Solved Need help to remove svchost.exe trojan

Status
Not open for further replies.
Go to Start > type in User Accounts and click on the result.

Delete the following user accounts:

adm
admn
adm²n

Be careful with them, to make sure you don't delete your own account. You shouldn't be able to delete "admin", since that is your main account.

Let me know once done, and post a new OTL log, please.
 
Deleted those users - They weren't registered with windows as legitimate user accounts, so I simply deleted them.

OTL Quickscan log

OTL logfile created on: 1/16/2013 12:33:53 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admın\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.46% Memory free
4.00 Gb Paging File | 2.61 Gb Available in Paging File | 65.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 391.37 Gb Total Space | 132.68 Gb Free Space | 33.90% Space Free | Partition Type: NTFS
Drive D: | 540.04 Gb Total Space | 533.58 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 7.45 Gb Total Space | 2.24 Gb Free Space | 30.08% Space Free | Partition Type: FAT32

Computer Name: ADMıN-PC | User Name: admın | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/14 01:42:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
PRC - [2013/01/12 03:40:17 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/10 18:09:38 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/26 14:29:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/10/20 14:33:42 | 003,281,528 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mIRC\mirc.exe
PRC - [2012/04/26 14:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
MOD - [2013/01/16 00:28:21 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
MOD - [2013/01/16 00:28:21 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
MOD - [2013/01/12 03:40:06 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 18:09:37 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/12 03:40:16 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 18:09:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 11:38:11 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/01 12:00:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/26 22:00:18 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l6TportUX864.sys -- (l6TportUX8)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001/09/27 16:00:32 | 000,027,584 | ---- | M] (NemeSys Music Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\filespy.sys -- (FILESPY)
DRV - [2001/09/27 15:48:46 | 000,738,976 | ---- | M] (Conexant Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew.sys -- (EWAVE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.4.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/26 14:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 03:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/26 14:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Extensions
[2013/01/11 00:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions
[2013/01/11 00:02:41 | 000,013,552 | ---- | M] () (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2012/12/11 15:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/26 14:29:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\ADMıN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDCV06KM.DEFAULT\EXTENSIONS\{B9BFAF1C-A63F-47CD-8B9A-29526CED9060}.XPI
[2013/01/12 03:40:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 08:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 08:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\admın\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/01/15 00:07:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\3D422E.vbe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D9982C-60BF-4A1A-B593-D428CF93A2A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87342CD1-FF71-409D-A95B-74347ABAA8CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBEAA541-9425-4117-8BE9-94DA26EFE021}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF913288-5A1B-4CB8-BC7B-1068999963B0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/15 00:07:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/15 00:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/14 13:47:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/14 01:42:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/14 01:25:34 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\mbar
[2013/01/13 00:01:10 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/12 02:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/12 02:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/10 23:06:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/10 23:03:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/10 22:46:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/10 22:46:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/10 22:46:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/10 22:46:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/10 22:46:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/10 18:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/10 18:26:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/10 18:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/10 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/10 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/10 13:29:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/10 12:23:44 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\EverestTest
[2013/01/09 18:17:23 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2013/01/05 17:20:14 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\Backtracks
[2013/01/05 13:20:51 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\SongLyrics
[2012/12/30 02:48:51 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\Programs
[2012/12/26 01:50:37 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/24 20:57:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/12/22 13:03:26 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\GuitarLessonResource
[2012/12/19 12:01:03 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\4A Games
[2012/12/19 12:00:02 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\4A Games
[2012/12/18 18:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/12/18 18:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/16 00:34:28 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 00:34:28 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 00:27:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/16 00:27:06 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/15 22:09:00 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/15 22:07:37 | 001,564,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/15 22:07:37 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/01/15 22:07:37 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/15 22:07:37 | 000,138,932 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/01/15 22:07:37 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 00:07:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/14 13:47:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/14 01:42:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/13 02:01:12 | 251,439,298 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/13 01:24:04 | 000,000,228 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/01/12 02:31:45 | 151,469,960 | ---- | M] () -- C:\Users\admın\Desktop\setup_11.0.0.1245.x01_2013_01_12_03_36.exe
[2013/01/11 12:47:23 | 000,021,132 | ---- | M] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | M] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | M] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | M] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/01/10 16:50:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/10 13:13:29 | 000,342,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 13:11:32 | 001,542,464 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/03 12:23:01 | 000,040,162 | ---- | M] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:55 | 000,055,885 | ---- | M] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:39 | 028,449,468 | ---- | M] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:09:02 | 000,098,545 | ---- | M] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:54 | 000,036,370 | ---- | M] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:39 | 000,209,288 | ---- | M] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:38 | 000,100,801 | ---- | M] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:51 | 000,081,736 | ---- | M] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:57:52 | 150,719,027 | ---- | M] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:22 | 000,075,354 | ---- | M] () -- C:\Users\admın\Documents\Nice.jpg
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/13 00:23:41 | 000,000,228 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/01/12 02:28:27 | 151,469,960 | ---- | C] () -- C:\Users\admın\Desktop\setup_11.0.0.1245.x01_2013_01_12_03_36.exe
[2013/01/11 12:47:04 | 000,021,132 | ---- | C] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | C] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | C] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 22:46:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/10 22:46:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/10 22:46:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/10 22:46:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/10 22:46:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/10 18:26:47 | 000,001,133 | ---- | C] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 16:50:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/10 16:50:45 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/03 23:15:37 | 737,107,968 | ---- | C] () -- C:\Users\admın\Desktop\The Shawshank Redemption[1994]DvDrip[Eng]-FXG.avi
[2013/01/03 12:22:50 | 000,040,162 | ---- | C] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:51 | 000,055,885 | ---- | C] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:23 | 028,449,468 | ---- | C] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:08:57 | 000,098,545 | ---- | C] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:49 | 000,036,370 | ---- | C] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:29 | 000,209,288 | ---- | C] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:32 | 000,100,801 | ---- | C] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:50 | 000,081,736 | ---- | C] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:54:59 | 150,719,027 | ---- | C] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:15 | 000,075,354 | ---- | C] () -- C:\Users\admın\Documents\Nice.jpg
[2012/11/22 01:28:28 | 000,119,840 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/11 23:46:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/11 23:46:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/01 16:19:59 | 000,000,359 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012/07/01 12:49:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/07/01 12:49:22 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012/06/30 19:16:51 | 001,542,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/30 17:40:29 | 000,296,448 | ---- | C] () -- C:\Windows\LOOP.exe
[2012/06/30 17:38:19 | 000,000,113 | ---- | C] () -- C:\Windows\system32.INI
[2012/06/30 11:57:57 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/06/28 14:04:00 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/28 14:04:00 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/28 14:04:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/28 14:04:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/28 14:03:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/25 11:48:58 | 000,074,293 | ---- | C] () -- C:\Users\admın\AppData\Roaming\Setup.1.2.exe

