Jump to content


Photo
- - - - -

Desktop Icons and Startbar disappearing


  • This topic is locked This topic is locked
20 replies to this topic

#1 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 23 February 2013 - 10:35 PM

Hello...

I suspect I have some unfound maleware. As the title says my Desktop Icons and Start/Task bar keep disappearing. Also, while Malwarebytes and Kaspersky continue to report no issues, SpyBot shows repeated registry issues.(When I scan with SPyBot it's reporting, issues all of which are registry values)

Here are my dds.com file:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by Omtha1 at 22:04:28 on 2013-02-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1501 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
C:\Windows\system32\taskhost.exe
C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Google Update] "C:\Users\Omtha1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [RaidCall] C:\Program Files (x86)\raidcall\raidcall.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
TCP: NameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{A7CC8A63-2D9B-4CA0-B5D4-973F1271571F} : DHCPNameServer = 192.168.1.1 71.250.0.12
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-2-29 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-2-29 42624]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2012-8-17 356376]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 352248]
R2 MBAMScheduler;MBAMScheduler;C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-17 398184]
R2 MBAMService;MBAMService;C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-17 682344]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-7-26 1128952]
R2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2013-1-30 20608]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-23 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-23 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-23 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-23 104048]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-12 24176]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-25 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-11-26 46136]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-18 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-18 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-18 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-9 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-24 14544]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-23 18:00:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-02-23 18:00:09 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-02-23 18:00:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-02-23 17:24:29 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1D73181-51CB-4DAE-B3B8-6CCCEC08AE07}\offreg.dll
2013-02-23 17:22:10 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2013-02-23 17:22:10 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-02-23 17:01:46 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1D73181-51CB-4DAE-B3B8-6CCCEC08AE07}\mpengine.dll
2013-02-18 21:00:24 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-18 21:00:16 9161176 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-02-18 11:22:39 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-02-18 11:22:39 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-02-18 11:22:37 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-02-18 11:22:37 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-02-18 11:22:37 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-18 11:22:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-02-18 11:22:36 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-02-18 11:22:36 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-02-18 11:22:36 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-02-18 04:05:20 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-02-18 04:05:19 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-02-18 04:05:19 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-02-18 04:05:19 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-02-18 03:58:42 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 03:58:42 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 03:43:33 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-02-18 03:43:33 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-02-18 03:43:33 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-02-18 03:43:32 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-02-18 03:41:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-02-18 03:41:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-02-18 03:41:55 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-02-18 03:41:55 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-02-18 03:41:54 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-02-18 03:41:53 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-02-18 03:41:53 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-02-18 03:25:21 64856 ----a-w- C:\Windows\System32\klfphc.dll
2013-02-18 03:24:36 -------- d-----w- C:\Windows\ELAMBKUP
2013-02-18 03:24:29 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-02-18 03:24:29 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-02-18 03:24:08 89432 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-02-18 03:23:06 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-18 03:23:06 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-18 03:23:05 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-18 03:23:04 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-18 03:23:03 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-02-18 03:23:03 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-02-18 03:21:38 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-02-18 03:20:23 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-02-18 03:19:52 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-02-18 03:19:52 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-02-18 03:19:48 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-02-18 03:19:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-02-18 03:19:40 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-02-18 03:19:40 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-02-18 03:19:39 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-02-18 03:19:39 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-02-18 03:19:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-01-31 00:45:51 -------- d-----w- C:\Users\Omtha1\AppData\Roaming\RadeonPro
2013-01-31 00:43:30 -------- d-----w- C:\Program Files (x86)\RadeonPro
2013-01-30 23:40:16 -------- d--h--w- C:\Windows\msdownld.tmp
2013-01-30 23:40:10 -------- d-----w- C:\Windows\SysWow64\directx
2013-01-30 11:40:44 -------- d-----w- C:\Fraps
2013-01-29 11:29:47 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-01-29 11:29:37 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-01-28 22:37:27 -------- d-----w- C:\Program Files\Nexus Mod Manager
2013-01-27 11:06:04 -------- d-----w- C:\Games
2013-01-26 22:53:29 -------- d-----w- C:\Users\Omtha1\AppData\Local\Black_Tree_Gaming
.
==================== Find3M ====================
.
2013-02-18 05:31:06 54104 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-02-17 16:35:37 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-17 16:35:37 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-19 20:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe
2012-12-19 20:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-12-19 20:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-12-19 20:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-12-19 20:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-12-19 20:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll
2012-12-19 20:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-12-19 20:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-12-19 20:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll
2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-12 12:09:59 0 ----a-w- C:\Windows\SysWow64\sho789A.tmp
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 22:05:54.72 ===============


And the Attach:



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/8/2011 7:54:56 AM
System Uptime: 2/23/2013 6:25:26 PM (4 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AD3
Processor: AMD E-300 APU with Radeon™ HD Graphics | CPU 1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 388.514 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.361 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP109: 2/23/2013 11:59:25 AM - Windows Update
RP110: 2/23/2013 12:17:46 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Agatha Christie - Peril at End House
Age of Empires III
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Battlefield Heroes
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chronicles of Albian
Chuzzle Deluxe
Compaq Setup Manager
Cradle of Rome 2
D3DX10
Defraggler
Fallout: New Vegas
Farm Frenzy
FATE
Fraps
Game Booster 3
Google Chrome
Google Earth Plug-in
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP MovieStore
HP Odometer
HP Product Detection
HP Setup
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
IHA_MessageCenter
IZArc 4.1.6
Java 7 Update 9 (64-bit)
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Kaspersky Anti-Virus 2013
Kobo
LabelPrint
Mah Jong Medley
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
Nexus Mod Manager
PDF Complete Special Edition
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PressReader
PunkBuster Services
RadeonPro 1.0 (Build 1.1.1.0)
Realtek High Definition Audio Driver
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Slingo Supreme
Speccy
Spybot - Search & Destroy
SpywareBlaster 4.6
Steam
Stronghold
Stronghold 2
Stronghold Legends
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
Torchlight
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
Virtual Villagers 5 - New Believers
Vz In Home Agent
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/23/2013 11:55:10 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
2/23/2013 11:54:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RadeonPro Support Service service to connect.
2/23/2013 11:54:37 AM, Error: Service Control Manager [7000] - The RadeonPro Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/18/2013 5:03:39 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/17/2013 10:59:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2/17/2013 10:59:36 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 26 February 2013 - 11:20 AM

Hello ThirdTimes and welcome to MalwareBytes forum.

First, you need to turn OFF (disable) Spybot from auto-starting with Windows ....so that we minimize any interference or conflict with our research.
NEXT
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 26 February 2013 - 08:05 PM

Ok... First, once I disabled spybot from my start-up and rebooted, my Icon tray kept telling me I had no internet access, even though I did. Then, RogueKiller would not launch properly. It would start, go forward to "searching for updates" for maybe 40 minutes and then finally stop responding altogether. I eventually ran it in Safe Mode. Here's the report from that:


RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Omtha1 [Admin rights]
Mode : Scan -- Date : 02/26/2013 19:54:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-60WWPA0 SATA Disk Device +++++
--- User ---
[MBR] eb7fad9f4415bac71459360863ccbda4
[BSP] 2eccea65a43ccd29c3972ddd5ece144e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 465442 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 953432064 | Size: 11396 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] b3e2d7809c7c51bd023791727d318c7b
[BSP] 224f45de558ebbbe688ed82773b6158d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 165308416 | Size: 300 Mo

Finished : << RKreport[1]_S_02262013_02d1954.txt >>
RKreport[1]_S_02262013_02d1954.txt

#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 February 2013 - 10:09 AM

Let's make sure that Windows is in Normal mode. {not safe mode}
then do the following

Step 1
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html

Step 2

1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 3
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 4
Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Close all open windows on the Task Bar. Click the Posted Image icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt
Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 27 February 2013 - 05:21 PM

Here's the rKiller log:



Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 02/27/2013 05:16:50 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Omtha1\Desktop\rkill\rkill-02-27-2013-05-17-06.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]

20 out of 13966 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 02/27/2013 05:18:03 PM
Execution time: 0 hours(s), 1 minute(s), and 13 seconds(s)

#6 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 27 February 2013 - 06:37 PM

OTL:


OTL logfile created on: 2/27/2013 5:44:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Omtha1\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 47.68% Memory free
5.20 Gb Paging File | 3.41 Gb Available in Paging File | 65.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.53 Gb Total Space | 387.26 Gb Free Space | 85.20% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.36 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: OMTHA1-HP | User Name: Omtha1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/27 17:42:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Omtha1\Desktop\OTL.exe
PRC - [2013/02/18 00:10:51 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2013/01/08 00:50:44 | 000,020,608 | ---- | M] (Mr. John aka japamd) -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/05/15 01:31:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/12/06 03:11:58 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/26 17:37:29 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/18 00:10:51 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/08 00:50:44 | 000,020,608 | ---- | M] (Mr. John aka japamd) [Auto | Running] -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/05/15 01:31:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/18 00:31:06 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/02/18 00:31:05 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/25 17:23:06 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/25 17:23:06 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 12:08:28 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/02/29 12:08:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/12/23 09:53:10 | 000,104,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/12/06 03:45:42 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/06 02:12:16 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/16 04:41:55 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{32970251-51FB-4C9F-BDF3-F7099337CCAB}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPDTDF
IE - HKLM\..\SearchScopes\{32970251-51FB-4C9F-BDF3-F7099337CCAB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPDTDF
IE - HKCU\..\SearchScopes\{32970251-51FB-4C9F-BDF3-F7099337CCAB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Omtha1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Omtha1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Omtha1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013/02/18 00:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013/02/18 00:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013/02/18 00:31:16 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Omtha1\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Omtha1\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Omtha1\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\BFHUpdater.exe
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Omtha1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Battlefield Heroes = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\
CHR - Extension: Content Blocker = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Lord of Ultima = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Gmail = C:\Users\Omtha1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/19 20:19:26 | 000,582,262 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 15666 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7CC8A63-2D9B-4CA0-B5D4-973F1271571F}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/27 17:42:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Omtha1\Desktop\OTL.exe
[2013/02/27 17:24:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/02/27 17:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/02/27 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/02/27 17:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/02/27 17:17:06 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\Desktop\rkill
[2013/02/27 17:15:58 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Omtha1\Desktop\rkill.com
[2013/02/26 18:15:01 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\Desktop\RK_Quarantine
[2013/02/23 22:22:53 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Omtha1\Desktop\dds.com
[2013/02/23 13:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/23 13:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/02/23 13:00:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/02/23 13:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/02/23 12:47:07 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\Desktop\hosts
[2013/02/23 12:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/02/23 12:22:10 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2013/02/23 12:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/02/18 06:25:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/02/18 06:25:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/02/18 06:25:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/02/18 06:25:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/02/18 06:25:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/02/18 06:25:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/02/18 06:25:46 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/02/18 06:25:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/02/18 06:25:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/02/18 06:25:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/02/18 06:25:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/02/18 06:25:46 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/02/18 06:25:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/18 06:25:45 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/02/18 06:25:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/02/18 06:25:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/02/18 06:25:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/02/18 06:25:45 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/02/18 06:25:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/02/18 06:25:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/02/18 06:25:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/02/18 06:25:44 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/02/18 06:25:44 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/02/18 06:25:43 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/02/18 06:25:43 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/02/18 06:22:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/02/18 06:22:39 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/02/18 06:22:36 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/02/17 23:05:19 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/02/17 23:05:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/02/17 22:43:33 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/02/17 22:43:33 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/02/17 22:43:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/02/17 22:43:32 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/02/17 22:41:55 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/02/17 22:41:54 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/02/17 22:41:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/02/17 22:41:53 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/02/17 22:29:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/17 22:29:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/17 22:29:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/17 22:29:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/17 22:29:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/17 22:29:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/17 22:29:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/17 22:29:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/17 22:29:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/17 22:29:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/17 22:29:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/17 22:29:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/17 22:29:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/17 22:29:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/17 22:29:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/17 22:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/02/17 22:25:21 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/02/17 22:24:36 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/02/17 22:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/02/17 22:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/02/17 22:24:08 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/02/17 22:24:08 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/02/17 22:23:06 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/17 22:23:06 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/17 22:23:05 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/17 22:23:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/02/17 22:23:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/02/17 22:22:50 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/02/17 22:22:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/02/17 22:22:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/02/17 22:22:18 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/02/17 22:22:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/02/17 22:22:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/02/17 22:22:17 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/02/17 22:22:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/02/17 22:22:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/02/17 22:21:38 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/02/17 22:21:38 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/02/17 22:21:37 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/02/17 22:21:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/02/17 22:21:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/17 22:21:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/17 22:21:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/17 22:21:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/17 22:21:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/17 22:21:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/17 22:21:31 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/02/17 22:21:30 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/17 22:21:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/02/17 22:21:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/02/17 22:21:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/02/17 22:21:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/02/17 22:21:26 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/02/17 22:21:26 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/02/17 22:21:26 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/02/17 22:21:26 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/02/17 22:21:26 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/02/17 22:21:26 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/02/17 22:21:26 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/02/17 22:21:26 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/02/17 22:21:26 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/02/17 22:21:26 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/02/17 22:21:26 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/02/17 22:21:26 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/02/17 22:21:26 