Need help to remove svchost.exe trojan

Here's the log. I'm afraid the malware is still present in the same AppData\Local\Temp folder after the fix and the reboot.

All processes killed
========== OTL ==========
No active process named svchost.exe was found!
HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@2yourface.com deleted successfully.
File C:\Users\admın\AppData\Roaming\2YourFace\ffextension not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@2yourface.com deleted successfully.
File C:\Users\admın\AppData\Roaming\2YourFace\ffextension not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\\ deleted successfully.
C:\Windows\GIGATEMP\Patch.exe moved successfully.
C:\Users\admın\AppData\Roaming\Babylon folder moved successfully.
Folder C:\Users\admın\AppData\Roaming\BabylonToolbar\ not found.
========== FILES ==========
C:\Users\admın\AppData\Local\Temp\libcurl-4.dll moved successfully.
C:\Users\admın\AppData\Local\Temp\libpdcurses.dll moved successfully.
C:\Users\admın\AppData\Local\Temp\svchost.exe moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\admın\Desktop\cmd.bat deleted successfully.
< netsh int ip reset c:\resetlog.txt /c >
No captured output from command...
C:\Users\admın\Desktop\cmd.bat deleted successfully.
< ipconfig /release /c >
No captured output from command...
C:\Users\admın\Desktop\cmd.bat deleted successfully.
< ipconfig /renew /c >
No captured output from command...
C:\Users\admın\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: adm
->Temp folder emptied: 0 bytes

User: admin
->Temp folder emptied: 0 bytes

User: admn
->Temp folder emptied: 0 bytes

User: adm²n
->Temp folder emptied: 0 bytes

User: admın
->Temp folder emptied: 10420074 bytes
->Temporary Internet Files folder emptied: 1012849 bytes
->Java cache emptied: 22142 bytes
->FireFox cache emptied: 366835515 bytes
->Google Chrome cache emptied: 228613267 bytes
->Flash cache emptied: 13687 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76732 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46424135 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 623.00 mb


[EMPTYJAVA]

User: adm

User: admin

User: admn

User: adm²n

User: admın
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: adm

User: admin

User: admn

User: adm²n

User: admın
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01152013_000725

Files\Folders moved on Reboot...
C:\Users\admın\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I'm not sure about all the user accounts. I have a feeling its connected to the current problem/trojan. The day before I came here to techspot to ask for help there was a new user account called Azaq which is just wierd, sort of threw up a red flag and I realized I didn't just have a run of the mill spamware trojan but something more serious was attacking my computer.

Here's the log from Farbar Service Scanner ( I left 'Other services' unchecked as it wasn't on the list you included, however I did another scan with 'Other services' checked and will include that log in a 2nd post).

Farbar Service Scanner Version: 05-01-2013
Ran by admın (administrator) on 15-01-2013 at 22:16:09
Running from "C:\Users\admın\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Here's the log from the scan with "Other Services" checked.

Farbar Service Scanner Version: 05-01-2013
Ran by admın (administrator) on 15-01-2013 at 22:21:04
Running from "C:\Users\admın\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Deleted those users - They weren't registered with windows as legitimate user accounts, so I simply deleted them.

OTL Quickscan log

OTL logfile created on: 1/16/2013 12:33:53 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admın\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.46% Memory free
4.00 Gb Paging File | 2.61 Gb Available in Paging File | 65.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 391.37 Gb Total Space | 132.68 Gb Free Space | 33.90% Space Free | Partition Type: NTFS
Drive D: | 540.04 Gb Total Space | 533.58 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 7.45 Gb Total Space | 2.24 Gb Free Space | 30.08% Space Free | Partition Type: FAT32

