Inactive The Google redirect virus

[cjsrulz]

Hi I'm new to these forums and I have been having an issue with a VERY annoying virus. I've been getting redirected to various links that only show adds when I search google and click a link. Also sometimes it will say a page has loaded when there is nothing there and no matter how many time I refresh it stays the same. I've read a few posts here and learned that I need to post a log of three programs. Malware Bytes is not compatible with windows x64 so I can't use it, I have the same issue with "dds.scr". The only one that worked was gmer. If it helps I also have HiJackThis. Here is the log of it:



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-26 19:46:59
Windows 5.2.3790 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCD 0x73 0xB5 0xAF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCD 0x73 0xB5 0xAF ...

---- EOF - GMER 1.0.15 ----
As a side note sometimes when I open a link a second window comes up opening as much as 300+ tabs. These tabs all have one word on them that sends a message when read. I attached a screen shot I took of it.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

Malware Bytes is not compatible with windows x64 so I can't use it, I have the same issue with "dds.scr".

Both programs are 64-bit compatible.
What happens when you try to run them?

 

[cjsrulz]

Malware Bytes gives me an error that reads: "PROGRAM_ERROR_LOAD_DATABASE(0, 13, CreateSDK)"
Then DDS says" "This operating system is not supported!"

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[cjsrulz]

ComboFix also says it is not supported.

 

[Broni]

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[cjsrulz]

It keeps saying that the page was reset everytime I post... It only says that when I post the logs...

 

[Broni]

Did you try different browser?

Alternatively...

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):

 

[cjsrulz]

http://www.filedropper.com/otl_2
and
http://www.filedropper.com/extras_3
That's it

 

[Broni]

OTL logfile created on: 7/26/2011 8:30:56 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.51% Memory free
5.75 Gb Paging File | 4.28 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 570.32 Gb Free Space | 61.23% Space Free | Partition Type: NTFS
Drive D: | 8.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CALVIN-6YRW29RV | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/26 20:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/07/05 01:48:21 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2011/06/23 15:00:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/14 15:07:20 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/02/19 13:46:34 | 004,431,016 | ---- | M] (Thorvald Natvig) -- C:\Program Files (x86)\Mumble\mumble.exe
PRC - [2010/11/16 15:45:04 | 001,242,448 | ---- | M] (Valve Corporation) -- c:\Program Files (x86)\Steam\steam.exe
PRC - [2010/07/15 10:02:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/26 10:49:49 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
PRC - [2008/07/23 18:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/06/24 15:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/12 12:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [2007/02/18 11:05:40 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/03/29 05:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ping.exe


========== Modules (SafeList) ==========

MOD - [2011/07/26 20:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/07/26 18:32:53 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/02/19 13:47:14 | 000,129,192 | ---- | M] () -- C:\Program Files (x86)\Mumble\mumble_ol.dll
MOD - [2010/09/07 18:04:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll
MOD - [2007/02/18 11:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime
MOD - [2007/02/18 11:05:22 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2006/03/29 05:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 10:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2011/07/05 01:48:21 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/07/15 10:02:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/21 12:41:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/11/14 22:57:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/03/29 05:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/12 14:55:18 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/03/29 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 00 35 06 1B FF A1 4E BE E0 B2 F2 6E 94 BC CC [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 00 35 06 1B FF A1 4E BE E0 B2 F2 6E 94 BC CC [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 00 35 06 1B FF A1 4E BE E0 B2 F2 6E 94 BC CC [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 00 35 06 1B FF A1 4E BE E0 B2 F2 6E 94 BC CC [binary data]

IE - HKU\S-1-5-21-3449149126-3292954953-954699359-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 00 35 06 1B FF A1 4E BE E0 B2 F2 6E 94 BC CC [binary data]

IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 00 35 06 1B FF A1 4E BE E0 B2 F2 6E 94 BC CC [binary data]
IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33554

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..network.proxy.socks_version: 0
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/25 09:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/23 15:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/11 16:56:23 | 000,000,000 | ---D | M]