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/02/17 22:21:26 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/02/17 22:21:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/02/17 22:21:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/02/17 22:21:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/02/17 22:21:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/02/17 22:21:26 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/02/17 22:21:26 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/02/17 22:21:25 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/02/17 22:21:25 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/02/17 22:21:25 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/02/17 22:21:25 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/02/17 22:21:25 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/02/17 22:21:25 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/02/17 22:21:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/02/17 22:21:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/02/17 22:20:11 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/02/17 22:20:11 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/02/17 22:20:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/02/17 22:20:10 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/02/17 22:20:10 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/02/17 22:20:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/02/17 22:20:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/02/17 22:20:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/02/17 22:20:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/02/17 22:20:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/17 22:20:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/17 22:20:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/17 22:20:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/02/17 22:20:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/02/17 22:20:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/17 22:20:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/17 22:20:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/02/17 22:20:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/02/17 22:20:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/02/17 22:20:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/17 22:20:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/17 22:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/17 22:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/02/17 22:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/17 22:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/17 22:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/02/17 22:19:52 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/02/17 22:19:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/02/17 22:19:48 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/02/17 22:19:40 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/02/17 22:19:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/02/17 16:56:02 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\Desktop\ApachiiSkyHair_v_1_5_Full
[2013/01/30 23:01:06 | 005,611,520 | ---- | C] (PlayBlack Studios) -- C:\Users\Omtha1\Desktop\skyrim_config.exe
[2013/01/30 19:45:55 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\Documents\RadeonPro Benchmarks
[2013/01/30 19:45:52 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\Documents\RadeonPro Logs
[2013/01/30 19:45:51 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\AppData\Roaming\RadeonPro
[2013/01/30 19:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadeonPro
[2013/01/30 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadeonPro
[2013/01/30 19:12:54 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\Desktop\Skyrim Performance for Nvidia
[2013/01/30 18:41:46 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013/01/30 18:41:46 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013/01/30 18:41:46 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013/01/30 18:41:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013/01/30 18:41:42 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013/01/30 18:41:42 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013/01/30 18:41:41 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013/01/30 18:41:41 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013/01/30 18:41:40 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013/01/30 18:41:40 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013/01/30 18:41:40 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013/01/30 18:41:40 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013/01/30 18:41:38 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013/01/30 18:41:38 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013/01/30 18:41:36 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013/01/30 18:41:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/01/30 18:40:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013/01/30 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\Desktop\HiAlgoBoost
[2013/01/30 06:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013/01/30 06:40:44 | 000,000,000 | ---D | C] -- C:\Fraps
[2013/01/29 06:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/01/29 06:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/01/29 06:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/01/29 06:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/01/28 18:30:46 | 000,000,000 | ---D | C] -- C:\Users\Omtha1\Desktop\skse_1_06_06
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/27 17:42:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Omtha1\Desktop\OTL.exe
[2013/02/27 17:35:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 17:23:25 | 000,000,926 | ---- | M] () -- C:\Users\Omtha1\Desktop\NTREGOPT.lnk
[2013/02/27 17:23:25 | 000,000,907 | ---- | M] () -- C:\Users\Omtha1\Desktop\ERUNT.lnk
[2013/02/27 17:19:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 17:19:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 17:16:04 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Omtha1\Desktop\rkill.com
[2013/02/27 17:14:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 17:12:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/27 17:11:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/27 17:11:21 | 2093,912,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/26 20:09:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-233264952-187389383-3928453591-1001UA.job
[2013/02/26 17:37:07 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/26 17:37:07 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/24 02:09:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-233264952-187389383-3928453591-1001Core.job
[2013/02/23 22:03:17 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Omtha1\Desktop\dds.com
[2013/02/23 13:00:20 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/02/23 12:28:09 | 000,143,407 | ---- | M] () -- C:\Users\Omtha1\Desktop\hosts.zip
[2013/02/23 12:22:11 | 000,001,081 | ---- | M] () -- C:\Users\Omtha1\Desktop\SpywareBlaster.lnk
[2013/02/18 07:03:35 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/02/18 00:31:06 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/02/18 00:31:05 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/02/18 00:03:33 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/17 23:28:27 | 000,773,512 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/17 23:28:27 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/17 23:28:27 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/17 23:28:09 | 000,773,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/17 22:25:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/02/17 20:15:54 | 000,007,606 | ---- | M] () -- C:\Users\Omtha1\AppData\Local\Resmon.ResmonCfg
[2013/02/17 12:57:29 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/02/17 11:54:07 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOmtha1.job
[2013/02/01 00:46:08 | 000,002,514 | ---- | M] () -- C:\Users\Omtha1\Desktop\ATTK.lnk
[2013/01/31 20:16:26 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOMTHA1-HP$.job
[2013/01/31 18:10:18 | 000,002,374 | ---- | M] () -- C:\Users\Omtha1\Desktop\Google Chrome.lnk
[2013/01/30 23:15:29 | 000,000,085 | ---- | M] () -- C:\Users\Omtha1\Desktop\config.ini
[2013/01/30 06:40:45 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013/01/28 19:03:30 | 000,002,850 | ---- | M] () -- C:\Users\Omtha1\Desktop\SKSE.lnk
[2013/01/28 18:49:31 | 000,102,559 | ---- | M] () -- C:\Users\Omtha1\Desktop\SKSE Scripts.zip
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/27 17:23:25 | 000,000,926 | ---- | C] () -- C:\Users\Omtha1\Desktop\NTREGOPT.lnk
[2013/02/27 17:23:25 | 000,000,907 | ---- | C] () -- C:\Users\Omtha1\Desktop\ERUNT.lnk
[2013/02/23 13:00:20 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/02/23 13:00:20 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/02/23 12:28:01 | 000,143,407 | ---- | C] () -- C:\Users\Omtha1\Desktop\hosts.zip
[2013/02/23 12:22:11 | 000,001,081 | ---- | C] () -- C:\Users\Omtha1\Desktop\SpywareBlaster.lnk
[2013/02/17 23:05:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/17 22:41:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/02/17 22:26:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/02/02 06:44:23 | 000,007,606 | ---- | C] () -- C:\Users\Omtha1\AppData\Local\Resmon.ResmonCfg
[2013/02/01 00:46:08 | 000,002,514 | ---- | C] () -- C:\Users\Omtha1\Desktop\ATTK.lnk
[2013/01/30 23:05:04 | 000,000,085 | ---- | C] () -- C:\Users\Omtha1\Desktop\config.ini
[2013/01/30 06:40:45 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013/01/28 18:58:11 | 000,002,850 | ---- | C] () -- C:\Users\Omtha1\Desktop\SKSE.lnk
[2013/01/28 18:49:31 | 000,102,559 | ---- | C] () -- C:\Users\Omtha1\Desktop\SKSE Scripts.zip
[2012/11/26 19:31:53 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/09/13 05:38:18 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/05/15 01:31:18 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/15 01:31:16 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/06 02:35:12 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/12/06 02:35:12 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/07/25 23:44:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/21 02:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/17 20:03:27 | 000,000,000 | ---D | M] -- C:\Users\Omtha1\AppData\Roaming\RadeonPro
[2012/04/25 10:25:31 | 000,000,000 | ---D | M] -- C:\Users\Omtha1\AppData\Roaming\runic games
[2012/07/27 07:23:09 | 000,000,000 | ---D | M] -- C:\Users\Omtha1\AppData\Roaming\SoftGrid Client
[2012/07/27 06:07:24 | 000,000,000 | ---D | M] -- C:\Users\Omtha1\AppData\Roaming\TP
[2012/10/06 21:29:50 | 000,000,000 | ---D | M] -- C:\Users\Omtha1\AppData\Roaming\TS3Client
[2011/12/08 22:41:34 | 000,000,000 | ---D | M] -- C:\Users\Omtha1\AppData\Roaming\Unity
[2011/12/08 20:24:38 | 000,000,000 | ---D | M] -- C:\Users\Omtha1\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/01/30 02:44:12 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?±) -- C:\Windows\SysNative\솠±
[2012/01/30 02:44:12 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?±) -- C:\Windows\SysNative\솠±
[2011/12/11 15:09:36 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?¸) -- C:\Windows\SysNative\솠¸
[2011/12/11 15:09:36 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?¸) -- C:\Windows\SysNative\솠¸