Computer Name: ADMıN-PC | User Name: admın | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/14 01:42:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
PRC - [2013/01/12 03:40:17 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/10 18:09:38 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/26 14:29:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/10/20 14:33:42 | 003,281,528 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mIRC\mirc.exe
PRC - [2012/04/26 14:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/16 00:28:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
MOD - [2013/01/16 00:28:21 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
MOD - [2013/01/16 00:28:21 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
MOD - [2013/01/12 03:40:06 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 18:09:37 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/12 03:40:16 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 18:09:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 11:38:11 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/01 12:00:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/26 22:00:18 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l6TportUX864.sys -- (l6TportUX8)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001/09/27 16:00:32 | 000,027,584 | ---- | M] (NemeSys Music Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\filespy.sys -- (FILESPY)
DRV - [2001/09/27 15:48:46 | 000,738,976 | ---- | M] (Conexant Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew.sys -- (EWAVE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.4.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/26 14:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 03:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/26 14:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Extensions
[2013/01/11 00:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions
[2013/01/11 00:02:41 | 000,013,552 | ---- | M] () (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2012/12/11 15:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/26 14:29:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\ADMıN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDCV06KM.DEFAULT\EXTENSIONS\{B9BFAF1C-A63F-47CD-8B9A-29526CED9060}.XPI
[2013/01/12 03:40:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 08:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 08:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\admın\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/01/15 00:07:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\3D422E.vbe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D9982C-60BF-4A1A-B593-D428CF93A2A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87342CD1-FF71-409D-A95B-74347ABAA8CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBEAA541-9425-4117-8BE9-94DA26EFE021}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF913288-5A1B-4CB8-BC7B-1068999963B0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/15 00:07:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/15 00:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/14 13:47:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/14 01:42:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/14 01:25:34 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\mbar
[2013/01/13 00:01:10 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/12 02:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/12 02:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/10 23:06:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/10 23:03:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/10 22:46:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/10 22:46:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/10 22:46:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/10 22:46:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/10 22:46:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/10 18:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/10 18:26:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/10 18:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/10 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/10 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/10 13:29:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/10 12:23:44 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\EverestTest
[2013/01/09 18:17:23 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2013/01/05 17:20:14 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\Backtracks
[2013/01/05 13:20:51 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\SongLyrics
[2012/12/30 02:48:51 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\Programs
[2012/12/26 01:50:37 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/24 20:57:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/12/22 13:03:26 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\GuitarLessonResource
[2012/12/19 12:01:03 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\4A Games
[2012/12/19 12:00:02 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\4A Games
[2012/12/18 18:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/12/18 18:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/16 00:34:28 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 00:34:28 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 00:27:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/16 00:27:06 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/15 22:09:00 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/15 22:07:37 | 001,564,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/15 22:07:37 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/01/15 22:07:37 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/15 22:07:37 | 000,138,932 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/01/15 22:07:37 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 00:07:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/14 13:47:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/14 01:42:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/13 02:01:12 | 251,439,298 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/13 01:24:04 | 000,000,228 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/01/12 02:31:45 | 151,469,960 | ---- | M] () -- C:\Users\admın\Desktop\setup_11.0.0.1245.x01_2013_01_12_03_36.exe
[2013/01/11 12:47:23 | 000,021,132 | ---- | M] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | M] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | M] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | M] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/01/10 16:50:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/10 13:13:29 | 000,342,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 13:11:32 | 001,542,464 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/03 12:23:01 | 000,040,162 | ---- | M] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:55 | 000,055,885 | ---- | M] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:39 | 028,449,468 | ---- | M] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:09:02 | 000,098,545 | ---- | M] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:54 | 000,036,370 | ---- | M] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:39 | 000,209,288 | ---- | M] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:38 | 000,100,801 | ---- | M] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:51 | 000,081,736 | ---- | M] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:57:52 | 150,719,027 | ---- | M] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:22 | 000,075,354 | ---- | M] () -- C:\Users\admın\Documents\Nice.jpg
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/13 00:23:41 | 000,000,228 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/01/12 02:28:27 | 151,469,960 | ---- | C] () -- C:\Users\admın\Desktop\setup_11.0.0.1245.x01_2013_01_12_03_36.exe
[2013/01/11 12:47:04 | 000,021,132 | ---- | C] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | C] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | C] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 22:46:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/10 22:46:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/10 22:46:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/10 22:46:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/10 22:46:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/10 18:26:47 | 000,001,133 | ---- | C] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 16:50:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/10 16:50:45 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/03 23:15:37 | 737,107,968 | ---- | C] () -- C:\Users\admın\Desktop\The Shawshank Redemption[1994]DvDrip[Eng]-FXG.avi
[2013/01/03 12:22:50 | 000,040,162 | ---- | C] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:51 | 000,055,885 | ---- | C] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:23 | 028,449,468 | ---- | C] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:08:57 | 000,098,545 | ---- | C] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:49 | 000,036,370 | ---- | C] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:29 | 000,209,288 | ---- | C] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:32 | 000,100,801 | ---- | C] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:50 | 000,081,736 | ---- | C] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:54:59 | 150,719,027 | ---- | C] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:15 | 000,075,354 | ---- | C] () -- C:\Users\admın\Documents\Nice.jpg
[2012/11/22 01:28:28 | 000,119,840 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/11 23:46:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/11 23:46:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/01 16:19:59 | 000,000,359 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012/07/01 12:49:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/07/01 12:49:22 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012/06/30 19:16:51 | 001,542,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/30 17:40:29 | 000,296,448 | ---- | C] () -- C:\Windows\LOOP.exe
[2012/06/30 17:38:19 | 000,000,113 | ---- | C] () -- C:\Windows\system32.INI
[2012/06/30 11:57:57 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/06/28 14:04:00 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/28 14:04:00 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/28 14:04:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/28 14:04:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/28 14:03:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/25 11:48:58 | 000,074,293 | ---- | C] () -- C:\Users\admın\AppData\Roaming\Setup.1.2.exe

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/09 21:45:57 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Acoustica
[2012/07/01 20:42:07 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Antares
[2012/07/01 12:02:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\DAEMON Tools Pro
[2012/06/30 11:28:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\GHISLER
[2012/07/02 15:41:03 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Image-Line
[2012/12/09 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\KORG
[2012/07/03 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Line 6
[2012/06/30 17:39:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Mopis
[2012/12/09 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\PACE Anti-Piracy
[2012/11/11 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\PunkBuster
[2012/11/12 15:20:58 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Rovio
[2012/12/26 01:50:37 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/09 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\SynthMaker
[2012/07/02 15:33:30 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Toontrack
[2013/01/12 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\uTorrent
[2012/07/01 20:56:31 | 000,000,000 | ---D | M] -- C:\Users\admın\AppData\Roaming\Waves Audio

