Kastiel

Infosearch Redirect virus + Audible & Visual Ads

16 posts in this topic

Hello,

Recently my computer has been redirecting me to the Infosearch website. I'll click a link or refresh a page and it'll come up with "this document has moved" and redirect me to Infosearch.com.

Also, occasionally a box will pop up in the lower right hand corner of the screen that recommends me to go to certain websites or gives me false "system messages." It minimizes everything I'm doing when that box pops up.

I did some research on this issue and saw that it wasn't an easy fix. I am currently deployed to Afghanistan and beginning my transition home so I figured I would fix this as soon as I got back. However, it's only gotten worse and now I'm needing to use my laptop more and more often. It used to only redirect me once every so often, but now it's redirecting me more than ever. Also another recent addition to this nuisance is that there have been audible ads playing in the background. It doesn't matter how many tabs I close or in what order, it only disappears once the entire internet has been closed.

I read previous topics and attempted to download some of the same programs that were suggested just so I could be ready, however most would not download. DDS.scr takes me to a blank page and doesn't begin a download, but I finally got DDS.com to download, however once it pops up (with internet and antivirus disabled), it lasts for about 6 seconds and then automatically closes. I get as far as being able to click the "Start" button to initiate the scan. It begins, but after about 6 seconds it closes and the program disappears.

A couple of key notes as to what I'm using:

Windows 7 x64bit

Comodo Internet

Comodo Internet Security / Antivirus

Any and all assistance is highly appreciated.

-Kas

Share this post


Link to post
Share on other sites

Just an update:

I am currently in Safe Mode with Networking and was able to run the DDS file.

I'm having a hard time accessing this forum as I was redirected at least 15 times before I managed to finally get to my topic.

Some of the redirects are as follows:

http://skincare.blis...m_term=77497-20

http://www1.globalget.net

http://www.allwaysearch.com

etc.

I have the "Attach.txt" sitting here on my desktop but it says not to attach it unless requested. So for now, attached is the "dds.txt" file.

dds.txt

Share this post


Link to post
Share on other sites

download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Next,

download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • 1. Wait until Prescan has finished...
  • The following EULA will appear, please select accept
    RKLicence.png
  • 2. Ensure MBR scan, Check faked and AntiRootkit are checked
  • 3. Select Scan
    RK1A.png
  • When the scan completes select Report, copy and paste that to your reply.

RK2A.png

Post both of those logs..

Kevin

Share this post


Link to post
Share on other sites

Just a note: I'm performing all of these actions in Safe Mode with Networking. Please let me know if I should not.

The attached file is the AdwCleaner scan file as requested.

Here is the Rogue Killer report:

----------------------------------------

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Wes Kidd [Admin rights]

Mode : Scan -- Date : 12/21/2012 19:51:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : ISUSPM (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler) -> FOUND

[RUN][bLACKLISTDLL] HKLM\[...]\Run : THXCfg64 (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-4063102244-3220350283-1659995652-1000[...]\Run : ISUSPM (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\Wes Kidd\Desktop\dds.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPKT-80PK4T0 +++++

--- User ---

[MBR] 7c062b6e323b3772438092bd0cd9c51e

[bSP] 2b76c692476633b72e7dc5d7b59a7a49 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 451336 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HM320HJ +++++

--- User ---

[MBR] 2194785550c3ef5bf6724ba1b03b249e

[bSP] d1d69a3974ebf256f138b23679aaa07e : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: WD 10EACS External USB Device +++++

--- User ---

[MBR] a65cf760d43b336347fb57bc883ace24

[bSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_12212012_02d1951.txt >>

RKreport[1]_S_12212012_02d1951.txt

AdwCleanerS2.txt

Share this post


Link to post
Share on other sites

Re-run RogueKiller again, select scan, when that completes hit the delete button..

RGKRDelete.png

Post the produced log..

Boot back to normal mode and run this:

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Please download mbamicontw5.gif from one of the following links and save it to your desktop.:

http://www.malwarebytes.org/mbam.php

http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml

http://www.majorgeek...ware_d5756.html

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post both logs...

Share this post


Link to post
Share on other sites

Rogue Killer log:

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Wes Kidd [Admin rights]

Mode : Remove -- Date : 12/21/2012 20:19:32

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPKT-80PK4T0 +++++

--- User ---

[MBR] 7c062b6e323b3772438092bd0cd9c51e

[bSP] 2b76c692476633b72e7dc5d7b59a7a49 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 451336 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HM320HJ +++++

--- User ---

[MBR] 2194785550c3ef5bf6724ba1b03b249e

[bSP] d1d69a3974ebf256f138b23679aaa07e : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: WD 10EACS External USB Device +++++

--- User ---

[MBR] a65cf760d43b336347fb57bc883ace24

[bSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[3]_D_12212012_02d2019.txt >>

RKreport[1]_S_12212012_02d1951.txt ; RKreport[2]_D_12212012_02d2019.txt ; RKreport[3]_D_12212012_02d2019.txt

Rebooting now to perform the rest.