< End of report >

#7 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 27 February 2013 - 06:38 PM

Extras:


OTL Extras logfile created on: 2/27/2013 5:44:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Omtha1\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 47.68% Memory free
5.20 Gb Paging File | 3.41 Gb Available in Paging File | 65.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.53 Gb Total Space | 387.26 Gb Free Space | 85.20% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.36 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: OMTHA1-HP | User Name: Omtha1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E76716-6BF5-4BB5-BC35-0EC4B7A21825}" = rport=445 | protocol=6 | dir=out | app=system |
"{08793089-D0C4-4687-9FBF-682DC0D9C906}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D5ECAC4-CA74-4D5B-BB35-2C8D7F4E2176}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{14C3C575-F977-49D2-85E3-18DF6BC839A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{262E4546-3FF9-47FD-969B-8362D929517B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2F4BFAF8-7ACE-4970-89AC-20DD9568CDAD}" = lport=137 | protocol=17 | dir=in | app=system |
"{439241B8-0B0E-4C1D-B6BB-E0FD251D6BAA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{55A2D0EC-CCD9-430D-9DE3-1D5448CF2A1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55CDED1C-7FD4-41F4-90E1-085D2B292A9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63E52C4E-890B-41BB-AD77-1A4D4AB20E5F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{643E7F28-9B3F-4FB3-9728-5B3F185C25BA}" = lport=139 | protocol=6 | dir=in | app=system |
"{66E4F121-5827-4255-8B02-9C13FBF9D27A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A5C5EBD-33CE-4D30-9D85-D0AC2A9792AD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7AA8A218-7479-4816-8865-5D6CD88E93DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B617026-EAB8-4883-A0AE-16B4D8DE3589}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{94961947-141C-41AC-88EE-BECAA2E038A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{965FC3B5-B12A-4F08-8C94-A11EC34A9770}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{B1DC36B5-2BA8-4F70-9DDB-D9803AF9493E}" = rport=137 | protocol=17 | dir=out | app=system |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C5DD06D4-6F04-4380-BE6A-7AD58AD686DE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CA419F25-75B1-4208-95E8-FF9CAAF0AB53}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D345E2D2-2ACA-4E71-AAE0-A613EEC76C93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D85ADFBE-95E7-405F-B235-3113004EB339}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EED93FB8-5EC0-4D6C-9C1C-77FC926146C7}" = rport=139 | protocol=6 | dir=out | app=system |
"{FB112B57-29CF-4498-9DE2-280A11DE52BC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCBA4741-2E82-4023-8E38-B8F0AD7FE195}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BCB08E-D1DA-4874-B4F3-D6B12A0A7523}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{069AD4CA-7DB4-452F-8EDC-50A03D888E6C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{08A39593-3518-4E1D-8616-2F293EDB77F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{0D5D9B1D-F121-43D2-8863-B6B22657BC0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13ADB9D7-7EF5-4817-B90C-D2A2F5BBE91E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1585B613-2853-4C84-9833-60321DC26ED5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1B4CEC26-80A1-4F06-9387-8E3A440EB2C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1DAA3852-EF9F-476C-B1EF-602F1C313F34}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{2197F2E5-168F-44E5-8DE9-642CCA514C17}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{256A89BC-2648-4C8F-BA76-9A31371F1CE9}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{28A98578-CC13-41C9-B580-CBE0EB12CCA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{3B55E390-1BCC-4CBD-8744-4484F91E9B4F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{3F72023E-CE86-4783-B0C5-030B4C7C49B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{42CDC9C1-346D-4C96-AE4A-6671A6D1BB06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4E7B5AB0-985C-435C-A773-33E931C0AA8C}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{50E7EFE9-2D0C-43A8-9AFF-D2E6A2983205}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52136CD3-9415-4AA8-99F9-702760EF72B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56B40E27-8826-41D0-AE47-0FBCE5416DE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{578A28C2-096C-4561-99FB-336C4294B566}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