[2009/10/25 22:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/10/25 22:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/07/21 11:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions
[2011/07/20 13:03:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{1b1e3e9f-b94d-4738-ad18-9b070834d323}
[2010/07/22 11:57:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 21:55:58 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/01/12 16:27:18 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\searchplugins\conduit.xml
[2011/05/05 21:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/12 19:20:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G6ZM1OEA.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2009/10/25 22:54:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 15:00:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {0635001B-FF1B-4EA1-BEE0-B2F26E94BCCc} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3:64bit: - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3:64bit: - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3:64bit: - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-500..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-500..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-500..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-500..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] File not found
O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-1005..\RunOnce: [NeroHomeFirstStart] C:\Program Files (x86)\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-1005..\RunOnce: [tscuninstall] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Anapod Manager.lnk = C:\Program Files (x86)\Red Chair Software\Anapod Explorer\anamgr.exe (Red Chair Software, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3449149126-3292954953-954699359-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3449149126-3292954953-954699359-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O15 - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/19 17:44:17 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{195dd8d1-33ad-11df-9c57-00248caf1800}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{195dd8d1-33ad-11df-9c57-00248caf1800}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - File not found
Drivers32:64bit: midi - File not found
Drivers32:64bit: midimapper - File not found
Drivers32:64bit: mixer - File not found
Drivers32:64bit: msacm.imaadpcm - File not found
Drivers32:64bit: msacm.msadpcm - File not found
Drivers32:64bit: msacm.msg711 - File not found
Drivers32:64bit: msacm.msgsm610 - File not found
Drivers32:64bit: msacm.trspch - File not found
Drivers32:64bit: MSVideo8 - File not found
Drivers32:64bit: VIDC.FPS1 - File not found
Drivers32:64bit: vidc.i420 - File not found
Drivers32:64bit: vidc.iv31 - File not found
Drivers32:64bit: vidc.iv32 - File not found
Drivers32:64bit: vidc.iv41 - File not found
Drivers32:64bit: vidc.iv50 - File not found
Drivers32:64bit: VIDC.IYUV - File not found
Drivers32:64bit: vidc.mrle - File not found
Drivers32:64bit: vidc.msvc - File not found
Drivers32:64bit: VIDC.UYVY - File not found
Drivers32:64bit: VIDC.YUY2 - File not found
Drivers32:64bit: VIDC.YVU9 - File not found
Drivers32:64bit: VIDC.YVYU - File not found
Drivers32:64bit: wave - File not found
Drivers32:64bit: wavemapper - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\SysWow64\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

 

[Broni]