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.21.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Wes Kidd :: WESKIDD [administrator]

Protection: Enabled

12/21/2012 8:32:37 PM

mbam-log-2012-12-21 (20-32-37).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 252732

Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

How is your system responding, any issues or concerns?

Share this post


Link to post
Share on other sites

Been surfing around for a bit now. So far so good, but that seemed too easy! I guess I'm just a bit paranoid, ha.

Thanks!

Share this post


Link to post
Share on other sites

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Share this post


Link to post
Share on other sites

I will be restarting my computer and putting it back in Safe Mode with Networking in order to perform this action as it's doing the same thing the DDS program did... closes seconds after opening. Is there any reason behind this? When trying to open it, I have disabled my A/V programs as well as the internet.

Share this post


Link to post
Share on other sites

OTL.txt

------------------

OTL logfile created on: 12/21/2012 9:05:39 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wes Kidd\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 10.19 Gb Available Physical Memory | 85.10% Memory free

23.95 Gb Paging File | 22.16 Gb Available in Paging File | 92.52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 440.76 Gb Total Space | 258.31 Gb Free Space | 58.61% Space Free | Partition Type: NTFS

Drive E: | 3.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 298.09 Gb Total Space | 298.05 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Drive H: | 931.28 Gb Total Space | 38.63 Gb Free Space | 4.15% Space Free | Partition Type: FAT32

Computer Name: WESKIDD | User Name: Wes Kidd | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/21 20:57:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Kidd\Desktop\OTL.exe

PRC - [2012/12/17 18:30:40 | 001,758,864 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/17 18:30:40 | 001,407,136 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avcodec-54.dll

MOD - [2012/12/17 18:30:40 | 000,229,024 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avformat-54.dll

MOD - [2012/12/17 18:30:40 | 000,157,344 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avutil-51.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/12/21 21:03:25 | 000,017,920 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\rpcnetp.exe -- (rpcnetp)

SRV:64bit: - [2012/03/12 07:43:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2010/11/30 03:30:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2010/09/23 05:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/14 06:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/12/21 21:03:25 | 000,017,920 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\rpcnetp.exe -- (rpcnetp)

SRV - [2012/12/21 17:25:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/17 18:30:40 | 001,868,432 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)

SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/11/01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)

SRV - [2012/10/31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/22 15:15:54 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/04/24 10:18:49 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/03/05 13:16:36 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/01/11 18:21:06 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2012/01/11 18:21:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2011/12/23 09:39:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)

SRV - [2011/12/23 09:39:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)

SRV - [2011/12/12 22:47:04 | 001,030,112 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)

SRV - [2011/12/12 22:46:54 | 001,038,304 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)

SRV - [2011/12/12 22:46:40 | 000,793,056 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2011/11/22 00:52:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2011/11/22 00:49:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2011/10/01 18:00:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 18:00:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/03/26 06:25:16 | 000,091,464 | ---- | M] () [Auto | Stopped] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)

SRV - [2011/03/13 23:29:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011/03/13 23:28:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2010/10/23 06:18:46 | 001,071,512 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2010/10/23 06:15:18 | 001,906,576 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent)

SRV - [2010/10/23 05:44:28 | 004,632,864 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe -- (DMS)

SRV - [2010/10/06 09:34:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/10/06 09:34:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/18 23:46:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/11 01:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 16:13:28 | 000,337,144 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/21 20:30:18 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/08/23 18:40:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 18:38:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 18:37:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/19 10:00:53 | 000,246,568 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)

DRV:64bit: - [2012/07/19 10:00:53 | 000,076,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)

DRV:64bit: - [2012/04/24 10:21:41 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2012/04/24 10:21:41 | 000,110,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)

DRV:64bit: - [2012/04/24 10:18:34 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2012/04/24 10:18:06 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2012/04/07 04:18:16 | 000,278,112 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2012/03/12 07:43:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)

DRV:64bit: - [2012/03/01 11:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/09 02:18:06 | 000,048,264 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)

DRV:64bit: - [2012/02/04 06:31:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2012/02/02 01:46:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2012/01/31 01:02:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)

DRV:64bit: - [2012/01/27 02:57:36 | 000,413,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/01/27 02:57:30 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)

DRV:64bit: - [2012/01/17 17:15:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/12/23 09:39:40 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)

DRV:64bit: - [2011/12/23 09:39:34 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)