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/09 21:45:57 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Acoustica
[2012/07/01 20:42:07 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Antares
[2012/07/01 12:02:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\DAEMON Tools Pro
[2012/06/30 11:28:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\GHISLER
[2012/07/02 15:41:03 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Image-Line
[2012/12/09 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\KORG
[2012/07/03 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Line 6
[2012/06/30 17:39:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Mopis
[2012/12/09 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\PACE Anti-Piracy
[2012/11/11 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\PunkBuster
[2012/11/12 15:20:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Rovio
[2012/12/26 01:50:37 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/09 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\SynthMaker
[2012/07/02 15:33:30 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Toontrack
[2013/01/12 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\uTorrent
[2012/07/01 20:56:31 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Waves Audio

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1339 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:WVViVGXyIw88PnYxHA3M
@Alternate Data Stream - 1271 bytes -> C:\ProgramData\Microsoft:Qstur9fW4hys2oFIPsGT1N
@Alternate Data Stream - 1271 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:wA46eoPGPeO4snilK0kc7mMFIYi
@Alternate Data Stream - 1227 bytes -> C:\ProgramData\Microsoft:03yUl3P72JlarMKI5TEPS0783lIG
@Alternate Data Stream - 1176 bytes -> C:\ProgramData\Microsoft:zsUqGa9oZSuGytqJEMvkANc

< End of report >
 
Do you know what this is: C:\Windows\SysNative\.crusader

If so, then remove that part from the fix below under :files...

OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    PRC - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    PRC - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    MOD - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    MOD - [2013/01/16 00:28:21 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
    MOD - [2013/01/16 00:28:21 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
    [2013/01/16 00:28:21 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
    [2013/01/16 00:28:21 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
    IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    [2013/01/11 00:02:41 | 000,013,552 | ---- | M] () (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
    File not found (No name found) -- C:\USERS\ADMıN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDCV06KM.DEFAULT\EXTENSIONS\{B9BFAF1C-A63F-47CD-8B9A-29526CED9060}.XPI
    [2013/01/12 02:31:45 | 151,469,960 | ---- | M] () -- C:\Users\admın\Desktop\setup_11.0.0.1245.x01_2013_01_12_03_36.exe

    :files
    ipconfig /flushdns /c
    C:\Windows\SysNative\.crusader

    :commands
    [emptytemp]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
 
Something interesting. After deleting the users and re-running the OTL scan, the trojan is still there in the same folder.

I was looking at some earlier logs (from Rkill) from before I asked for your help when I was still blindly trying to take care of this on my own. I noticed this:

Checking HOSTS File:

* HOSTS file entries found:

ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t


And I compared it to the Rkill log that I posted in my first post in this thread. That line isn't there in that log.

Should I run Rkill again and see if this shows up in the log again? I'm not sure if it means anything, but I did a google search on it and some other threads about ZeroAccess rootkit trojans showed up.
 
C:\Windows\SysNative\.crusader <--- I don't know what it is, but I did a google search and it showed up under other rootkit trojan threads .

Also when I pasted that line into my firefox browser it brought me to this:

<Actions><Group name="Trojan"><File path="C:\Users\admın\AppData\Local\Temp\libpdcurses.dll" /></Group></Actions>

Should I still remove that line from the fix you posted above?
 
Here's the OTL log from that last fix you posted. I didn't remove the \.crusader line as I do not know what it is.

All processes killed
========== OTL ==========
No active process named svchost.exe was found!
No active process named svchost.exe was found!
C:\Users\admın\AppData\Local\Temp\svchost.exe moved successfully.
File C:\Users\admın\AppData\Local\Temp\svchost.exe not found.
C:\Users\admın\AppData\Local\Temp\libcurl-4.dll moved successfully.
C:\Users\admın\AppData\Local\Temp\libpdcurses.dll moved successfully.
HKEY_USERS\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi moved successfully.
C:\Users\admın\Desktop\setup_11.0.0.1245.x01_2013_01_12_03_36.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\admın\Desktop\cmd.bat deleted successfully.
C:\Windows\SysNative\.crusader moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin

User: admın
->Temp folder emptied: 259720 bytes
->Temporary Internet Files folder emptied: 1034213 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75869007 bytes
->Google Chrome cache emptied: 6262248 bytes
->Flash cache emptied: 2435 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26818 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 80.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01162013_113048

Files\Folders moved on Reboot...
C:\Users\admın\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Unfortunately the files are still there, svchost.exe + the .dll's in the same temp folder. This is a stubborn one.. :(
 
No risk in removing it, then...

OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    PRC - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    PRC - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    MOD - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
    MOD - [2013/01/16 00:28:21 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
    MOD - [2013/01/16 00:28:21 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
    [2013/01/16 00:28:21 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
    [2013/01/16 00:28:21 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll

    :files
    C:\Windows\SysNative\.crusader

    :commands
    [emptytemp]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


I don't like using my ridiculously long tool, but here we go anyway (please post this in two or three replies instead of attaching):

MySystemSearch

Please download MySystem-Search from HERE

  • Save the file to your Desktop.
  • Double-click on mss.exe
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply.
Note: the logs are long. Please use more than one post, if necessary.
 
OTL log:

All processes killed
========== OTL ==========
No active process named svchost.exe was found!
No active process named svchost.exe was found!
C:\Users\admın\AppData\Local\Temp\svchost.exe moved successfully.
File C:\Users\admın\AppData\Local\Temp\svchost.exe not found.
C:\Users\admın\AppData\Local\Temp\libcurl-4.dll moved successfully.
C:\Users\admın\AppData\Local\Temp\libpdcurses.dll moved successfully.
========== FILES ==========
File\Folder C:\Windows\SysNative\.crusader not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admın
->Temp folder emptied: 259788 bytes
->Temporary Internet Files folder emptied: 5833825 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 126993454 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1506 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5758 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 127.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01162013_234733

Files\Folders moved on Reboot...
C:\Users\admın\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Log from mss:


MySystem-Search


MSS v1.7


Basic System Information

Username: admn - Date: 01/17/2013 - Time: 2:09:07

Microsoft Windows [Version 6.1.7601]
Processor type: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
Total processors: 8
Computer Name: ADMN-PC
Logon Server: \\ADMN-PC


CD Emulation Drivers running?



Peer-to-Peer applications?

uTorrent found!