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1339 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:WVViVGXyIw88PnYxHA3M
@Alternate Data Stream - 1271 bytes -> C:\ProgramData\Microsoft:Qstur9fW4hys2oFIPsGT1N
@Alternate Data Stream - 1271 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:wA46eoPGPeO4snilK0kc7mMFIYi
@Alternate Data Stream - 1227 bytes -> C:\ProgramData\Microsoft:03yUl3P72JlarMKI5TEPS0783lIG
@Alternate Data Stream - 1176 bytes -> C:\ProgramData\Microsoft:zsUqGa9oZSuGytqJEMvkANc

< End of report >

Something interesting. After deleting the users and re-running the OTL scan, the trojan is still there in the same folder.

I was looking at some earlier logs (from Rkill) from before I asked for your help when I was still blindly trying to take care of this on my own. I noticed this:

Checking HOSTS File:

* HOSTS file entries found:

ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t


And I compared it to the Rkill log that I posted in my first post in this thread. That line isn't there in that log.

Should I run Rkill again and see if this shows up in the log again? I'm not sure if it means anything, but I did a google search on it and some other threads about ZeroAccess rootkit trojans showed up.

I posted the above before you posted the above OTL fix. Will try that fix now.

C:\Windows\SysNative\.crusader <--- I don't know what it is, but I did a google search and it showed up under other rootkit trojan threads .

Also when I pasted that line into my firefox browser it brought me to this:

<Actions><Group name="Trojan"><File path="C:\Users\admın\AppData\Local\Temp\libpdcurses.dll" /></Group></Actions>

Should I still remove that line from the fix you posted above?

Here's the OTL log from that last fix you posted. I didn't remove the \.crusader line as I do not know what it is.

All processes killed
========== OTL ==========
No active process named svchost.exe was found!
No active process named svchost.exe was found!
C:\Users\admın\AppData\Local\Temp\svchost.exe moved successfully.
File C:\Users\admın\AppData\Local\Temp\svchost.exe not found.
C:\Users\admın\AppData\Local\Temp\libcurl-4.dll moved successfully.
C:\Users\admın\AppData\Local\Temp\libpdcurses.dll moved successfully.
HKEY_USERS\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi moved successfully.
C:\Users\admın\Desktop\setup_11.0.0.1245.x01_2013_01_12_03_36.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\admın\Desktop\cmd.bat deleted successfully.
C:\Windows\SysNative\.crusader moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin

User: admın
->Temp folder emptied: 259720 bytes
->Temporary Internet Files folder emptied: 1034213 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75869007 bytes
->Google Chrome cache emptied: 6262248 bytes
->Flash cache emptied: 2435 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26818 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 80.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01162013_113048

Files\Folders moved on Reboot...
C:\Users\admın\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Unfortunately the files are still there, svchost.exe + the .dll's in the same temp folder. This is a stubborn one..

OTL log:

All processes killed
========== OTL ==========
No active process named svchost.exe was found!
No active process named svchost.exe was found!
C:\Users\admın\AppData\Local\Temp\svchost.exe moved successfully.
File C:\Users\admın\AppData\Local\Temp\svchost.exe not found.
C:\Users\admın\AppData\Local\Temp\libcurl-4.dll moved successfully.
C:\Users\admın\AppData\Local\Temp\libpdcurses.dll moved successfully.
========== FILES ==========
File\Folder C:\Windows\SysNative\.crusader not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admın
->Temp folder emptied: 259788 bytes
->Temporary Internet Files folder emptied: 5833825 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 126993454 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1506 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5758 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 127.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01162013_234733

Files\Folders moved on Reboot...
C:\Users\admın\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Log from mss:


MySystem-Search


MSS v1.7


Basic System Information

Username: admn - Date: 01/17/2013 - Time: 2:09:07

Microsoft Windows [Version 6.1.7601]
Processor type: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
Total processors: 8
Computer Name: ADMN-PC
Logon Server: \\ADMN-PC


CD Emulation Drivers running?



Peer-to-Peer applications?

uTorrent found!