DRV:64bit: - [2011/12/23 09:39:30 | 000,057,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)

DRV:64bit: - [2011/12/12 22:47:22 | 000,191,104 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTDSMon.sys -- (PCTDSMon)

DRV:64bit: - [2011/12/12 22:47:16 | 000,163,440 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)

DRV:64bit: - [2011/12/01 03:58:34 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011/10/01 18:00:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 18:00:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 18:00:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 18:00:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/07/30 00:24:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)

DRV:64bit: - [2011/07/30 00:24:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)

DRV:64bit: - [2011/07/18 03:32:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/07/18 03:32:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/05/14 03:07:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2011/03/13 23:28:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011/03/13 23:28:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011/03/13 23:28:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011/03/13 23:28:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010/11/30 03:30:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/20 18:03:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/10/20 10:04:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/08/03 15:13:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2009/11/18 03:42:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009/07/20 13:59:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2009/07/14 06:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 06:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 06:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/11 01:05:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)

DRV:64bit: - [2009/06/11 01:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 01:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 01:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 01:04:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2009/06/11 01:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/05/24 05:57:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2012/01/31 01:02:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)

DRV - [2011/12/12 22:47:28 | 000,108,864 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)

DRV - [2011/09/07 20:25:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_)

DRV - [2011/07/30 00:24:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/30 00:24:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2010/11/22 19:55:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)

DRV - [2009/07/14 05:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/03 04:06:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Browseforchange/search/redirect/?type=default&user_id=c751e884-2c3c-4a00-9e6a-b88c6626f18c&query={searchTerms}

IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wes Kidd\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Wes Kidd\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/12 08:34:11 | 000,000,000 | ---D | M]

[2012/05/06 17:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Free Ride Games\npExentCtl.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Wes Kidd\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google Search = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Privacy SafeGuard = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/11 01:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll File not found

O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)

O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe (ecareme)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows ® Win 7 DDK provider)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r File not found

O4 - HKLM..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found

O4 - HKLM..\Run: [uSBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000..\Run: [Facebook Update] C:\Users\Wes Kidd\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000..\Run: [GoogleChromeAutoLaunch_03DDF90F675085B51D416DB81D7A6F26] C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)

O4 - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.60.1 62.68.64.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB}: DhcpNameServer = 172.16.60.1 62.68.64.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB}: NameServer = 8.26.56.26,156.154.70.22

O18:64bit: - Protocol\Handler\belarc - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{35f13c05-fd86-11e1-8ca5-742f68da8368}\Shell - "" = AutoRun

O33 - MountPoints2\{35f13c05-fd86-11e1-8ca5-742f68da8368}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe

O33 - MountPoints2\{35f13d41-fd86-11e1-8ca5-742f68da8368}\Shell - "" = AutoRun

O33 - MountPoints2\{35f13d41-fd86-11e1-8ca5-742f68da8368}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe

O33 - MountPoints2\{97aaf340-9e62-11e1-a006-5404a63bc6d6}\Shell - "" = AutoRun

O33 - MountPoints2\{97aaf340-9e62-11e1-a006-5404a63bc6d6}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe

O33 - MountPoints2\{9e3e690f-c2c7-11e1-80fc-5404a63bc6d6}\Shell - "" = AutoRun

O33 - MountPoints2\{9e3e690f-c2c7-11e1-80fc-5404a63bc6d6}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe

O33 - MountPoints2\{b9816b51-4554-11e2-8c5a-5404a63bc6d6}\Shell - "" = AutoRun

O33 - MountPoints2\{b9816b51-4554-11e2-8c5a-5404a63bc6d6}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe

O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/21 20:57:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wes Kidd\Desktop\OTL.exe

[2012/12/21 19:50:49 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\Desktop\RK_Quarantine

[2012/12/21 18:18:22 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\AppData\Roaming\Malwarebytes

[2012/12/21 18:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/21 18:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/12/21 18:18:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/12/21 18:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/12/21 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo

[2012/12/21 17:15:14 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Wes Kidd\Desktop\dds.com

[2012/12/21 17:15:11 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Wes Kidd\Desktop\dds.scr

[2012/12/21 17:09:07 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/12/21 17:09:07 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/21 17:09:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/12/21 17:09:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/12/21 17:06:18 | 000,495,874 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Wes Kidd\Desktop\JRT.exe

[2012/12/21 16:59:56 | 005,012,825 | ---- | C] (Swearware) -- C:\Users\Wes Kidd\Desktop\ComboFix.exe

[2012/12/21 16:59:08 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Wes Kidd\Desktop\tdsskiller.exe

[2012/12/21 16:58:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Wes Kidd\Desktop\aswMBR.exe