{614F1B21-47E1-4C91-BF4C-8E5FEC7864BF}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{68938361-0F23-4ECE-BCCE-6B9959A883C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A9D9C71-4882-4576-92F7-20BCB386B416}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6C35FB32-6F8A-4237-82B1-4B13FAC5EC18}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6D3A8EE3-A68B-4108-895C-BEF293F1FD48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{78C8E091-0AE5-4761-B498-27ADE4C247C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DF6F549-AAD7-4C23-B222-5B7A2592A4EF}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{81D9AE2A-A1E1-4190-B30E-3EC540534165}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{83BDFF33-41DA-4B75-A5A2-69E4110811AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{90CBE3A7-F6C5-4533-BA94-C8A2E25BED55}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B85C97F-21C3-4376-83E8-84DE56414CE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A2234E0F-75EF-4D8A-BBE0-09CEF2F79337}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{A378B6A0-64D5-4719-9C3D-288D1F3275F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B11E04AD-B971-437F-BDAE-133E0143788B}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{B1A187BB-10B3-4E9A-BD53-863C9F011D0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFB11EC7-0549-44CB-9C95-0EE9BF77E842}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C526B026-DD28-449B-826F-72A2DF425FAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{CE3BD252-DFAE-4882-A0A1-2AA705075104}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{D173C5B1-B291-40F4-B436-7D2EF20DFD99}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D38EFBC2-E68F-4AE5-8FB3-C13AFDE9844C}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{DA32AB17-B4DA-46B0-842C-C795E29980A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E0FC38D1-BB1F-4E89-8ED9-5139D7CC9BE1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6CA9EBB-DE5B-4518-9373-568B00AFB098}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{E9D0543F-6D9B-448E-AAFB-72AEA3AAA022}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F31AA8FC-5356-497C-84F7-0F208829BE77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{FA11A4CB-EB3D-4907-99A8-B8A3D15A0B30}" = protocol=6 | dir=out | app=system |
"{FA7825A2-206C-4C44-BE0F-AC96838A183B}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps
"Game Booster_is1" = Game Booster 3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"PunkBusterSvc" = PunkBuster Services
"RadeonPro_is1" = RadeonPro 1.0 (Build 1.1.1.0)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Steam App 22380" = Fallout: New Vegas
"Steam App 72850" = The Elder Scrolls V: Skyrim
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-09e6d5e7-5c65-4b18-b477-fe2566cdf31d" = Farm Frenzy
"WTA-0dd52a8a-290a-45cf-8d09-a8bf7804d934" = Zuma Deluxe
"WTA-0f8a63fc-ccaf-4a5c-8821-5bb12ad78017" = Governor of Poker 2 Premium Edition
"WTA-16521dfc-a46b-4b2c-aae4-24932bd8acaf" = Bejeweled 3
"WTA-193c8b97-a79b-4c4a-bdad-ff3141b5f1a0" = Torchlight
"WTA-1ee59782-94c0-4474-9a4a-d5ade4c081ad" = Poker Superstars III
"WTA-24ce7716-dba2-4851-a82b-837a867ca353" = Polar Bowler
"WTA-296f4995-5a20-4cc6-a8ff-bd3a02110c6a" = FATE
"WTA-3f0204ec-8478-47f5-8f58-7182da3c531e" = Blackhawk Striker 2
"WTA-3ff6e882-9342-4e70-ac01-e821498a4b26" = Vacation Quest - The Hawaiian Islands
"WTA-6e190972-728e-4060-b8d6-68c5e72ffabc" = Cradle of Rome 2
"WTA-84682931-deff-4279-a8f8-0338c42021aa" = Slingo Supreme
"WTA-8880600a-8f29-476a-afdd-50a0291eff54" = Plants vs. Zombies - Game of the Year
"WTA-8c23e868-7375-488e-9fa4-05a2ebc35a82" = Polar Golfer
"WTA-ba19d18d-d3da-40ec-a6bf-5beaf4eb93b5" = Mystery of Mortlake Mansion
"WTA-bbabc97f-53b5-453d-b9db-30bcf220645d" = Cake Mania
"WTA-bc501780-6a97-4e25-8fe1-622034e79be9" = Agatha Christie - Peril at End House
"WTA-c6143111-0683-44f8-ad02-7a155decbadc" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-c68c4c1a-84c2-4af6-a3de-8344c14ecae9" = Chronicles of Albian
"WTA-ca79e42e-6426-4ec5-befa-f32f2e5ea43b" = Penguins!
"WTA-d58a0627-3044-49ec-ad6c-0b2799aca2b6" = Virtual Villagers 5 - New Believers
"WTA-ddb6f55f-ecbd-4bbc-a39b-0897381c0d99" = Blasterball 3
"WTA-de2df74c-39b4-4c7c-bb4b-45586415dc4f" = Namco All-Stars: PAC-MAN
"WTA-e5a74f73-410a-403b-a07b-8d5a12dd8754" = Mah Jong Medley
"WTA-edbdf9f9-0151-4c74-9244-9cd8f0ec60e6" = Chuzzle Deluxe
"WTA-f68c775f-bd6b-4992-809d-ed6c107fd82f" = Bounce Symphony
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2013 9:56:14 AM | Computer Name = Omtha1-HP | Source = Windows Search Service | ID = 9002
Description =