Security Tools Check

Malwarebytes' Anti-Malware
UnHackMe


File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile


Running processes

PROCESS PID PRIO PATH
DTAgent.exe 2812 Normal C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe
Steam.exe 2832 Normal C:\Program Files (x86)\Steam\Steam.exe
jusched.exe 2948 Normal C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
realsched.exe 3020 Normal C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
WScript.exe 3032 Normal C:\Windows\SysWOW64\WScript.exe
Reader_sl.exe 1376 Normal C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
mss.exe 3428 Normal C:\Users\admın\Downloads\mss.exe
cmd.exe 808 Normal C:\Windows\SysWOW64\cmd.exe
pv.exe 2208 Normal C:\Users\admın\Downloads\pv.exe


User Profile check

admn
Public


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3655514959-12179107-2567171075-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\admn
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000004FBBE2D9A3D6B90003EC0399E8030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x2
RunLogonScriptSync REG_DWORD 0x0



Current Scheduled Tasks

PATH: C:\Windows\Tasks

Adobe Flash Player Updater.job
SCHEDLGU.TXT
SA.DAT


Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 1A81-3B21

Directory of C:\Windows\System32\Drivers

Volume in drive C has no label.
Volume Serial Number is 1A81-3B21

Directory of C:\Windows\System32\Drivers

09/27/2001 03:48 PM 738,976 ew.sys
09/27/2001 03:50 PM 12,320 nstation.sys
09/27/2001 04:00 PM 27,584 filespy.sys
08/08/2007 08:52 AM 185,856 rig3usb.sys
08/08/2007 08:52 AM 25,600 rig3avs.sys
06/10/2009 11:14 PM 3,440,660 gm.dls
06/10/2009 11:14 PM 646 gmreadme.txt
07/14/2009 03:19 AM 19,008 wimmount.sys
07/14/2009 02:44 PM <DIR> UMDF
07/14/2009 02:44 PM <DIR> tr-TR
06/29/2012 11:38 AM <DIR> en-US
01/10/2013 10:59 PM <DIR> .
01/10/2013 10:59 PM <DIR> ..
8 File(s) 4,450,650 bytes
5 Dir(s) 142,091,468,800 bytes free


Stealth malware?


Internet Explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
AutoHide REG_SZ yes
Security Risk Page REG_SZ about:SecurityRisk
Extensions Off Page REG_SZ about:NoAdd-ons
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Anchor_Visitation_Horizon REG_BINARY 01000000
Cache_Percent_of_Disk REG_BINARY 0A000000
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Default_Secondary_Page_URL REG_MULTI_SZ
Use_Async_DNS REG_SZ yes
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Local Page REG_SZ C:\Windows\SysWOW64\blank.htm
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit REG_SZ yes
Enable_Disk_Cache REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
IE5_UA_Backup_Flag REG_SZ 5.0
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
EmailName REG_SZ User@
PrivDiscUiShown REG_DWORD 0x1
EnableHttp1_1 REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x1
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
AutoConfigProxy REG_SZ wininet.dll
UseSchannelDirectly REG_BINARY 01000000
WarnOnPost REG_BINARY 01000000
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
PrivacyAdvanced REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY B86503E459A3CD01
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x1
CertificateRevocation REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\Windows\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
XMLHTTP REG_DWORD 0x1
NoUpdateCheck REG_DWORD 0x1
UseClearType REG_SZ no
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Start Page REG_SZ
CompatibilityFlags REG_DWORD 0x0
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2700000027000000470300007F020000
Start Page Redirect Cache_TIMESTAMP REG_SZ
Start Page Redirect Cache AcceptLangs REG_SZ
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY FE429F9D2655CD01
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY 304282A12655CD01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 90A384A12655CD01
NotifyDownloadComplete REG_SZ no
Use FormSuggest REG_SZ no
NoProtectedModeBanner REG_DWORD 0x1
Check_Associations REG_SZ yes
DisableScriptDebuggerIE REG_SZ yes
IconCache REG_SZ rb4hvox
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Microsoft Excel'e &Ver