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 20:30:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/26 20:23:22 | 004,154,103 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/07/26 18:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2011/07/26 18:56:23 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/07/25 14:45:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\system64
[2011/07/24 23:36:55 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2011/07/24 23:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/24 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/24 22:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/24 22:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/07/24 22:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/24 22:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/24 22:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/23 18:58:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/07/21 17:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\BFBC2
[2011/07/17 16:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Origin
[2011/07/17 16:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Origin
[2011/07/17 16:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Origin
[2011/07/17 16:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/07/17 16:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/07/17 16:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/07/15 19:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2011/07/15 19:23:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\{58DD9328-F612-41B7-8353-D3B190E70C7C}
[2011/07/15 19:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WUSB54GC_3.1.00.016_LA_20090410
[2011/07/12 21:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/07/03 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\save
[2011/07/01 16:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mumble
[2011/07/01 16:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble
[2011/07/01 16:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2011/06/29 00:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Cave Story Deluxe
[2011/06/29 00:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cave Story Deluxe
[2011/06/28 14:22:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Runes of Magic
[2011/06/28 03:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Runes of Magic
[2011/06/28 03:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runes of Magic
[2011/06/28 02:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/06/28 01:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/06/28 01:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters
[2011/06/28 01:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/06/28 01:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
[2011/06/28 01:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2011/06/28 00:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RoM4-Full-US
[2011/06/28 00:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA GAMES
[2011/06/28 00:04:09 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/06/27 23:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Phyxion.net
[2011/06/27 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2011/06/27 16:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Funcom
[2011/06/27 16:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Funcom
[2011/06/27 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2011/06/27 02:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PunkBuster
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/26 20:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/26 20:23:31 | 004,154,103 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/07/26 20:22:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/26 18:56:23 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/07/26 18:56:04 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2011/07/26 18:32:18 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/26 18:31:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/26 17:39:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2011/07/26 14:25:11 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spiral Knights.url
[2011/07/26 13:13:24 | 000,000,732 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\hosts
[2011/07/24 23:36:55 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/24 22:17:26 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/23 19:11:26 | 000,000,072 | ---- | M] () -- C:\WINDOWS\SysWow64\1113901059
[2011/07/23 18:19:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk
[2011/07/21 17:34:06 | 000,215,128 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.xtr
[2011/07/21 17:34:06 | 000,215,128 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2011/07/20 13:14:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/17 14:49:13 | 000,215,128 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2011/07/12 00:41:21 | 000,611,158 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2011/07/05 01:48:21 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2011/07/04 00:30:36 | 002,434,856 | ---- | M] () -- C:\WINDOWS\SysWow64\pbsvc_bc2.exe
[2011/07/01 16:17:20 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MumbleAutomaticCertificateBackup.p12
[2011/07/01 16:14:56 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/06/29 00:52:55 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Play Cave Story.lnk
[2011/06/28 03:32:28 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Runes of Magic.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/26 18:56:06 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2011/07/26 14:25:11 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spiral Knights.url
[2011/07/26 13:12:22 | 000,000,732 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\hosts
[2011/07/24 23:36:55 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/24 22:17:26 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/20 13:03:09 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SysWow64\1113901059
[2011/07/17 16:13:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk
[2011/07/04 00:30:36 | 002,434,856 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc_bc2.exe
[2011/07/01 16:17:20 | 000,002,378 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MumbleAutomaticCertificateBackup.p12
[2011/07/01 16:14:56 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/06/29 00:52:55 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Play Cave Story.lnk
[2011/06/28 03:32:29 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Runes of Magic.lnk
[2011/06/27 02:53:57 | 000,215,128 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.xtr
[2011/06/17 10:40:56 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll
[2011/06/17 10:40:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll
[2011/06/17 10:40:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll
[2011/06/17 10:39:55 | 000,026,297 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/06/04 00:48:48 | 000,056,952 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2011/04/15 18:01:09 | 000,000,143 | ---- | C] () -- C:\WINDOWS\SysWow64\msexcr.ini
[2011/01/03 19:35:53 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.pls
[2010/10/26 19:57:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/07/09 01:54:29 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/07/05 23:08:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\SysWow64\rmc_rtspdl.dll
[2010/04/12 14:18:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2010/03/14 00:26:59 | 000,131,072 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall.exe
[2010/03/14 00:26:59 | 000,036,110 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/03/06 01:50:01 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/25 22:32:03 | 001,970,176 | ---- | C] () -- C:\WINDOWS\SysWow64\d3dx9.dll
[2009/11/08 00:43:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/08 00:43:28 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/26 21:33:16 | 000,611,158 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/10/26 21:31:50 | 000,215,128 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2009/10/26 21:31:50 | 000,075,136 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2009/10/26 21:31:49 | 000,669,184 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2009/10/26 15:06:00 | 000,024,576 | R--- | C] () -- C:\WINDOWS\SysWow64\AsIO.dll
[2009/10/26 15:06:00 | 000,014,392 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2009/10/26 15:05:57 | 000,011,832 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2009/10/26 15:05:57 | 000,010,216 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys
[2009/10/26 14:56:22 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2009/10/26 14:52:46 | 000,023,208 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/26 14:52:46 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2009/10/26 01:06:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/25 21:02:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/25 15:48:15 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/25 15:17:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\SysWow64\OpenQuicktimeLib.dll
[2006/03/29 05:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2006/03/29 05:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2006/03/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2006/03/29 05:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2006/03/29 05:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2006/03/29 05:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2006/03/29 05:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2006/03/29 05:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2006/03/29 05:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2006/03/29 05:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2006/03/29 05:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2006/03/29 05:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2006/03/29 05:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2006/03/29 05:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2006/03/29 05:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2006/03/29 05:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2006/03/29 05:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2006/03/29 05:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2006/03/29 05:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2006/03/29 05:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2006/03/29 05:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2006/03/29 05:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

========== LOP Check ==========

[2011/04/03 20:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.doomseeker
[2011/07/16 11:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2009/11/14 17:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Clickteam
[2011/06/19 08:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009/11/14 21:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DragonicaSCB
[2011/04/27 22:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2011/06/18 00:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hi-Rez Studios
[2011/06/11 17:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ijjigame
[2010/04/18 02:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KDE
[2011/07/26 18:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2011/03/10 19:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient
[2011/07/17 18:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ManyCam
[2011/07/26 18:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mumble
[2010/08/23 20:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MySQL
[2010/08/20 19:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nexon
[2010/08/12 19:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2011/07/17 16:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Origin
[2011/04/09 23:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PFStaticIP
[2009/11/13 20:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Chair Software
[2011/05/15 16:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RIFT
[2010/01/10 00:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SharePod
[2010/03/19 21:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2011/04/04 20:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/12/07 16:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2009/12/14 00:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Touchstone
[2011/07/26 18:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/12/02 23:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WindSolutions
[2011/07/24 22:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2009/11/06 15:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 15:08:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/17 00:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/07 14:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/07/17 16:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/03/19 17:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/09/20 13:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/06/05 01:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/11/07 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/11/07 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/07/17 16:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/06/28 01:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/06/30 01:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/11/06 15:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2011/06/28 01:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/12/02 23:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/10/28 16:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/26 00:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/07/26 18:30:31 | 000,032,496 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/10/25 15:48:10 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/03/19 17:44:17 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/13 21:37:26 | 000,000,225 | RHS- | M] () -- C:\boot.ini
[2009/10/26 01:03:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/08/02 23:58:16 | 1201,564,632 | ---- | M] () -- C:\HellyMSv75.rar
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/10/26 01:03:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2009/10/26 01:03:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/10 00:15:00 | 1763,606,856 | ---- | M] () -- C:\MSSetupv83.exe
[2006/03/29 05:00:00 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/12 14:16:03 | 000,297,072 | RHS- | M] () -- C:\ntldr
[2011/07/26 18:31:45 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/03/13 19:49:38 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2011/05/07 14:12:54 | 000,696,664 | ---- | M] () -- C:\shared.log
[2009/10/26 15:11:16 | 000,000,057 | ---- | M] () -- C:\splash.idx
[2011/07/26 13:58:43 | 000,074,690 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_26.07.2011_13.41.52_log.txt
[2011/07/26 15:36:38 | 000,037,640 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_26.07.2011_15.36.21_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/11/19 16:13:04 | 000,005,552 | -H-- | M] () -- C:\version