[2012/12/19 01:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks

[2012/12/19 01:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks

[2012/12/19 01:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks

[2012/12/19 01:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup

[2012/12/19 01:35:31 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\AppData\Local\{7830390B-846D-418B-98A1-19CC9EBF592C}

[2012/12/14 14:11:13 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\AppData\Local\BlueStacksSetup

[2012/12/13 22:56:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/12/13 22:56:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/12/13 22:56:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/12/13 22:56:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/12/13 22:56:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/12/13 22:56:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/12/13 22:56:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/12/13 22:56:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/12/13 22:56:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/12/13 22:56:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/12/13 22:56:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/12/13 22:56:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/12/13 22:56:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/12/13 22:56:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/12/13 22:56:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/12/13 20:01:40 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/12/13 20:01:40 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/12/13 20:01:40 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/12/13 20:01:40 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/12/13 20:01:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/12/13 20:01:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/12/13 20:01:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/12/13 20:01:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/12/13 20:01:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/12/13 20:01:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/12/13 20:01:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/12/13 20:01:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/12/13 20:01:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/12/13 20:01:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/12/13 20:01:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/12/13 20:01:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/13 20:01:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/13 20:01:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/13 20:01:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/12/13 20:01:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/13 20:01:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/12/13 20:01:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/12/13 20:01:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/12/13 20:01:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/12/13 20:00:41 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll

[2012/12/13 20:00:41 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2012/12/12 20:45:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\desmume-0.9.8-win64

[2012/12/11 17:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative

[2012/12/11 16:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2012/12/03 20:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/12/03 20:33:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/12/03 20:33:21 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012/11/26 13:49:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/11/26 13:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/11/26 13:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/11/23 20:44:52 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\AppData\Local\{5681B1B3-B912-424F-AD97-CD52F17FB8D1}

[2 C:\Users\Wes Kidd\Documents\*.tmp files -> C:\Users\Wes Kidd\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/21 21:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/21 21:03:25 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe

[2012/12/21 21:03:25 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe

[2012/12/21 21:02:38 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat

[2012/12/21 21:02:25 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll

[2012/12/21 21:01:16 | 000,000,640 | ---- | M] () -- C:\Windows\wininit.ini

[2012/12/21 21:01:02 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job

[2012/12/21 20:57:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Kidd\Desktop\OTL.exe

[2012/12/21 20:37:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/21 20:37:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/21 20:35:59 | 000,756,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/12/21 20:35:59 | 000,645,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/12/21 20:35:59 | 000,114,720 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/12/21 20:31:20 | 000,000,380 | ---- | M] () -- C:\Users\Wes Kidd\AppData\Roaming\sp_data.sys

[2012/12/21 20:30:18 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys

[2012/12/21 20:30:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/21 20:00:30 | 000,065,108 | ---- | M] () -- C:\Users\Wes Kidd\Desktop\1356103236988.jpg

[2012/12/21 19:16:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/21 18:18:14 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/21 17:25:56 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk

[2012/12/21 17:25:56 | 000,002,045 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk

[2012/12/21 17:25:56 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk

[2012/12/21 17:25:18 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/12/21 17:25:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/12/21 17:22:54 | 000,280,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/21 17:15:17 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Wes Kidd\Desktop\dds.com

[2012/12/21 17:15:13 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Wes Kidd\Desktop\dds.scr

[2012/12/21 17:09:34 | 005,012,825 | ---- | M] (Swearware) -- C:\Users\Wes Kidd\Desktop\ComboFix.exe

[2012/12/21 17:07:28 | 000,495,874 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Wes Kidd\Desktop\JRT.exe

[2012/12/21 17:07:18 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Wes Kidd\Desktop\aswMBR.exe

[2012/12/21 17:03:33 | 000,547,175 | ---- | M] () -- C:\Users\Wes Kidd\Desktop\AdwCleaner.exe

[2012/12/21 17:02:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Wes Kidd\Desktop\tdsskiller.exe

[2012/12/21 16:57:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4063102244-3220350283-1659995652-1000UA.job

[2012/12/21 16:22:41 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/21 13:10:51 | 000,001,071 | ---- | M] () -- C:\Users\Wes Kidd\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk

[2012/12/21 07:57:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4063102244-3220350283-1659995652-1000Core.job

[2012/12/16 21:41:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/12/16 19:15:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/12/16 18:43:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/16 18:43:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/12/11 16:51:19 | 000,000,219 | RH-- | M] () -- C:\Windows\ctfile.rfc

[2012/12/03 20:33:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012/12/03 20:33:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012/12/03 20:33:14 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/12/03 20:33:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/12/03 20:33:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/12/03 20:33:14 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2 C:\Users\Wes Kidd\Documents\*.tmp files -> C:\Users\Wes Kidd\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/21 20:00:30 | 000,065,108 | ---- | C] () -- C:\Users\Wes Kidd\Desktop\1356103236988.jpg