Security Center


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging



Uninstall List


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2YourFace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Acoustica Mixcraft 6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AngryBirdsStarWars 1.00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antares Auto-Tune 3.03 DirectX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cakewalk Rapture_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Camel Audio Camel Phat VST v3.15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConcreteFX QDelay VST v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cool Edit Pro 2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cuttermusic Revitar VSTi v1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Daemon Tools Pro v5.1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dash Signature EMM Knagalis VSTi v1.28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dash Signature theAbstractGuitar VSTi v1.18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\db-audioware-quantum-fx-1.06
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\discoDSP Phantom_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Edirol HQ Orchestral v1.01
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Edirol Hyper Canvas
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Edirol SuperQuartet v1.02
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FL Studio 10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GForce.Software.Minimonsta.RTAS.VSTi.v1.03-DAC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GMedia Music impOSCar VSTi v1.0.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GR-55FloorBoard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IL Download Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IL Slicex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iZotope Ozone DX Plugin v1.0.0.6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iZotope Ozone v3.02
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iZotope Trash v1.02
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kiesel.Software.Helga.VSTi.v1.1b003-0xdBass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Korg Legacy Collection v1.1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Line 6 Uninstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mopis VSTi v1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Morphine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 18.0 (x86 en-US)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Native Instruments - Rig Kontrol 3 Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Native Instruments FM7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Native Instruments Guitar Rig 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Native Instruments Service Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nomad Factory Blue Tubes Bundle v2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nomad Factory Liquid Bundle VST v1.6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nomad Factory Rock Amp Legends VST v1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Novation Bass-Station VSTi v1.10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oddity VST2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PoiZone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PunkBusterSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 15.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReFX Vanguard VSTi v1.03 Retail
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReFX Vanguard VSTi v1.04
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 43110
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sytrus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toxic Biohazard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toxic III_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vertigo2_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wasp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{038B2DB1-2B9C-45C6-A55F-17B60D80C9D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{048298C9-A4D3-490B-9FF9-AB023A9238F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1203DC60-D9BD-44F9-B372-2B8F227E6094}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{147567F0-8575-4BE0-B5B3-62706C67FA5A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217005FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33691AFF-9ABF-4278-BDB6-902EE07D9237}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{430399DC-98BC-4A7F-8F8E-77981CABAE05}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{443B561F-DE1B-4DEF-ADD9-484B684653C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C4D25EB-6513-4702-8355-F4194DE2E1D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{523DF2BB-3A85-4047-9898-29DC8AEB7E69}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54194F60-988C-4D03-B922-C2B00EFDA39A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8094F7AE-CA21-4AF2-A256-BC918CE0E796}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{82DF9225-13EC-41BD-BE31-AAB121B38166}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85373DA7-834E-4850-8AF5-1D99F7526857}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{888F1505-C2B3-4FDE-835D-36353EBD4754}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2162169
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2478063
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2544514
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2572063
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2599651
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600211
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2604121
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2639327
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2682543
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-041F-0000-0000000FF1CE}_ENTERPRISE_{96901D15-104F-43E2-9D90-A17022D975B2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0407-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-041F-0000-0000000FF1CE}_ENTERPRISE_{6A61C934-56F9-4AC6-A43B-30E3F9D886F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{020B65AD-B2ED-4B35-92CA-DB56EFB864A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-041F-1000-0000000FF1CE}_ENTERPRISE_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{020B65AD-B2ED-4B35-92CA-DB56EFB864A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{293FB6BE-D3EB-4162-B522-F9108040B9FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3579CE34-B225-4B19-A3AF-DE5F562A212F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{43171CAD-DC60-4E7B-9703-B2EC18001B9F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{488F0918-97F9-4CD0-8AD5-8986A46AC962}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{718E87EC-6590-485A-B12D-C01D290EDB12}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{AEA16A27-0B97-4670-818F-A98D06EC0A6F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B145DBBB-7778-4A5D-9D2B-DA6569F02391}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C7351301-60F9-4B04-AFF6-600A4C98CE40}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CAB47CC0-A98C-47DD-9FA1-C0416EC96ED5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E34960DB-2A93-45DB-A208-02650F7AB09C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-041F-0000-0000000FF1CE}_ENTERPRISE_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-041F-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-041F-0000-0000000FF1CE}_ENTERPRISE_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-2005-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92DE01AB-0E6F-4F47-8159-91B86FAEC218}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1055-7B44-AA1000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2162169
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708v2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478063
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2514805
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2544514
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572063
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2599651
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2639327
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2698021
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2732797
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome


Adobe Products


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 11 ActiveX
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 11.5.502.146
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xb
VersionMinor REG_DWORD 0x5
UninstallString REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe -maintain activex
DisplayIcon REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
EstimatedSize REG_DWORD 0x1800


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 11 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 11.5.502.146
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xb
VersionMinor REG_DWORD 0x5
UninstallString REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe
EstimatedSize REG_DWORD 0x1800



Autorun


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DAEMON Tools Pro Agent REG_SZ "C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe" -autorun
Steam REG_SZ "C:\Program Files (x86)\Steam\Steam.exe" -silent


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched REG_SZ "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Adobe ARM REG_SZ "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
TkBellExe REG_SZ "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
Adobe REG_SZ C:\ProgramData\Adobe\3D422E.vbe



Restrictions - Internet Explorer




Restrictions - REGEDIT




Restrictions - Explorer


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x91
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


DNS Settings


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26D9982C-60BF-4A1A-B593-D428CF93A2A0}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87342CD1-FF71-409D-A95B-74347ABAA8CE}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BBEAA541-9425-4117-8BE9-94DA26EFE021}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF913288-5A1B-4CB8-BC7B-1068999963B0}

Windows IP Configuration

Host Name . . . . . . . . . . . . : admyn-pc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Kablosuz A§ Ba§lants 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASUS USB Kablosuz A§ Ba§daŸtrcs #2
Physical Address. . . . . . . . . : 00-22-15-B0-4F-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d84:bfe0:d6a6:ad18%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 2:09:01 AM
Lease Expires . . . . . . . . . . : Sunday, January 20, 2013 2:09:01 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Yerel A§ Ba§lants:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-24-1D-10-93-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Ba§daŸtrcs
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:245c:3ce3:3f57:fefb(Preferred)
Link-local IPv6 Address . . . . . : fe80::245c:3ce3:3f57:fefb%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled


AppInit DLLs


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ



Shell Service Object Delay Load


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}




Shell Execute Hooks




Image File Execution Options


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE


Security Providers



Local Security Authority


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0pku2u\0livessp
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x23c
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x1
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