Security Tools Check

Malwarebytes' Anti-Malware
UnHackMe


File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile


Running processes

PROCESS PID PRIO PATH
DTAgent.exe 2812 Normal C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe
Steam.exe 2832 Normal C:\Program Files (x86)\Steam\Steam.exe
jusched.exe 2948 Normal C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
realsched.exe 3020 Normal C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
WScript.exe 3032 Normal C:\Windows\SysWOW64\WScript.exe
Reader_sl.exe 1376 Normal C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
mss.exe 3428 Normal C:\Users\admın\Downloads\mss.exe
cmd.exe 808 Normal C:\Windows\SysWOW64\cmd.exe
pv.exe 2208 Normal C:\Users\admın\Downloads\pv.exe


User Profile check

admn
Public


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3655514959-12179107-2567171075-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\admn
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000004FBBE2D9A3D6B90003EC0399E8030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x2
RunLogonScriptSync REG_DWORD 0x0



Current Scheduled Tasks

PATH: C:\Windows\Tasks

Adobe Flash Player Updater.job
SCHEDLGU.TXT
SA.DAT


Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 1A81-3B21

Directory of C:\Windows\System32\Drivers

Volume in drive C has no label.
Volume Serial Number is 1A81-3B21

Directory of C:\Windows\System32\Drivers

09/27/2001 03:48 PM 738,976 ew.sys
09/27/2001 03:50 PM 12,320 nstation.sys
09/27/2001 04:00 PM 27,584 filespy.sys
08/08/2007 08:52 AM 185,856 rig3usb.sys
08/08/2007 08:52 AM 25,600 rig3avs.sys
06/10/2009 11:14 PM 3,440,660 gm.dls
06/10/2009 11:14 PM 646 gmreadme.txt
07/14/2009 03:19 AM 19,008 wimmount.sys
07/14/2009 02:44 PM <DIR> UMDF
07/14/2009 02:44 PM <DIR> tr-TR
06/29/2012 11:38 AM <DIR> en-US
01/10/2013 10:59 PM <DIR> .
01/10/2013 10:59 PM <DIR> ..
8 File(s) 4,450,650 bytes
5 Dir(s) 142,091,468,800 bytes free


Stealth malware?


Internet Explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
AutoHide REG_SZ yes
Security Risk Page REG_SZ about:SecurityRisk
Extensions Off Page REG_SZ about:NoAdd-ons
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Anchor_Visitation_Horizon REG_BINARY 01000000
Cache_Percent_of_Disk REG_BINARY 0A000000
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Default_Secondary_Page_URL REG_MULTI_SZ
Use_Async_DNS REG_SZ yes
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Local Page REG_SZ C:\Windows\SysWOW64\blank.htm
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit REG_SZ yes
Enable_Disk_Cache REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
IE5_UA_Backup_Flag REG_SZ 5.0
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
EmailName REG_SZ User@
PrivDiscUiShown REG_DWORD 0x1
EnableHttp1_1 REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x1
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
AutoConfigProxy REG_SZ wininet.dll
UseSchannelDirectly REG_BINARY 01000000
WarnOnPost REG_BINARY 01000000
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
PrivacyAdvanced REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY B86503E459A3CD01
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x1
CertificateRevocation REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\Windows\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
XMLHTTP REG_DWORD 0x1
NoUpdateCheck REG_DWORD 0x1
UseClearType REG_SZ no
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Start Page REG_SZ
CompatibilityFlags REG_DWORD 0x0
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2700000027000000470300007F020000
Start Page Redirect Cache_TIMESTAMP REG_SZ
Start Page Redirect Cache AcceptLangs REG_SZ
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY FE429F9D2655CD01
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY 304282A12655CD01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 90A384A12655CD01
NotifyDownloadComplete REG_SZ no
Use FormSuggest REG_SZ no
NoProtectedModeBanner REG_DWORD 0x1
Check_Associations REG_SZ yes
DisableScriptDebuggerIE REG_SZ yes
IconCache REG_SZ rb4hvox
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Microsoft Excel'e &Ver


Security Center


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging



Uninstall List


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2YourFace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Acoustica Mixcraft 6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AngryBirdsStarWars 1.00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antares Auto-Tune 3.03 DirectX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cakewalk Rapture_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Camel Audio Camel Phat VST v3.15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConcreteFX QDelay VST v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cool Edit Pro 2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cuttermusic Revitar VSTi v1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Daemon Tools Pro v5.1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dash Signature EMM Knagalis VSTi v1.28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dash Signature theAbstractGuitar VSTi v1.18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\db-audioware-quantum-fx-1.06
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\discoDSP Phantom_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Edirol HQ Orchestral v1.01
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Edirol Hyper Canvas
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Edirol SuperQuartet v1.02
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FL Studio 10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GForce.Software.Minimonsta.RTAS.VSTi.v1.03-DAC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GMedia Music impOSCar VSTi v1.0.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GR-55FloorBoard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IL Download Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IL Slicex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iZotope Ozone DX Plugin v1.0.0.6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iZotope Ozone v3.02
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iZotope Trash v1.02
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kiesel.Software.Helga.VSTi.v1.1b003-0xdBass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Korg Legacy Collection v1.1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Line 6 Uninstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mopis VSTi v1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Morphine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 18.0 (x86 en-US)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Native Instruments - Rig Kontrol 3 Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Native Instruments FM7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Native Instruments Guitar Rig 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Native Instruments Service Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nomad Factory Blue Tubes Bundle v2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nomad Factory Liquid Bundle VST v1.6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nomad Factory Rock Amp Legends VST v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Novation Bass-Station VSTi v1.10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oddity VST2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PoiZone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PunkBusterSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 15.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReFX Vanguard VSTi v1.03 Retail
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReFX Vanguard VSTi v1.04
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 43110
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sytrus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toxic Biohazard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toxic III_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vertigo2_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wasp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{038B2DB1-2B9C-45C6-A55F-17B60D80C9D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{048298C9-A4D3-490B-9FF9-AB023A9238F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1203DC60-D9BD-44F9-B372-2B8F227E6094}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{147567F0-8575-4BE0-B5B3-62706C67FA5A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217005FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33691AFF-9ABF-4278-BDB6-902EE07D9237}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{430399DC-98BC-4A7F-8F8E-77981CABAE05}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{443B561F-DE1B-4DEF-ADD9-484B684653C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C4D25EB-6513-4702-8355-F4194DE2E1D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{523DF2BB-3A85-4047-9898-29DC8AEB7E69}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54194F60-988C-4D03-B922-C2B00EFDA39A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8094F7AE-CA21-4AF2-A256-BC918CE0E796}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{82DF9225-13EC-41BD-BE31-AAB121B38166}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85373DA7-834E-4850-8AF5-1D99F7526857}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{888F1505-C2B3-4FDE-835D-36353EBD4754}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2162169
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2478063
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2544514
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2572063
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2599651
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600211
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2604121
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2639327
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2682543
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-041F-0000-0000000FF1CE}_ENTERPRISE_{96901D15-104F-43E2-9D90-A17022D975B2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0407-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-041F-0000-0000000FF1CE}_ENTERPRISE_{6A61C934-56F9-4AC6-A43B-30E3F9D886F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{020B65AD-B2ED-4B35-92CA-DB56EFB864A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-041F-1000-0000000FF1CE}_ENTERPRISE_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{020B65AD-B2ED-4B35-92CA-DB56EFB864A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{293FB6BE-D3EB-4162-B522-F9108040B9FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3579CE34-B225-4B19-A3AF-DE5F562A212F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{43171CAD-DC60-4E7B-9703-B2EC18001B9F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{488F0918-97F9-4CD0-8AD5-8986A46AC962}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{718E87EC-6590-485A-B12D-C01D290EDB12}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{AEA16A27-0B97-4670-818F-A98D06EC0A6F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B145DBBB-7778-4A5D-9D2B-DA6569F02391}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C7351301-60F9-4B04-AFF6-600A4C98CE40}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CAB47CC0-A98C-47DD-9FA1-C0416EC96ED5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E34960DB-2A93-45DB-A208-02650F7AB09C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-041F-0000-0000000FF1CE}_ENTERPRISE_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-2005-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92DE01AB-0E6F-4F47-8159-91B86FAEC218}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1055-7B44-AA1000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2162169
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708v2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478063
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2514805
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2544514
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572063
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2599651
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2639327
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2698021
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2732797
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome


Adobe Products


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 11 ActiveX
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 11.5.502.146
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xb
VersionMinor REG_DWORD 0x5
UninstallString REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe -maintain activex
DisplayIcon REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
EstimatedSize REG_DWORD 0x1800


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 11 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 11.5.502.146
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xb
VersionMinor REG_DWORD 0x5
UninstallString REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe
EstimatedSize REG_DWORD 0x1800



Autorun


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DAEMON Tools Pro Agent REG_SZ "C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe" -autorun
Steam REG_SZ "C:\Program Files (x86)\Steam\Steam.exe" -silent


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched REG_SZ "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Adobe ARM REG_SZ "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
TkBellExe REG_SZ "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
Adobe REG_SZ C:\ProgramData\Adobe\3D422E.vbe



Restrictions - Internet Explorer




Restrictions - REGEDIT




Restrictions - Explorer


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x91
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


DNS Settings


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26D9982C-60BF-4A1A-B593-D428CF93A2A0}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87342CD1-FF71-409D-A95B-74347ABAA8CE}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BBEAA541-9425-4117-8BE9-94DA26EFE021}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF913288-5A1B-4CB8-BC7B-1068999963B0}

Windows IP Configuration

Host Name . . . . . . . . . . . . : admyn-pc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Kablosuz A§ Ba§lants 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASUS USB Kablosuz A§ Ba§daŸtrcs #2
Physical Address. . . . . . . . . : 00-22-15-B0-4F-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d84:bfe0:d6a6:ad18%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 2:09:01 AM
Lease Expires . . . . . . . . . . : Sunday, January 20, 2013 2:09:01 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Yerel A§ Ba§lants:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-24-1D-10-93-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Ba§daŸtrcs
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:245c:3ce3:3f57:fefb(Preferred)
Link-local IPv6 Address . . . . . : fe80::245c:3ce3:3f57:fefb%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled


AppInit DLLs


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ



Shell Service Object Delay Load


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}




Shell Execute Hooks




Image File Execution Options


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE


Security Providers



Local Security Authority


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0pku2u\0livessp
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x23c
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x1
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
enabledcom REG_SZ y
 
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


AppCert DLLs



App Paths


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
(Default) REG_SZ C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files (x86)\Adobe\Reader 10.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AUTOTUNE3_DX_key
Path REG_SZ C:\PROGRA~2\ANTARE~1\ANTARE~1
(Default) REG_SZ C:\PROGRA~2\ANTARE~1\ANTARE~1\AAT3 DirectX Register.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
Path REG_SZ C:\Users\admn\AppData\Local\Google\Chrome\Application
(Default) REG_SZ C:\Users\admn\AppData\Local\Google\Chrome\Application\chrome.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
CmstpExtensionDll REG_SZ C:\Windows\system32\cmcfg32.dll
CmNative REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
(Default) REG_SZ C:\Users\admn\Downloads\ComboFix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dvdmaker.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\DVD Maker\dvdmaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
(Default) REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files (x86)\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\FL.exe
(Default) REG_SZ C:\Program Files (x86)\Image-Line\FL Studio 10\FL.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GearBox.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\GearBox\GearBox.exe
Path REG_SZ C:\Program Files (x86)\Line6\GearBox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GR-55FloorBoard.exe
(Default) REG_SZ C:\Program Files (x86)\GR-55FloorBoard\GR-55FloorBoard.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEDIAGCMD.EXE
(Default) REG_SZ C:\Program Files (x86)\Internet Explorer\IEDIAGCMD.EXE
Path REG_SZ C:\Program Files (x86)\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files (x86)\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
(Default) REG_SZ C:\Program Files (x86)\Java\jre7\bin\javaws.exe
Path REG_SZ C:\Program Files (x86)\Java\jre7\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Journal.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Journal\Journal.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\L6LicenseManager.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\Tools\Line 6 License Manager\L6LicenseManager.exe
Path REG_SZ C:\Program Files (x86)\Line6\Tools\Line 6 License Manager

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LangSelector.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\LangSelector.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Line 6 Monkey.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\Tools\Line 6 Monkey\Line 6 Monkey.exe
Path REG_SZ C:\Program Files (x86)\Line6\Tools\Line 6 Monkey

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
(Default) REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mip.exe
(Default) REG_EXPAND_SZ %CommonProgramFiles%\Microsoft Shared\Ink\mip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mpc-hc.exe
(Default) REG_SZ "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe"
Path REG_SZ "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Messenger\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
(Default) REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\OIS.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
(Default) REG_EXPAND_SZ %SystemRoot%\System32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\POD Farm 2.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\POD Farm 2\POD Farm 2.exe
Path REG_SZ C:\Program Files (x86)\Line6\POD Farm 2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\POD Farm.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\POD Farm\POD Farm.exe
Path REG_SZ C:\Program Files (x86)\Line6\POD Farm

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerShell.exe
(Default) REG_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe
Path REG_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RealPlay.exe
(Default) REG_SZ C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Path REG_SZ C:\Program Files (x86)\Real\RealPlayer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RealUpgrade.exe
(Default) REG_SZ C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Path REG_SZ C:\Program Files (x86)\Real\RealUpgrade

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rnxproc.exe
(Default) REG_SZ C:\Program Files (x86)\Real\RealPlayer\Update\rnxproc.exe
Path REG_SZ C:\Program Files (x86)\Real\RealPlayer\Update\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SnippingTool.exe
(Default) REG_EXPAND_SZ %SystemRoot%\system32\SnippingTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
(Default) REG_EXPAND_SZ %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Waves
Path REG_SZ C:\Program Files (x86)\Waves

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WindowsLivePhotoViewer.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Photo Gallery\WindowsLivePhotoViewer.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
(Default) REG_SZ C:\Program Files (x86)\WinRAR\WinRAR.exe
Path REG_SZ C:\Program Files (x86)\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlarp.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlsettings.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\wlsettings.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlstartup.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\wlstartup.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\yourapp.Exe
Path REG_SZ C:\Program Files (x86)\Edirol\Orchestral VST
(Default) REG_SZ C:\Program Files (x86)\Edirol\Orchestral VST\yourapp.Exe