[2012/12/21 18:18:14 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/21 17:25:56 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk

[2012/12/21 17:25:56 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk

[2012/12/21 17:25:56 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk

[2012/12/21 17:02:45 | 000,547,175 | ---- | C] () -- C:\Users\Wes Kidd\Desktop\AdwCleaner.exe

[2012/12/15 17:39:24 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll

[2012/12/11 17:08:21 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd

[2012/09/21 00:12:01 | 000,154,240 | ---- | C] () -- C:\Windows\AsPatch10430001.exe

[2012/07/21 21:28:47 | 000,003,584 | ---- | C] () -- C:\Users\Wes Kidd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/05/17 09:45:07 | 000,000,640 | ---- | C] () -- C:\Windows\wininit.ini

[2012/04/07 22:34:37 | 000,000,096 | ---- | C] () -- C:\Users\Wes Kidd\AppData\Local\fusioncache.dat

[2012/04/07 22:31:53 | 000,772,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/04/07 02:02:17 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2012/04/07 02:02:16 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2012/04/07 02:02:16 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2012/04/07 02:02:16 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2012/04/07 02:02:16 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2012/04/05 16:02:16 | 000,000,380 | ---- | C] () -- C:\Users\Wes Kidd\AppData\Roaming\sp_data.sys

[2012/04/05 07:55:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2012/03/05 13:16:52 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/01/11 18:21:08 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini

[2012/01/11 18:21:08 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini

[2012/01/11 18:21:08 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

[2012/01/11 18:21:07 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012/01/11 18:21:07 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012/01/11 18:09:18 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/09/29 04:14:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/07/18 03:40:15 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll

[2011/07/18 03:39:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

========== ZeroAccess Check ==========

[2009/07/14 09:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:49:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/05 08:42:14 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Acreon

[2012/04/04 02:22:17 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\ASUS WebStorage

[2012/07/29 21:46:17 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\foobar2000

[2012/04/06 03:03:14 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\GetRightToGo

[2012/04/08 02:05:47 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Lionhead Studios

[2012/04/04 03:04:35 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Nuance

[2012/04/07 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Playrix Entertainment

[2012/04/05 10:53:49 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Product_PT

[2012/06/30 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\PureEdge

[2012/04/24 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\ReviverSoft

[2012/12/10 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\SoftGrid Client

[2012/04/25 02:05:34 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\SystemRequirementsLab

[2012/04/24 09:02:02 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\TeamViewer

[2012/05/09 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\TP

[2012/06/29 22:10:59 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\TuneUp Software

[2012/04/04 03:04:33 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0D786AE3

< End of report >

Share this post


Link to post
Share on other sites

Extras.txt:

-------------------

OTL Extras logfile created on: 12/21/2012 9:05:39 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wes Kidd\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 10.19 Gb Available Physical Memory | 85.10% Memory free

23.95 Gb Paging File | 22.16 Gb Available in Paging File | 92.52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 440.76 Gb Total Space | 258.31 Gb Free Space | 58.61% Space Free | Partition Type: NTFS

Drive E: | 3.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 298.09 Gb Total Space | 298.05 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Drive H: | 931.28 Gb Total Space | 38.63 Gb Free Space | 4.15% Space Free | Partition Type: FAT32

Computer Name: WESKIDD | User Name: Wes Kidd | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)

[HKEY_USERS\S-1-5-21-4063102244-3220350283-1659995652-1000\SOFTWARE\Classes\<extension>]

.html [@ = DragonHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)

https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)

https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{25A8FFE5-873D-4649-B9F8-08B4C550AEF1}" = rport=10243 | protocol=6 | dir=out | app=system |

"{33BB18E5-6F1E-485A-A4C1-6E87B3052ED9}" = lport=10243 | protocol=6 | dir=in | app=system |

"{42328994-FF03-4427-86E4-C8145A641E64}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4693D76B-274F-4F68-9CBC-61ECE883EFA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5436C09A-E2BA-4119-B03B-4DB597271A26}" = lport=5353 | protocol=17 | dir=in | name=java platform se binary |

"{607AD8A1-5CE5-4743-9578-3CD74F804DAF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6BCD0C81-7704-4CB2-B2FC-C073BF43E871}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7E47D0B8-FAFC-4E41-8108-DA5A0F133CEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{86B813ED-3F1D-4307-9A7A-2AC7C9ABB03C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9D12A9D7-5225-4497-9C6C-122689D83455}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A16790BF-E2C1-45F1-879B-1944D1E51175}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{B0987DD5-E903-4532-85F6-6E21578F7C3E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B513849C-BFB3-4E2B-BE59-4C9CF97BDED9}" = lport=8182 | protocol=6 | dir=in | name=java platform se binary |