AppCert DLLs



App Paths


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
(Default) REG_SZ C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files (x86)\Adobe\Reader 10.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AUTOTUNE3_DX_key
Path REG_SZ C:\PROGRA~2\ANTARE~1\ANTARE~1
(Default) REG_SZ C:\PROGRA~2\ANTARE~1\ANTARE~1\AAT3 DirectX Register.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
Path REG_SZ C:\Users\admn\AppData\Local\Google\Chrome\Application
(Default) REG_SZ C:\Users\admn\AppData\Local\Google\Chrome\Application\chrome.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
CmstpExtensionDll REG_SZ C:\Windows\system32\cmcfg32.dll
CmNative REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
(Default) REG_SZ C:\Users\admn\Downloads\ComboFix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dvdmaker.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\DVD Maker\dvdmaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
(Default) REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files (x86)\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\FL.exe
(Default) REG_SZ C:\Program Files (x86)\Image-Line\FL Studio 10\FL.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GearBox.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\GearBox\GearBox.exe
Path REG_SZ C:\Program Files (x86)\Line6\GearBox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GR-55FloorBoard.exe
(Default) REG_SZ C:\Program Files (x86)\GR-55FloorBoard\GR-55FloorBoard.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEDIAGCMD.EXE
(Default) REG_SZ C:\Program Files (x86)\Internet Explorer\IEDIAGCMD.EXE
Path REG_SZ C:\Program Files (x86)\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files (x86)\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
(Default) REG_SZ C:\Program Files (x86)\Java\jre7\bin\javaws.exe
Path REG_SZ C:\Program Files (x86)\Java\jre7\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Journal.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Journal\Journal.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\L6LicenseManager.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\Tools\Line 6 License Manager\L6LicenseManager.exe
Path REG_SZ C:\Program Files (x86)\Line6\Tools\Line 6 License Manager

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LangSelector.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\LangSelector.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Line 6 Monkey.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\Tools\Line 6 Monkey\Line 6 Monkey.exe
Path REG_SZ C:\Program Files (x86)\Line6\Tools\Line 6 Monkey

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
(Default) REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mip.exe
(Default) REG_EXPAND_SZ %CommonProgramFiles%\Microsoft Shared\Ink\mip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mpc-hc.exe
(Default) REG_SZ "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe"
Path REG_SZ "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Messenger\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
(Default) REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\OIS.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
(Default) REG_EXPAND_SZ %SystemRoot%\System32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\POD Farm 2.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\POD Farm 2\POD Farm 2.exe
Path REG_SZ C:\Program Files (x86)\Line6\POD Farm 2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\POD Farm.exe
(Default) REG_SZ C:\Program Files (x86)\Line6\POD Farm\POD Farm.exe
Path REG_SZ C:\Program Files (x86)\Line6\POD Farm

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerShell.exe
(Default) REG_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe
Path REG_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RealPlay.exe
(Default) REG_SZ C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Path REG_SZ C:\Program Files (x86)\Real\RealPlayer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RealUpgrade.exe
(Default) REG_SZ C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Path REG_SZ C:\Program Files (x86)\Real\RealUpgrade

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rnxproc.exe
(Default) REG_SZ C:\Program Files (x86)\Real\RealPlayer\Update\rnxproc.exe
Path REG_SZ C:\Program Files (x86)\Real\RealPlayer\Update\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SnippingTool.exe
(Default) REG_EXPAND_SZ %SystemRoot%\system32\SnippingTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
(Default) REG_EXPAND_SZ %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Waves
Path REG_SZ C:\Program Files (x86)\Waves

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WindowsLivePhotoViewer.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Photo Gallery\WindowsLivePhotoViewer.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
(Default) REG_SZ C:\Program Files (x86)\WinRAR\WinRAR.exe
Path REG_SZ C:\Program Files (x86)\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlarp.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlsettings.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\wlsettings.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlstartup.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\wlstartup.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\yourapp.Exe
Path REG_SZ C:\Program Files (x86)\Edirol\Orchestral VST
(Default) REG_SZ C:\Program Files (x86)\Edirol\Orchestral VST\yourapp.Exe



Mozilla


HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{0153E448-190B-4987-BDE1-F256CADA672F} REG_SZ C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs
C:\Program Files (x86)\Mozilla Firefox REG_SZ E7CF176E110C211B

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
(Default) REG_SZ 18.0
CurrentVersion REG_SZ 18.0 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\18.0 (en-US)
(Default) REG_SZ 18.0 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\18.0 (en-US)\Main
Install Directory REG_SZ C:\Program Files (x86)\Mozilla Firefox
PathToExe REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\18.0 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox 18.0 (x86 en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 18.0
GeckoVer REG_SZ 18.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 18.0\bin
PathToExe REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 18.0\extensions
Components REG_SZ C:\Program Files (x86)\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files (x86)\Mozilla Firefox\plugins



Shared Task Scheduler




SafeBoot



SafeBootMinimal


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21636978.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


SafeBootNetwork


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21636978.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


File Rename Operations - Session




Known DLLs - Session


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
DllDirectory32 REG_EXPAND_SZ %SystemRoot%\syswow64
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
PSAPI REG_SZ PSAPI.DLL
rpcrt4 REG_SZ rpcrt4.dll
sechost REG_SZ sechost.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll
DifxApi REG_SZ difxapi.dll