Error - 1/20/2013 9:56:14 AM | Computer Name = Omtha1-HP | Source = Windows Search Service | ID = 3029
Description =

Error - 1/20/2013 9:56:14 AM | Computer Name = Omtha1-HP | Source = Windows Search Service | ID = 3029
Description =

Error - 1/20/2013 9:56:14 AM | Computer Name = Omtha1-HP | Source = Windows Search Service | ID = 3028
Description =

Error - 1/20/2013 9:56:14 AM | Computer Name = Omtha1-HP | Source = Windows Search Service | ID = 3058
Description =

Error - 1/20/2013 9:56:14 AM | Computer Name = Omtha1-HP | Source = Windows Search Service | ID = 7010
Description =

Error - 1/22/2013 12:11:36 AM | Computer Name = Omtha1-HP | Source = Application Error | ID = 1000
Description = Faulting application name: TESV.exe, version: 1.8.151.0, time stamp:
0x5086bed7 Faulting module name: TESV.exe, version: 1.8.151.0, time stamp: 0x5086bed7
Exception
code: 0x40000015 Fault offset: 0x007d312b Faulting process id: 0xfa4 Faulting application
start time: 0x01cdf8265a9cc567 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe
Faulting
module path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe Report
Id: cf83a008-6449-11e2-90ff-3860773dcba4

Error - 1/22/2013 6:46:26 AM | Computer Name = Omtha1-HP | Source = Application Virtualization Client | ID = 5011
Description = {tid=F08} The Application Virtualization Client could not disconnect
session 33 (FS status 00000729-000003ED).

Error - 1/23/2013 2:28:43 AM | Computer Name = Omtha1-HP | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 1/23/2013 2:28:43 AM | Computer Name = Omtha1-HP | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 1/23/2013 2:28:43 AM | Computer Name = Omtha1-HP | Source = Symantec AntiVirus | ID = 16711725
Description =

[ Hewlett-Packard Events ]
Error - 9/28/2012 5:27:43 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 9/28/2012 5:27:43 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 9/28/2012 5:27:43 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 9/28/2012 5:27:43 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/9/2012 6:29:35 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/9/2012 6:29:35 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/9/2012 6:31:52 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/9/2012 6:33:19 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/17/2012 4:33:12 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/17/2012 4:33:12 PM | Computer Name = Omtha1-HP | Source = HPSF.exe | ID = 4000
Description =

[ Spybot - Search and Destroy Events ]
Error - 2/23/2013 5:19:49 PM | Computer Name = Omtha1-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 2/26/2013 8:51:19 PM | Computer Name = Omtha1-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/26/2013 8:51:20 PM | Computer Name = Omtha1-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/26/2013 8:51:20 PM | Computer Name = Omtha1-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/26/2013 8:51:20 PM | Computer Name = Omtha1-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/26/2013 8:51:20 PM | Computer Name = Omtha1-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/26/2013 8:51:20 PM | Computer Name = Omtha1-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/26/2013 8:52:42 PM | Computer Name = Omtha1-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/26/2013 9:12:54 PM | Computer Name = Omtha1-HP | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 2/26/2013 9:12:54 PM | Computer Name = Omtha1-HP | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 2/27/2013 6:11:28 PM | Computer Name = Omtha1-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:18:10 PM on ?2/?26/?2013 was unexpected.


< End of report >


checkup:


Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 4.6
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
Default Desktop Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#8 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 28 February 2013 - 02:52 PM

Warning as from above, your Kaspersky Antivirus is NOT up-to-date !!!
Tell me if this is a "trial" or if you have a current & paid license for Kaspersky.

Remember that you can press the Windows-key on keyboard and you should see the Taskbar.
You can press Windows-key+R key to get to the RUN option.

Do as much as you can of the following.
Step 1
You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for member ThirdtimestheCharm only. If you are a casual viewer, do NOT try this on your system!
If you are not ThirdtimestheCharm and have a similar problem, do NOT post here; start your own topic

  • Temporarily disable your antivirus program and close any programs that you started.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Download the attached file Thirdfix.txt and SAVE to your DESKTOP
  • Start NOTEPAD
    Start NOTEPAD. Check and make sure "word wrap" is off.
    From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
    IF it -is- checkmarked, click that one time so that it is un-checked.
  • Open the Thirdfix.txt that you saved
  • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Right click in the Posted Image window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Posted Image.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2
Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply. And tell me, How is the system now?
  • Re-enable your security software.
Step 3
Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan. Posted Image

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.
Tell me, How is the system ?

Re-enable your antivirus program.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#9 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 28 February 2013 - 07:19 PM

Did everything advised in Step 1. The program asked me to reboot to remove all files, as you said. After reboot navigated to the .log file location. The file was empty.

Used JRT:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Omtha1 on Thu 02/28/2013 at 18:20:39.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/28/2013 at 18:45:55.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


After this program Icons and Taskbar/Startbar no longer disappearing. PC seems to be running sluggish, though. I'm getting stutter while gaming that I never had before.