Mozilla


HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{0153E448-190B-4987-BDE1-F256CADA672F} REG_SZ C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs
C:\Program Files (x86)\Mozilla Firefox REG_SZ E7CF176E110C211B

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
(Default) REG_SZ 18.0
CurrentVersion REG_SZ 18.0 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\18.0 (en-US)
(Default) REG_SZ 18.0 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\18.0 (en-US)\Main
Install Directory REG_SZ C:\Program Files (x86)\Mozilla Firefox
PathToExe REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\18.0 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox 18.0 (x86 en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 18.0
GeckoVer REG_SZ 18.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 18.0\bin
PathToExe REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 18.0\extensions
Components REG_SZ C:\Program Files (x86)\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files (x86)\Mozilla Firefox\plugins



Shared Task Scheduler




SafeBoot



SafeBootMinimal


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21636978.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


SafeBootNetwork


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21636978.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


File Rename Operations - Session




Known DLLs - Session


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
DllDirectory32 REG_EXPAND_SZ %SystemRoot%\syswow64
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
PSAPI REG_SZ PSAPI.DLL
rpcrt4 REG_SZ rpcrt4.dll
sechost REG_SZ sechost.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll
DifxApi REG_SZ difxapi.dll



Downloaded program files (ActiveX)


PATH: C:\windows\Downloaded Program Files



Mountpoints


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1091da2e-c28e-11e1-87c1-00241d1093b3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{276a846d-5f4e-11e2-b66e-00241d1093b3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4adb30d1-c118-11e1-b588-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4adb30d2-c118-11e1-b588-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4adb30d5-c118-11e1-b588-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b8a989-c363-11e1-960b-00241d1093b3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b8a98c-c363-11e1-960b-00241d1093b3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d075060e-c4e2-11e1-9ef0-00241d1093b3}


Winlogon


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
DefaultDomainName REG_SZ
DefaultUserName REG_SZ
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile
AUTORESTARTSHELL REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions


Windows Update



Security Software Information

*Note*: Some security software does not store itself in the WMI.



{END OF FILE}
 
Okay I accidentally clicked 'Run Scan' instead of 'Quickscan'.

So here is the log from 'Run Scan' (just in case) and in the next post I will post the result of the OTL 'Quickscan'.

OTL logfile created on: 1/17/2013 10:00:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admın\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 44.84% Memory free
4.00 Gb Paging File | 2.57 Gb Available in Paging File | 64.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 391.37 Gb Total Space | 132.60 Gb Free Space | 33.88% Space Free | Partition Type: NTFS
Drive D: | 540.04 Gb Total Space | 533.58 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADMıN-PC | User Name: admın | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/16 11:47:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
PRC - [2013/01/12 03:40:17 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/10 18:09:38 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/21 11:38:11 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/16 20:46:07 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/11/26 14:29:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/26 14:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
MOD - [2013/01/17 21:57:21 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
MOD - [2013/01/17 21:57:21 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
MOD - [2013/01/12 03:40:06 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 18:09:37 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/21 11:38:15 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/21 11:38:11 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/21 11:38:11 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/21 11:38:11 | 000,969,280 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/12/21 11:38:11 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/21 11:38:11 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/12 03:40:16 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 18:09:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 11:38:11 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/01 12:00:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/26 22:00:18 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l6TportUX864.sys -- (l6TportUX8)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001/09/27 16:00:32 | 000,027,584 | ---- | M] (NemeSys Music Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\filespy.sys -- (FILESPY)
DRV - [2001/09/27 15:48:46 | 000,738,976 | ---- | M] (Conexant Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew.sys -- (EWAVE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/26 14:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 03:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/26 14:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Extensions
[2013/01/16 11:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions
[2012/12/11 15:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/26 14:29:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013/01/12 03:40:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 08:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 08:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\admın\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/01/15 00:07:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\3D422E.vbe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D9982C-60BF-4A1A-B593-D428CF93A2A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87342CD1-FF71-409D-A95B-74347ABAA8CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBEAA541-9425-4117-8BE9-94DA26EFE021}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF913288-5A1B-4CB8-BC7B-1068999963B0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 11:58:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/16 11:47:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/15 00:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/14 13:47:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/14 01:25:34 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\mbar
[2013/01/12 02:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/12 02:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/10 23:06:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/10 23:03:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/10 22:46:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/10 18:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/10 18:26:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/10 18:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/10 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/10 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/10 13:29:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/10 12:23:44 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\EverestTest
[2013/01/10 11:04:42 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/10 11:04:42 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/10 11:04:30 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/10 11:04:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/09 18:17:23 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2013/01/05 17:20:14 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\Backtracks
[2013/01/05 13:20:51 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\SongLyrics
[2012/12/30 02:48:51 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\Programs
[2012/12/26 01:50:37 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/24 20:57:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/12/24 20:57:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/12/24 20:57:47 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/12/24 20:57:47 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/12/24 20:57:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/12/24 20:57:46 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/12/24 20:57:46 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/12/24 20:57:46 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/12/24 20:57:46 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/12/24 20:57:46 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/12/24 20:57:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/12/24 20:57:46 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/12/24 20:57:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/12/24 20:57:46 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/12/24 20:57:46 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/12/24 20:57:45 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/12/24 20:57:45 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/12/22 13:03:26 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\GuitarLessonResource
[2012/12/21 20:56:09 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 20:56:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 20:56:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 20:56:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/19 12:01:03 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\4A Games
[2012/12/19 12:00:02 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\4A Games
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/17 21:56:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/17 21:56:24 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/17 12:12:20 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 12:12:20 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 12:09:00 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/16 11:47:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/15 22:07:37 | 001,564,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/15 22:07:37 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/01/15 22:07:37 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/15 22:07:37 | 000,138,932 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/01/15 22:07:37 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 00:07:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/14 13:47:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/13 02:01:12 | 251,439,298 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/11 12:47:23 | 000,021,132 | ---- | M] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | M] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | M] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | M] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/01/10 18:09:38 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/10 18:09:38 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/10 16:50:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/10 13:13:29 | 000,342,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 13:11:32 | 001,542,464 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/03 12:23:01 | 000,040,162 | ---- | M] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:55 | 000,055,885 | ---- | M] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:39 | 028,449,468 | ---- | M] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:09:02 | 000,098,545 | ---- | M] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:54 | 000,036,370 | ---- | M] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:39 | 000,209,288 | ---- | M] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:38 | 000,100,801 | ---- | M] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:51 | 000,081,736 | ---- | M] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:57:52 | 150,719,027 | ---- | M] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:22 | 000,075,354 | ---- | M] () -- C:\Users\admın\Documents\Nice.jpg
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/11 12:47:04 | 000,021,132 | ---- | C] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | C] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | C] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | C] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 16:50:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/10 16:50:45 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/03 23:15:37 | 737,107,968 | ---- | C] () -- C:\Users\admın\Desktop\The Shawshank Redemption[1994]DvDrip[Eng]-FXG.avi
[2013/01/03 12:22:50 | 000,040,162 | ---- | C] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:51 | 000,055,885 | ---- | C] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:23 | 028,449,468 | ---- | C] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:08:57 | 000,098,545 | ---- | C] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:49 | 000,036,370 | ---- | C] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:29 | 000,209,288 | ---- | C] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:32 | 000,100,801 | ---- | C] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:50 | 000,081,736 | ---- | C] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:54:59 | 150,719,027 | ---- | C] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:15 | 000,075,354 | ---- | C] () -- C:\Users\admın\Documents\Nice.jpg
[2012/11/22 01:28:28 | 000,119,840 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/11 23:46:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/11 23:46:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/01 16:19:59 | 000,000,359 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012/07/01 12:49:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/07/01 12:49:22 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012/06/30 19:16:51 | 001,542,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/30 17:40:29 | 000,296,448 | ---- | C] () -- C:\Windows\LOOP.exe
[2012/06/30 17:38:19 | 000,000,113 | ---- | C] () -- C:\Windows\system32.INI
[2012/06/30 11:57:57 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/06/28 14:04:00 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/28 14:04:00 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/28 14:04:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/28 14:04:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/28 14:03:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/25 11:48:58 | 000,074,293 | ---- | C] () -- C:\Users\admın\AppData\Roaming\Setup.1.2.exe