Downloaded program files (ActiveX)


PATH: C:\windows\Downloaded Program Files



Mountpoints


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1091da2e-c28e-11e1-87c1-00241d1093b3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{276a846d-5f4e-11e2-b66e-00241d1093b3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4adb30d1-c118-11e1-b588-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4adb30d2-c118-11e1-b588-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4adb30d5-c118-11e1-b588-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b8a989-c363-11e1-960b-00241d1093b3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b8a98c-c363-11e1-960b-00241d1093b3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d075060e-c4e2-11e1-9ef0-00241d1093b3}


Winlogon


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
DefaultDomainName REG_SZ
DefaultUserName REG_SZ
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile
AUTORESTARTSHELL REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions


Windows Update



Security Software Information

*Note*: Some security software does not store itself in the WMI.



{END OF FILE}

Okay I accidentally clicked 'Run Scan' instead of 'Quickscan'.

So here is the log from 'Run Scan' (just in case) and in the next post I will post the result of the OTL 'Quickscan'.

OTL logfile created on: 1/17/2013 10:00:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admın\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 44.84% Memory free
4.00 Gb Paging File | 2.57 Gb Available in Paging File | 64.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 391.37 Gb Total Space | 132.60 Gb Free Space | 33.88% Space Free | Partition Type: NTFS
Drive D: | 540.04 Gb Total Space | 533.58 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADMıN-PC | User Name: admın | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
PRC - [2013/01/16 11:47:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
PRC - [2013/01/12 03:40:17 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/10 18:09:38 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/21 11:38:11 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/16 20:46:07 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/11/26 14:29:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/26 14:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/17 21:57:21 | 000,370,702 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\svchost.exe
MOD - [2013/01/17 21:57:21 | 000,249,344 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libcurl-4.dll
MOD - [2013/01/17 21:57:21 | 000,087,054 | ---- | M] () -- C:\Users\admın\AppData\Local\Temp\libpdcurses.dll
MOD - [2013/01/12 03:40:06 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 18:09:37 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/21 11:38:15 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/21 11:38:11 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/21 11:38:11 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/21 11:38:11 | 000,969,280 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/12/21 11:38:11 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/21 11:38:11 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/12 03:40:16 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 18:09:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 11:38:11 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/11 23:46:02 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/01 12:00:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/26 22:00:18 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l6TportUX864.sys -- (l6TportUX8)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001/09/27 16:00:32 | 000,027,584 | ---- | M] (NemeSys Music Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\filespy.sys -- (FILESPY)
DRV - [2001/09/27 15:48:46 | 000,738,976 | ---- | M] (Conexant Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew.sys -- (EWAVE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admın\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/26 14:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 03:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/26 14:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Extensions
[2013/01/16 11:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admın\AppData\Roaming\Mozilla\Firefox\Profiles\zdcv06km.default\extensions
[2012/12/11 15:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/26 14:29:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013/01/12 03:40:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 08:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 08:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=1a813b21000000000000001cf0c9416a
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\adm\u0131n\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\admın\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/01/15 00:07:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\3D422E.vbe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\Daemon Tools Pro v5.1.0\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3655514959-12179107-2567171075-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D9982C-60BF-4A1A-B593-D428CF93A2A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87342CD1-FF71-409D-A95B-74347ABAA8CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBEAA541-9425-4117-8BE9-94DA26EFE021}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D52D4DA9-6AFE-4683-AF44-A9FD49C0FF39}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF913288-5A1B-4CB8-BC7B-1068999963B0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 11:58:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/16 11:47:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/15 00:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/14 13:47:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/14 01:25:34 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\mbar
[2013/01/12 02:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/12 02:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/10 23:06:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/10 23:03:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/10 22:46:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/10 18:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/10 18:26:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/10 18:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/10 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/10 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/10 13:29:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/10 12:23:44 | 000,000,000 | ---D | C] -- C:\Users\admın\Desktop\EverestTest
[2013/01/10 11:04:42 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/10 11:04:42 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/10 11:04:30 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/10 11:04:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/09 18:17:23 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2013/01/05 17:20:14 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\Backtracks
[2013/01/05 13:20:51 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\SongLyrics
[2012/12/30 02:48:51 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\Programs
[2012/12/26 01:50:37 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Roaming\Sports Interactive