"{F11ECDD9-95BA-49BC-95AB-A72534B19CB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F68EE30F-3AB0-44E2-9F40-449EFC957C73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0169E448-E213-4020-BE35-4B8C9D1D9B78}" = protocol=17 | dir=in | app=c:\program files (x86)\acronis\diskdirectoradvanced\mms.exe |

"{08B52135-5D48-4F09-BA07-9CBA1D03F664}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |

"{09598C0B-3F12-46E1-85FC-14B0733189C6}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{0A1AFBE8-4C3A-4E12-81C0-008D3FEFD7D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0E4D8929-D416-4B68-8B5A-B224DFD585D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{123D30D7-1C8C-461D-B762-435BFAA42C9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{1390C526-8BB2-4499-8388-69D99EDAA605}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{13B3B628-AE58-4EAB-B1EE-BEB2C112D4A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{1790FC84-A23F-4A4D-9411-048B09909D78}" = dir=in | app=c:\users\wes kidd\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{1AF42BE8-A756-4B54-B344-E5A04E95DE66}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{2081D4C2-A59E-469D-9B8F-14C5516BAC0D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{25636A6C-1628-446C-B0D0-408C0523FF58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |

"{2571EE8C-41D7-4954-8686-5E8A668CEE5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2822E200-83AE-429E-A152-735C16AB0D1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{295B8288-4C0D-49FB-9E6E-763AE6FD64A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3431BC9A-8129-435D-9181-D17A3FAE05F0}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |

"{3476FB38-53A9-4373-B3BA-B2DA37BF3EC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |

"{35D17B34-B6B8-4AE8-BBB6-1D802F42D9F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3AD8A699-E132-4C6A-9020-63EC33EF2502}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |

"{3CAC0547-6F2A-49F8-8E08-1BC98ADF1E78}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe |

"{4095FBCF-7EBE-4F1A-87F7-2B0C1A483045}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{45D7469F-95AB-430C-A57D-9C6268A3457A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{49887F30-DA85-4939-96D7-0BD9C3C3C9EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{49A9B2F1-B2BA-45BD-B6CA-DFBB09B6EE70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4B9FE25A-D163-4F5F-8973-4AC75AEA1F76}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |

"{502FD31D-F9AD-472F-9356-2547DAA90DAF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |

"{54749F03-32EE-44D2-9156-E5096562DFFF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{59E08ED8-806D-4583-BC6B-75C383330BA3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{5D0B8B4A-2D33-4699-B1C1-CEAC2EE28BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |

"{671666DE-57D9-4781-827E-D0C9D09474FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |

"{69566C48-FA89-4637-963A-52C86D0B25A0}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |

"{6D75CAB1-76D0-4FAF-86C5-B3A0E7A920F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |

"{73135440-4A88-4F5E-9F36-D5854E07F05C}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |

"{764D820B-9BC5-416A-A0A0-0192B575AFEE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{78EC6D9E-7D2C-49E6-ADAF-2EF270051929}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe |

"{798D2960-F5B3-4794-AC4E-F7DF3BCD184B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{80CCFB47-F1BE-4253-9812-B231CCE74242}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |

"{811E1274-DC23-4AD0-93DF-CC367D55FE03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{82AF6875-B826-422F-B15D-70A12084102C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{82EA6E3A-6973-45C8-91FB-11E38B35D05C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{84B64DFE-473A-49A6-A00A-4B6885C13B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |

"{84D702D3-A2A0-4380-BEC6-F00F1BA5389B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{8698553F-1572-42D7-A639-D058C57DDA62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |

"{87E58CF5-AA4F-42F8-B289-22A1CC0E0642}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{91BEE3A3-37E3-479A-93FE-A800AF649A54}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{91F92727-9959-48E3-BDA5-09322A90FA77}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{95A8A7C9-5777-4896-BA9B-8391767B62EB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |

"{9751CCDE-68AD-4C00-89D5-58F9A03B4511}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |

"{A6ADF69C-6AD8-44BB-805D-FE302E4DE631}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |

"{AF5CBC08-A53E-49A0-A0B3-C74B7787870A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CE58976E-E5A4-4D54-B323-669FA8F3E991}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{D07B13AF-9AB9-4AF8-B14D-615EA17E4340}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{D3719006-A0BA-4AE9-AD72-CCA9C72A535F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |

"{D3787FEF-B1A6-4096-822C-CDB5E4B83B23}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{DB940D4C-74E7-40A4-8881-8E72224F554A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |

"{E2BA066F-2256-4789-872B-3EBECD9B5E69}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{E7481657-835D-453A-9A76-8F04B033FD6C}" = protocol=6 | dir=in | app=c:\program files (x86)\acronis\diskdirectoradvanced\mms.exe |

"{EEAA7DF3-741E-4458-9BD4-86C3A4678DC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{F86F4B13-21AF-401A-BA09-27B9E5BFBD4E}" = protocol=6 | dir=out | app=system |

"{FBF06105-7504-4F8A-8548-86DB1863F260}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |

"{FFB03083-985B-4D74-BE28-4A90C0DF99DC}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |

"TCP Query User{01B08732-8F54-4A27-BD77-FACBFE4F0D77}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |

"TCP Query User{5E6C8A29-21BE-41C0-87FE-E3188D30CE7D}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"TCP Query User{6402DA00-D006-4A5C-992E-CBF41BDC6308}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

"TCP Query User{6AFD818D-3486-47B6-B2DC-F1444C92E9B5}C:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe |

"TCP Query User{7D560481-1CE2-42C0-9930-F5D68F33E601}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"TCP Query User{828E5229-692A-41B7-8F7C-9DCD6DBCC109}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"TCP Query User{9C978809-95FD-4FEE-BDCA-63396F4BED95}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"TCP Query User{9D5FE820-A0FF-4CCB-9C21-262EDB2338E4}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe |

"TCP Query User{9DDEA07E-7E95-4D22-9953-C56A2308F4E4}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"UDP Query User{2A04C88C-705D-4338-90E4-5B9CBDA9BB9C}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"UDP Query User{5758AFF5-A0C8-4F77-86AC-0C4192FD2CF6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"UDP Query User{6FAF3F0A-1A42-44DA-A300-9593AD074239}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"UDP Query User{823CF062-BF2C-4BD5-839B-5BF78AF45345}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe |

"UDP Query User{845E9A2E-B4C0-428D-AAEB-53AA1B8F1888}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |

"UDP Query User{977EF30F-A9D0-4746-B3F7-DC462D22F838}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"UDP Query User{A3F00A74-35BB-4C48-870F-C07087489D62}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"UDP Query User{B6B488FF-02C7-498B-A3FD-142EDC455481}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

"UDP Query User{DB4CDEFC-EDB8-4828-8F26-5A7751BF7220}C:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17F94DA8-CB07-4BD8-A6DB-E53A1CC5C433}" = Fresco Logic USB3.0 Host Controller

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety

"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety

"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety

"{749BE6FF-815E-4F36-901B-7AC301B50330}" = Windows Live Family Safety

"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.17

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0

"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"BatteryOptimizer" = Battery Optimizer

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common

"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04F46566-A95C-46FF-9CA1-F3FDBAB61283}" = DriverUpdate

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common

"{2A9767A4-577D-4806-A121-7F0010F6BC60}" = Latency Optimizer FREE VERSION

"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player

"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh

"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack

"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack

"{53B91797-7CC8-41AA-999E-C33DAEC63A1A}" = Acronis Disk Director 11 Advanced Agent

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{686695ED-BB3F-415D-B0DB-18CF535F7B50}" = Driver Manager

"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources

"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EF18153-2F5C-4511-9C05-2BF39F5A241A}" = Acronis Disk Director 11 Advanced Bootable Media Builder

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker

"{9170B2A2-FC44-4ec2-AEB6-9052626B2A2E}_is1" = Driver Reviver

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail

"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus

"{AFDDB79D-3FB6-4E82-832C-728F73FAC327}" = Acronis Disk Director 11 Advanced Management Console

"{B11AB9C8-18A6-41DC-98B4-4988CC030136}" = THX TruStudio

"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack

"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E21161DD-05A2-42ED-A0EC-9C1393F51A64}" = GeekBuddy

"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas

"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心

"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)

"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update

"{FBAC8FFD-94EF-432F-8278-A5EF959DC640}" = THX TruStudio Pro

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FDAD2767-11CA-4D38-9CC4-48770CE3CC7B}" = Notification Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Asus Vibe2.0" = AsusVibe2.0

"ASUS WebStorage" = ASUS WebStorage

"AsusScr_G74 Series_ENG" = AsusScr_G74 Series_ENG

"bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801

"Belarc Advisor" = Belarc Advisor 8.2

"Browseforchange_browseforchange" = Browse For Change

"Cheat Engine 6.1_is1" = Cheat Engine 6.1

"Diablo II" = Diablo II

"Diablo III" = Diablo III

"DivX Setup" = DivX Setup

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition

"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0

"foobar2000" = foobar2000 v1.1.11

"Google Chrome" = Google Chrome

"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud

"KeyFinder_is1" = Magical Jelly Bean KeyFinder

"LogonStudio" = LogonStudio

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"PC Tools Utilities_is1" = PC Tools Performance Toolkit 2.0

