load/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: Posted Image
  • Select Uninstall.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.
=====

Next, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:
  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

Finally, your version of Adobe Flash Player is out of date. Please follow these instructions to update to the latest version:

Go to the Adobe Global Notifications Update website here:

http://www.macromedi...r05.html#118377

A small box to the right within the window should load. Please select how often you would like Adobe to check for a new update for its Flash Player.

Note: This has to be done separately for Firefox and IE.


If a new version is found:
  • Please tick the License Agreement.
  • Click Install.
    Note: If you are running Mozilla Firefox all of its windows will need to be closed.
  • Click Done.
Note: In future if an update is available Adobe will notify you on your Desktop via the Adobe Download Manager.

=====

In your reply please let me know how the updates go.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#16 Wyndwraith

Wyndwraith

    New Member

  • Members
  • Pip
  • 9 posts

Posted 15 January 2013 - 08:52 PM

I've uninstalled Java 5, 6, and 7 and reinstalled Java 7 Update 11.

I've updated to the latest Adobe Reader 9.

I've updated Flash for IE to the latest version. The version for Chrome shows as good.

#17 TheDarkKnight

TheDarkKnight

    Elite Member

  • Trusted Advisors
  • PipPipPipPipPip
  • 1,126 posts
  • Gender:Male
  • Location:Gotham City
  • Interests:Malware Hunting, sport and of course listening to music ^_^

Posted 16 January 2013 - 12:12 AM

Hey Wyndwraith,

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.


And AdwCleaner:

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:


IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.


As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.


Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.


Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#18 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 40,904 posts
  • Gender:Male
  • Location:US

Posted 18 January 2013 - 03:36 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users