[2012/12/24 20:57:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/12/24 20:57:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/12/24 20:57:47 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/12/24 20:57:47 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/12/24 20:57:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/12/24 20:57:46 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/12/24 20:57:46 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/12/24 20:57:46 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/12/24 20:57:46 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/12/24 20:57:46 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/12/24 20:57:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/12/24 20:57:46 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/12/24 20:57:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/12/24 20:57:46 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/12/24 20:57:46 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/12/24 20:57:45 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/12/24 20:57:45 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/12/22 13:03:26 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\GuitarLessonResource
[2012/12/21 20:56:09 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 20:56:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 20:56:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 20:56:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/19 12:01:03 | 000,000,000 | ---D | C] -- C:\Users\admın\Documents\4A Games
[2012/12/19 12:00:02 | 000,000,000 | ---D | C] -- C:\Users\admın\AppData\Local\4A Games
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/17 21:56:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/17 21:56:24 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/17 12:12:20 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 12:12:20 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 12:09:00 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/16 11:47:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admın\Desktop\OTL.exe
[2013/01/15 22:07:37 | 001,564,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/15 22:07:37 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/01/15 22:07:37 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/15 22:07:37 | 000,138,932 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/01/15 22:07:37 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 00:07:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/14 13:47:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/13 02:01:12 | 251,439,298 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/11 12:47:23 | 000,021,132 | ---- | M] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | M] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | M] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | M] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/01/10 18:12:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/01/10 18:09:38 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/10 18:09:38 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/10 16:50:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/10 13:13:29 | 000,342,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 13:11:32 | 001,542,464 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/03 12:23:01 | 000,040,162 | ---- | M] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:55 | 000,055,885 | ---- | M] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:39 | 028,449,468 | ---- | M] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:09:02 | 000,098,545 | ---- | M] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:54 | 000,036,370 | ---- | M] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:39 | 000,209,288 | ---- | M] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:38 | 000,100,801 | ---- | M] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:51 | 000,081,736 | ---- | M] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:57:52 | 150,719,027 | ---- | M] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:22 | 000,075,354 | ---- | M] () -- C:\Users\admın\Documents\Nice.jpg
[1 C:\Users\admın\Desktop\*.tmp files -> C:\Users\admın\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/11 12:47:04 | 000,021,132 | ---- | C] () -- C:\Users\admın\Documents\Am Pentatonic scale.png
[2013/01/11 11:58:42 | 000,420,187 | ---- | C] () -- C:\Users\admın\Desktop\Svchost.jpg
[2013/01/10 22:52:03 | 000,001,108 | ---- | C] () -- C:\Users\admın\Desktop\ComboFix - Shortcut.lnk
[2013/01/10 18:26:47 | 000,001,133 | ---- | C] () -- C:\Users\admın\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/10 16:50:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/10 16:50:45 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/03 23:15:37 | 737,107,968 | ---- | C] () -- C:\Users\admın\Desktop\The Shawshank Redemption[1994]DvDrip[Eng]-FXG.avi
[2013/01/03 12:22:50 | 000,040,162 | ---- | C] () -- C:\Users\admın\Documents\nicee (2).jpg
[2013/01/01 23:30:51 | 000,055,885 | ---- | C] () -- C:\Users\admın\Documents\nn.jpg
[2013/01/01 16:52:23 | 028,449,468 | ---- | C] () -- C:\Users\admın\Desktop\AutumnLeaves.zip
[2012/12/31 11:08:57 | 000,098,545 | ---- | C] () -- C:\Users\admın\Documents\ikini.jpg
[2012/12/29 19:18:49 | 000,036,370 | ---- | C] () -- C:\Users\admın\Documents\yum.jpg
[2012/12/28 21:42:29 | 000,209,288 | ---- | C] () -- C:\Users\admın\Documents\nicee.jpg
[2012/12/27 21:24:32 | 000,100,801 | ---- | C] () -- C:\Users\admın\Documents\bik.jpg
[2012/12/27 00:28:50 | 000,081,736 | ---- | C] () -- C:\Users\admın\Documents\407970_525477294152683_1014306641_n.jpg
[2012/12/19 13:54:59 | 150,719,027 | ---- | C] () -- C:\Users\admın\Documents\Inception Soundtrack - Time _ Piano _ Sax (Relaxing).mp4
[2012/12/19 12:53:15 | 000,075,354 | ---- | C] () -- C:\Users\admın\Documents\Nice.jpg
[2012/11/22 01:28:28 | 000,119,840 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/11 23:46:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/11 23:46:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/01 16:19:59 | 000,000,359 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012/07/01 12:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012/07/01 12:49:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/07/01 12:49:22 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012/06/30 19:16:51 | 001,542,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/30 17:40:29 | 000,296,448 | ---- | C] () -- C:\Windows\LOOP.exe
[2012/06/30 17:38:19 | 000,000,113 | ---- | C] () -- C:\Windows\system32.INI
[2012/06/30 11:57:57 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/06/28 14:04:00 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/28 14:04:00 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/28 14:04:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/28 14:04:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/28 14:03:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/25 11:48:58 | 000,074,293 | ---- | C] () -- C:\Users\admın\AppData\Roaming\Setup.1.2.exe

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 1339 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:WVViVGXyIw88PnYxHA3M
@Alternate Data Stream - 1271 bytes -> C:\ProgramData\Microsoft:Qstur9fW4hys2oFIPsGT1N
@Alternate Data Stream - 1271 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:wA46eoPGPeO4snilK0kc7mMFIYi
@Alternate Data Stream - 1227 bytes -> C:\ProgramData\Microsoft:03yUl3P72JlarMKI5TEPS0783lIG
@Alternate Data Stream - 1176 bytes -> C:\ProgramData\Microsoft:zsUqGa9oZSuGytqJEMvkANc

< End of report >