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 1339 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:WVViVGXyIw88PnYxHA3M
@Alternate Data Stream - 1271 bytes -> C:\ProgramData\Microsoft:Qstur9fW4hys2oFIPsGT1N
@Alternate Data Stream - 1271 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:wA46eoPGPeO4snilK0kc7mMFIYi
@Alternate Data Stream - 1227 bytes -> C:\ProgramData\Microsoft:03yUl3P72JlarMKI5TEPS0783lIG
@Alternate Data Stream - 1176 bytes -> C:\ProgramData\Microsoft:zsUqGa9oZSuGytqJEMvkANc

< End of report >
 
And from the 'Quickscan'

OTL logfile created on: 1/17/2013 10:08:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admın\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.20% Memory free
4.00 Gb Paging File | 2.39 Gb Available in Paging File | 59.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 391.37 Gb Total Space | 132.60 Gb Free Space | 33.88% Space Free | Partition Type: NTFS
Drive D: | 540.04 Gb Total Space | 533.58 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADMıN-PC | User Name: admın | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/16 11:47:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
PRC - [2013/01/12 03:40:17 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/10 18:09:38 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/21 11:38:11 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/16 20:46:07 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/11/26 14:29:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/26 14:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
MOD - [2013/01/17 21:57:21 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
MOD - [2013/01/17 21:57:21 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
MOD - [2013/01/12 03:40:06 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 18:09:37 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/21 11:38:15 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/21 11:38:11 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/21 11:38:11 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/21 11:38:11 | 000,969,280 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/12/21 11:38:11 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/21 11:38:11 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/12 03:40:16 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 18:09:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 11:38:11 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/01 12:00:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/26 22:00:18 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l6TportUX864.sys -- (l6TportUX8)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001/09/27 16:00:32 | 000,027,584 | ---- | M] (NemeSys Music Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\filespy.sys -- (FILESPY)
DRV - [2001/09/27 15:48:46 | 000,738,976 | ---- | M] (Conexant Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew.sys -- (EWAVE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/26 14:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 03:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/26 14:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Extensions
[2013/01/16 11:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions
[2012/12/11 15:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/26 14:29:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013/01/12 03:40:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 08:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 08:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\admın\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/01/15 00:07:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\3D422E.vbe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D9982C-60BF-4A1A-B593-D428CF93A2A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87342CD1-FF71-409D-A95B-74347ABAA8CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBEAA541-9425-4117-8BE9-94DA26EFE021}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF913288-5A1B-4CB8-BC7B-1068999963B0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 11:58:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/16 11:47:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/15 00:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/14 13:47:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/14 01:25:34 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\mbar
[2013/01/12 02:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/12 02:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/10 23:06:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/10 23:03:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/10 22:46:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/10 18:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/10 18:26:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/10 18:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/10 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/10 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/10 13:29:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/10 12:23:44 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\EverestTest
[2013/01/09 18:17:23 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2013/01/05 17:20:14 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\Backtracks
[2013/01/05 13:20:51 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\SongLyrics
[2012/12/30 02:48:51 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\Programs
[2012/12/26 01:50:37 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/24 20:57:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/12/22 13:03:26 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\GuitarLessonResource
[2012/12/19 12:01:03 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\4A Games
[2012/12/19 12:00:02 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\4A Games
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/17 22:09:00 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 22:03:43 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 22:03:43 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 21:56:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/17 21:56:24 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/16 11:47:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/15 22:07:37 | 001,564,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/15 22:07:37 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/01/15 22:07:37 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/15 22:07:37 | 000,138,932 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/01/15 22:07:37 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 00:07:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/14 13:47:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/13 02:01:12 | 251,439,298 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/11 12:47:23 | 000,021,132 | ---- | M] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | M] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | M] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | M] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/01/10 16:50:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/10 13:13:29 | 000,342,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 13:11:32 | 001,542,464 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/03 12:23:01 | 000,040,162 | ---- | M] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:55 | 000,055,885 | ---- | M] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:39 | 028,449,468 | ---- | M] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:09:02 | 000,098,545 | ---- | M] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:54 | 000,036,370 | ---- | M] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:39 | 000,209,288 | ---- | M] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:38 | 000,100,801 | ---- | M] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:51 | 000,081,736 | ---- | M] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:57:52 | 150,719,027 | ---- | M] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:22 | 000,075,354 | ---- | M] () -- C:\Users\admın\Documents\Nice.jpg
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/11 12:47:04 | 000,021,132 | ---- | C] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | C] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | C] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | C] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 16:50:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/10 16:50:45 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/03 23:15:37 | 737,107,968 | ---- | C] () -- C:\Users\admın\Desktop\The Shawshank Redemption[1994]DvDrip[Eng]-FXG.avi
[2013/01/03 12:22:50 | 000,040,162 | ---- | C] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:51 | 000,055,885 | ---- | C] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:23 | 028,449,468 | ---- | C] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:08:57 | 000,098,545 | ---- | C] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:49 | 000,036,370 | ---- | C] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:29 | 000,209,288 | ---- | C] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:32 | 000,100,801 | ---- | C] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:50 | 000,081,736 | ---- | C] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:54:59 | 150,719,027 | ---- | C] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:15 | 000,075,354 | ---- | C] () -- C:\Users\admın\Documents\Nice.jpg
[2012/11/22 01:28:28 | 000,119,840 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/11 23:46:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/11 23:46:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/01 16:19:59 | 000,000,359 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012/07/01 12:49:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/07/01 12:49:22 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012/06/30 19:16:51 | 001,542,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/30 17:40:29 | 000,296,448 | ---- | C] () -- C:\Windows\LOOP.exe
[2012/06/30 17:38:19 | 000,000,113 | ---- | C] () -- C:\Windows\system32.INI
[2012/06/30 11:57:57 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/06/28 14:04:00 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/28 14:04:00 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/28 14:04:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/28 14:04:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/28 14:03:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/25 11:48:58 | 000,074,293 | ---- | C] () -- C:\Users\admın\AppData\Roaming\Setup.1.2.exe