Also, I had not mentioned this before... When I first boot I get an error message telling me that my AMD driver is either not installed or not operating properly. When I check it with Device Manager it tells me that I have the latest driver installed and it's operating properly. This message is still appearing.

Other than these issues it seems good.

#10 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 28 February 2013 - 07:31 PM

Step 3: No Issues found.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8382

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/16/2011 6:59:03 PM
mbam-log-2011-12-16 (18-59-03).txt

Scan type: Quick scan
Objects scanned: 168017
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Checking reboot and performance now.

#11 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 28 February 2013 - 07:44 PM

Ok.. Still getting the AMD error message. Got the "no internet access" symbol in my icon trey for a few minutes. Have some graphic anomaly behind the Kaspersky Gadget. This could be due to an actual issue with my AMD driver, I suppose, but I'm not downloading anything until you give the ok.

Oh, yes, I am running a trial version of kaspersky until this gets straightened out, then getting the paid version.

#12 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 28 February 2013 - 07:54 PM

How embarrassing... I posted the wrong mbam log. Here's the right one.



Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.28.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Omtha1 :: OMTHA1-HP [administrator]

Protection: Enabled

2/28/2013 7:48:25 PM
mbam-log-2013-02-28 (19-48-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203383
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 01 March 2013 - 09:41 AM

Q: PC seems to be running sluggish, though. I'm getting stutter while gaming that I never had before.

A: Sluggishness or slowness is due to other factors but -not- malware.

re: AMD driver
Always check with your manufacturer support about the current/latest driver. Please do that yourself.
And get any driver from the manufacturer ( and not necessarily from windows update ).

You also noted

Oh, yes, I am running a trial version of kaspersky until this gets straightened out, then getting the paid version.

Make sure you have un-installed any other antivirus that was before Kaspersky.
Now then, make up your mind on what you want as a permanent antivirus and make the purchase as needed ! and then do a full product Update
and I would suggest a full scan with the antivirus

Older versions of Java pose a security risk. Uninstall Java 7 Update 9 (64-bit) ...and any other Java
And if you do not need Java for the programs that you use, keep Java off your system .
How to disable Java in various browsers : http://blog.eset.com...r-way-to-browse
Also see No, Seriously, Just Disable Java in Your Browser Right Now


Here are some recommended articles on "slowness" issues:
MS Speed up your pc - Win7 / Vista
http://windows.micro...peed-up-your-pc

See Quietman7's Slow Computer/browser? Check Here First
http://www.bleepingc...topic87058.html

See Miekiemoes' Help! My computer is slow!
http://users.telenet...owcomputer.html
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#14 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 01 March 2013 - 05:45 PM

Ok.. thanks Maurice...

The slowness and stuttering while gaming I can deal with no problem, likely the fact that I have not cleaned any temp files this whole time.. The AMD issue most likely has to do with getting my last update from Microsoft, then, thanks for that info. Java info looks interesting, will Uninstall read this up and then make a more informed decision on whether or not I even need Java.

#15 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 02 March 2013 - 09:18 AM

Then, are you ready to wrap this up? Is the Windows taskbar showing normally?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#16 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 05 March 2013 - 10:28 AM

Please provide a status update. Are you still with me? do you still need help?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#17 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 07 March 2013 - 08:34 AM

I'm sorry, yes, I'm still here. Been crazy busy with work. Going to do those last instructions today and see how things go. Thanks for your patience.

#18 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 08 March 2013 - 12:16 PM

Can you make a commitment to make time to work on this, this weekend?

I certainly hope this computer is not in use while you have been away.

Just so you know, the longer it is between sessions, the harder it is for me to keep a decent focus on how to attempt to help you.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#19 ThirdTimesTheCharm

ThirdTimesTheCharm

    New Member

  • Members
  • Pip
  • 43 posts

Posted 09 March 2013 - 03:26 AM

Ok so... Yes, I used this PC all day yesterday to see if there were any issues, and no, no one uses it but me and I've been using my laptop while we have been straightening this one out, and yes, I apologize for the time passing but sometimes RL gets in the way of the time I'd like to spend doing what I want.

My Taskbar and Desktop seem completely stable now, I kicked Java out of my programs and updated and disabled it in my browser.

The only anomaly I found yesterday was it pausing once in a while while making a short buzzing sound from the PC Speaker. That and the lack of responsiveness I mentioned earlier, though I made the tweaks suggested by the links you provided and that has improved performance.

#20 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 09 March 2013 - 09:55 AM

Since there is no malware here, I am going to close this thread.
The audio delay or audio issue is most likely due to other issues. I gave you the references for slow-ness issues. You may consider using the PC Help forum http://forums.malwar...php?showforum=6
for other issues.
Take some serious un-interrupted time and do a disk Defrag --- as long as your system is not on a latest-new technology SSD drive.
I'd recommend Defraggler by Piriform http://www.piriform....aggler/download


We can wrap this up now.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

Please double-click OTL.exe Posted Image to start it.
Now click on the black Cleanup button. That will remove OTL from your system.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:
RKILL
roguekiller.exe
securitycheck.exe
jrt.exe


Safer practices & malware preventionWe are finished here. Best regards. Posted Image
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users