"StarCraft II" = StarCraft II

"Steam App 102500" = Kingdoms of Amalur: Reckoning™

"Steam App 105400" = Fable III

"Steam App 200710" = Torchlight II

"Steam App 211420" = Dark Souls: Prepare to Die Edition

"Steam App 36620" = Forsaken World

"Steam App 570" = Dota 2

"Steam App 72850" = The Elder Scrolls V: Skyrim

"VideoConverter" = VideoConverter

"WindowBlinds" = WindowBlinds

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4063102244-3220350283-1659995652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon Kindle" = Amazon Kindle

"Stardock Central" = Stardock Central

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/16/2012 6:22:26 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\systeminfo.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2012 6:23:23 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\DiskDirectorAdvancedService.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2012 6:23:52 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\TrueImage.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2012 6:23:59 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\RecoveryExpert.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/16/2012 6:24:01 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\mms.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/18/2012 8:51:37 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\systeminfo.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/18/2012 8:52:28 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\DiskDirectorAdvancedService.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/18/2012 8:52:34 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\TrueImage.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/18/2012 8:52:37 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\RecoveryExpert.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/18/2012 8:52:38 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\mms.exe".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]

Error - 7/1/2012 7:39:29 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 4:09:29 PM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: An unexpected error occurred on a send.)

Error - 7/1/2012 7:39:29 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 4:09:29 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: An unexpected error occurred on a send.)

Error - 7/1/2012 7:39:30 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 4:09:29 PM - Failed to retrieve Broadband (Error: The underlying connection

was closed: An unexpected error occurred on a send.)

Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 5:09:34 PM - Failed to retrieve Directory (Error: The underlying connection

was closed: An unexpected error occurred on a send.)

Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 5:09:34 PM - Failed to retrieve NetTV (Error: The underlying connection

was closed: An unexpected error occurred on a send.)

Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 5:09:34 PM - Failed to retrieve MCEClientUX (Error: The underlying

connection was closed: An unexpected error occurred on a send.)

Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 5:09:34 PM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: An unexpected error occurred on a send.)

Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 5:09:34 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: An unexpected error occurred on a send.)

Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 5:09:34 PM - Failed to retrieve Broadband (Error: The underlying connection

was closed: An unexpected error occurred on a send.)

Error - 7/1/2012 9:43:07 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0

Description = 6:13:02 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: An unexpected error occurred on a receive.)

[ System Events ]

Error - 8/26/2012 6:17:58 PM | Computer Name = WesKidd | Source = bowser | ID = 8003

Description =

Error - 8/27/2012 8:10:32 AM | Computer Name = WesKidd | Source = bowser | ID = 8003

Description =

Error - 8/27/2012 1:56:10 PM | Computer Name = WesKidd | Source = bowser | ID = 8003

Description =

Error - 8/29/2012 10:28:59 AM | Computer Name = WesKidd | Source = bowser | ID = 8003

Description =

Error - 8/31/2012 5:46:24 PM | Computer Name = WesKidd | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Steam

Client Service service to connect.

Error - 8/31/2012 5:46:24 PM | Computer Name = WesKidd | Source = Service Control Manager | ID = 7000

Description = The Steam Client Service service failed to start due to the following

error: %%1053

Error - 9/2/2012 3:24:41 AM | Computer Name = WesKidd | Source = NetBT | ID = 4321

Description = The name "WORKGROUP :1d" could not be registered on the interface

with IP address 172.16.0.27. The computer with the IP address 172.16.0.201 did not

allow the name to be claimed by this computer.

Error - 9/2/2012 3:24:51 AM | Computer Name = WesKidd | Source = NetBT | ID = 4321

Description = The name "WORKGROUP :1d" could not be registered on the interface

with IP address 172.16.0.27. The computer with the IP address 172.16.0.201 did not

allow the name to be claimed by this computer.

Error - 9/2/2012 3:25:48 AM | Computer Name = WesKidd | Source = NetBT | ID = 4321

Description = The name "WORKGROUP :1d" could not be registered on the interface

with IP address 172.16.0.27. The computer with the IP address 172.16.0.201 did not

allow the name to be claimed by this computer.

Error - 9/2/2012 3:26:04 AM | Computer Name = WesKidd | Source = NetBT | ID = 4321

Description = The name "WORKGROUP :1d" could not be registered on the interface

with IP address 172.16.0.27. The computer with the IP address 172.16.0.201 did not

allow the name to be claimed by this computer.

< End of report >

Share this post


Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save to flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.