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/09 21:45:57 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Acoustica
[2012/07/01 20:42:07 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Antares
[2012/07/01 12:02:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\DAEMON Tools Pro
[2012/06/30 11:28:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\GHISLER
[2012/07/02 15:41:03 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Image-Line
[2012/12/09 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\KORG
[2012/07/03 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Line 6
[2012/06/30 17:39:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Mopis
[2012/12/09 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\PACE Anti-Piracy
[2012/11/11 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\PunkBuster
[2012/11/12 15:20:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Rovio
[2012/12/26 01:50:37 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/09 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\SynthMaker
[2012/07/02 15:33:30 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Toontrack
[2013/01/12 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\uTorrent
[2012/07/01 20:56:31 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Waves Audio

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1339 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:WVViVGXyIw88PnYxHA3M
@Alternate Data Stream - 1271 bytes -> C:\ProgramData\Microsoft:Qstur9fW4hys2oFIPsGT1N
@Alternate Data Stream - 1271 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:wA46eoPGPeO4snilK0kc7mMFIYi
@Alternate Data Stream - 1227 bytes -> C:\ProgramData\Microsoft:03yUl3P72JlarMKI5TEPS0783lIG
@Alternate Data Stream - 1176 bytes -> C:\ProgramData\Microsoft:zsUqGa9oZSuGytqJEMvkANc

< End of report >
 
Well....roar! :) Time to work from a different mode...

Kaspersky Rescue Disk:

1. Download the Kaspersky Rescue Disk iso image from the Kaspersky Lab server. (Direct download link)
Please note that this is a large downloaded, so please be patient while it downloads.

2. Record the Kaspersky Rescue Disk iso image to a CD/DVD. You can use any CD/DVD record software you like. If you don't have any, please download and install ImgBurn. Small download, great software. You won't regret it, we promise.

For demonstration purposes we will use ImgBurn.

So, open up ImgBurn and choose Write image file to disc.

imgburn1.jpg


Click on the small Browse for file icon as show in the image. Browse into your download folder and select kav_rescue_10.iso as your source file.

imgburn2.jpg


OK, so know we are ready to burn the .iso file. Simply click the Write image file to disc button below and after a few minutes you will have a bootable Kaspersky Rescue Disk 10.

imgburn3.jpg


3. Configure your computer to boot from CD/DVD. Use the Delete or F2, F11 keys, to load the BIOS menu. Normally, the information how to enter the BIOS menu is displayed on the screen at the start of the OS boot.

boot1.jpg


The keys F1, F8, F10, F12 might be used for some motherboards, as well as the following key combinations:
  • Ctrl+Esc
  • Ctrl+Ins
  • Ctrl+Alt
  • Ctrl+Alt+Esc
  • Ctrl+Alt+Enter
  • Ctrl+Alt+Del
  • Ctrl+Alt+Ins
  • Ctrl+Alt+S
If you can enter Boot Menu directly then simply select your CD/DVD-ROM as your 1st boot device.

If you can't enter Boot Menu directly then simply use Delete key to enter BIOS menu. Select Boot from the main BIOS menu and then select Boot Device Priority.

boot2.jpg


Set CD/DVD-ROM as your 1st Boot Device. Save changes and exist BIOS menu.

boot3.jpg


4. Let's boot your computer from Kaspersky Rescue Disk.

Restart your computer. After restart, a message will appear on the screen: Press any key to enter the menu. So, press Enter or any other key to load the Kaspersky Rescue Disk.

krd1.jpg


5. Select your language and press Enter to continue.

krd2.jpg


6. Press 1 to accept the End User License Agreement.

krd3.jpg


7. Select Kaspersky Rescue Disk. Graphic Mode as your startup method. Press Enter. Once the actions described above have been performed, the operating system starts.

krd4.jpg


8. Click on the Start button located in the left bottom corner of the screen. Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Oficina Virtual de Denuncias virus. It won't take very long.

krd5.jpg


9. Click on the Start button once again and fire up the Kaspersky Rescue Disk utility. First, select My Update Center tab and press Start update to get the latest malware definitions. Don't worry if you can't download the updates. Just proceed to the next step.

krd6.jpg


10. Select Object Scan tab. Place a check mark next to your local drive C:\. If you have two or more local drives make sure to check those as well. Then click Start Objects Scan to scan your computer for malicious software.

krd7.jpg


11. Quarantine (recommended) or delete every piece of malicious code detected during the system scan.

krd8.jpg


12. You can now close the Kaspersky Rescue Disk utility. Click on the Start button and select Restart computer.

krd9.jpg


13. Please restart your computer into the normal Windows mode. Post new OTL log to verify lack of presence of malware.
 
Okay, ran the kaspersky recovery disk. Did the windowsunlocker and did a scan. The scan found one Trojan which I quarantined.
Upon reboot the svchost and various .dll's that have been present are there again in my temp folder..

Thanks once again for your continued help with this Dragonmaster Jay


Here is the latest OTL scan:

OTL logfile created on: 1/19/2013 8:58:27 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admın\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.48% Memory free
4.00 Gb Paging File | 2.92 Gb Available in Paging File | 73.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 391.37 Gb Total Space | 131.51 Gb Free Space | 33.60% Space Free | Partition Type: NTFS
Drive D: | 540.04 Gb Total Space | 533.58 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 276.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADMıN-PC | User Name: admın | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/19 20:57:27 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/19 20:57:27 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/19 20:57:27 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/19 20:57:27 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/19 20:57:27 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/19 20:57:27 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/19 20:57:27 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/18 16:58:23 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/01/16 11:47:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/16 20:46:07 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/11/26 14:29:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/26 14:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/19 20:57:27 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
MOD - [2013/01/19 20:57:27 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
MOD - [2013/01/19 20:57:27 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
MOD - [2013/01/18 16:58:46 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2013/01/18 16:58:23 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/01/18 16:58:22 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/01/18 16:58:22 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/01/18 16:58:22 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/01/18 16:58:22 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/18 16:58:23 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/12 03:40:16 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 18:09:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/01 12:00:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/26 22:00:18 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l6TportUX864.sys -- (l6TportUX8)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001/09/27 16:00:32 | 000,027,584 | ---- | M] (NemeSys Music Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\filespy.sys -- (FILESPY)
DRV - [2001/09/27 15:48:46 | 000,738,976 | ---- | M] (Conexant Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew.sys -- (EWAVE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/26 14:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 03:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/26 14:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Extensions
[2013/01/16 11:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions
[2012/12/11 15:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 18:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/01/19 18:26:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/26 14:29:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013/01/12 03:40:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 08:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 08:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\admın\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/01/15 00:07:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\3D422E.vbe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D9982C-60BF-4A1A-B593-D428CF93A2A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87342CD1-FF71-409D-A95B-74347ABAA8CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBEAA541-9425-4117-8BE9-94DA26EFE021}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF913288-5A1B-4CB8-BC7B-1068999963B0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 20:33:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/01/16 11:58:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/16 11:47:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/15 00:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/14 13:47:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/14 01:25:34 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\mbar
[2013/01/12 02:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/12 02:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/10 23:06:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/10 23:03:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/10 22:46:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/10 18:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/10 18:26:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/10 18:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/10 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/10 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/10 13:29:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/10 12:23:44 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\EverestTest
[2013/01/09 18:17:23 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2013/01/05 17:20:14 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\Backtracks
[2013/01/05 13:20:51 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\SongLyrics
[2012/12/30 02:48:51 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\Programs
[2012/12/26 01:50:37 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/24 20:57:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/12/22 13:03:26 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\GuitarLessonResource
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/19 20:57:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/19 20:57:12 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/19 18:20:54 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 18:20:54 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 17:09:00 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/16 11:47:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/15 22:07:37 | 001,564,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/15 22:07:37 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/01/15 22:07:37 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/15 22:07:37 | 000,138,932 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/01/15 22:07:37 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 00:07:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/14 13:47:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/13 02:01:12 | 251,439,298 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/11 12:47:23 | 000,021,132 | ---- | M] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | M] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | M] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | M] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/01/10 16:50:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/10 13:13:29 | 000,342,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 13:11:32 | 001,542,464 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/03 12:23:01 | 000,040,162 | ---- | M] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:55 | 000,055,885 | ---- | M] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:39 | 028,449,468 | ---- | M] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:09:02 | 000,098,545 | ---- | M] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:54 | 000,036,370 | ---- | M] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:39 | 000,209,288 | ---- | M] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:38 | 000,100,801 | ---- | M] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:51 | 000,081,736 | ---- | M] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/11 12:47:04 | 000,021,132 | ---- | C] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | C] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | C] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | C] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 16:50:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/10 16:50:45 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/03 23:15:37 | 737,107,968 | ---- | C] () -- C:\Users\admın\Desktop\The Shawshank Redemption[1994]DvDrip[Eng]-FXG.avi
[2013/01/03 12:22:50 | 000,040,162 | ---- | C] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:51 | 000,055,885 | ---- | C] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:23 | 028,449,468 | ---- | C] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:08:57 | 000,098,545 | ---- | C] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:49 | 000,036,370 | ---- | C] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:29 | 000,209,288 | ---- | C] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:32 | 000,100,801 | ---- | C] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:50 | 000,081,736 | ---- | C] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/11/22 01:28:28 | 000,119,840 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/11 23:46:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/11 23:46:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/01 16:19:59 | 000,000,359 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012/07/01 12:49:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/07/01 12:49:22 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012/06/30 19:16:51 | 001,542,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/30 17:40:29 | 000,296,448 | ---- | C] () -- C:\Windows\LOOP.exe
[2012/06/30 17:38:19 | 000,000,113 | ---- | C] () -- C:\Windows\system32.INI
[2012/06/30 11:57:57 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/06/28 14:04:00 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/28 14:04:00 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/28 14:04:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/28 14:04:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/28 14:03:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/25 11:48:58 | 000,074,293 | ---- | C] () -- C:\Users\admın\AppData\Roaming\Setup.1.2.exe

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/09 21:45:57 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Acoustica
[2012/07/01 20:42:07 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Antares
[2012/07/01 12:02:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\DAEMON Tools Pro
[2012/06/30 11:28:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\GHISLER
[2012/07/02 15:41:03 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Image-Line
[2012/12/09 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\KORG
[2012/07/03 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Line 6
[2012/06/30 17:39:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Mopis
[2012/12/09 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\PACE Anti-Piracy
[2012/11/11 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\PunkBuster
[2012/11/12 15:20:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Rovio
[2012/12/26 01:50:37 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/09 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\SynthMaker
[2012/07/02 15:33:30 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Toontrack
[2013/01/12 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\uTorrent
[2012/07/01 20:56:31 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Waves Audio

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1339 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:WVViVGXyIw88PnYxHA3M
@Alternate Data Stream - 1271 bytes -> C:\ProgramData\Microsoft:Qstur9fW4hys2oFIPsGT1N
@Alternate Data Stream - 1271 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:wA46eoPGPeO4snilK0kc7mMFIYi
@Alternate Data Stream - 1227 bytes -> C:\ProgramData\Microsoft:03yUl3P72JlarMKI5TEPS0783lIG
@Alternate Data Stream - 1176 bytes -> C:\ProgramData\Microsoft:zsUqGa9oZSuGytqJEMvkANc

< End of report >
 
We'll be doing another cleanup, but we'll disable those CD emulators first...

To disableCD Emulation programs using DeFogger please perform these steps:
  • Please download DeFogger to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

The Avenger
1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code: 
Files to delete:
C:\Users\admın\AppData\Local\Temp\svchost.exe
C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
C:\Users\admın\AppData\Local\Temp\libpdcurses.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.



SystemLook x86 scan

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir /s /MD5:
    C:\Users\admın\AppData\Local\Temp
    Click to expand...
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.1 (build 7601, Service Pack 1)
Sun Jan 20 14:29:06 2013

14:29:06: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////
 
That was the right script commands...goofy tool... let's do a different tool:

Download BlitzBlank and save it to your desktop.

  • Double-click BlitzBlank.exe to run it.
  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
C:\Users\admın\AppData\Local\Temp\svchost.exe
C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
Click to expand...
  • Click Execute Now. Your computer may need to reboot in order to kill the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\
Then, do the SystemLook tool as well, please. :)
 
"Failed to execute, please make sure this program was started as an Administrator".

I changed the permissions to have it run as an admin, restarted the computer, right clicked and selected "Run as administrator"... no luck. :(

Is this problem heading towards a full disk wipe and re-install of windows?
 
Grr....next trial:

Please open Malwarebytes' Anti-Malware, and click More Tools tab. Under FileASSASSIN, click Run Tool.

For each file listed below (this process only handles one file at a time), find its location, and you will see the name of the file in the Filename box, then click Open.

Files to delete using FileASSASSIN:
C:\Users\admın\AppData\Local\Temp\svchost.exe
C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
C:\Users\admın\AppData\Local\Temp\libpdcurses.dll

The FileASSASSIN will then delete the file, or ask you to reboot your computer in order to delete it. Please allow it to reboot, if necessary.
 
Done with the FileAssassin. :)

Now, on to Systemlook..

SystemLook 30.07.11 by jpshortstuff
Log created at 23:30 on 21/01/2013 by admın
Administrator - Elevation successful

Invalid Context: dir /s /MD5:

No Context: C:\Users\admın\AppData\Local\Temp

-= EOF =-
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
427
Fastturtle
F
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back