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/10/26 01:02:52 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 18:57:56 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2006/03/29 05:00:00 | 000,000,002 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/26 01:03:15 | 000,000,290 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/12 14:31:34 | 000,000,117 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/10/26 01:07:35 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/07/26 20:23:31 | 004,154,103 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/05/31 17:46:31 | 072,133,492 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\iwbtgbeta(slomo).exe
[2011/02/22 19:00:42 | 000,269,421 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Minecraft.exe
[2011/07/26 20:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/06/28 02:12:38 | 108,500,664 | ---- | M] (NVIDIA Corporation) -- C:\Documents and Settings\Administrator\My Documents\275.33-desktop-winxp-64bit-english-whql.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/04/12 14:31:34 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/11/06 15:15:16 | 000,006,246 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/26 20:30:11 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/02/18 11:05:56 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[2006/06/24 15:47:48 | 000,030,720 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2010/04/12 17:47:38 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Favorites\??sorted Bookmarks) -- C:\Documents and Settings\Administrator\Favorites\顸“sorted Bookmarks

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\system64] -> \systemroot\system32 -> Mount Point

< End of report >

 

[Broni]

OTL Extras logfile created on: 7/26/2011 8:30:56 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.51% Memory free
5.75 Gb Paging File | 4.28 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 570.32 Gb Free Space | 61.23% Space Free | Partition Type: NTFS
Drive D: | 8.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CALVIN-6YRW29RV | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3449149126-3292954953-954699359-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l File not found
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" File not found
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" File not found
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57051:TCP" = 57051:TCP:*:Enabledando Media Booster
"57051:UDP" = 57051:UDP:*:Enabledando Media Booster
"57487:TCP" = 57487:TCP:*:Enabledando Media Booster
"57487:UDP" = 57487:UDP:*:Enabledando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56457:TCP" = 56457:TCP:*:Enabledando Media Booster
"56457:UDP" = 56457:UDP:*:Enabledando Media Booster
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"57051:TCP" = 57051:TCP:*:Enabledando Media Booster
"57051:UDP" = 57051:UDP:*:Enabledando Media Booster
"57487:TCP" = 57487:TCP:*:Enabledando Media Booster
"57487:UDP" = 57487:UDP:*:Enabledando Media Booster
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"25565:TCP" = 25565:TCP:*:Enabled:Minecraft
"8382:TCP" = 8382:TCP:*:Enabled:League of Legends Launcher
"8382:UDP" = 8382:UDP:*:Enabled:League of Legends Launcher
"8383:TCP" = 8383:TCP:*:Enabled:League of Legends Launcher
"8383:UDP" = 8383:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6966:TCP" = 6966:TCP:*:Enabled:League of Legends Launcher
"6966:UDP" = 6966:UDP:*:Enabled:League of Legends Launcher

 

[Broni]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- (Microsoft Corporation)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()
"C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe" = C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe:*:Enabledragon Age II -- (BioWare)
"C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe" = C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe:*:Enabledragon Age II Launcher -- (BioWare)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- (Microsoft Corporation)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()
"C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe" = C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe:*:Enabledragon Age II -- (BioWare)
"C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe" = C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe:*:Enabledragon Age II Launcher -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
"C:\Program Files (x86)\LimeWire\LimeWire.exe" = C:\Program Files (x86)\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files (x86)\Steam\steamapps\common\crysis warhead\Bin32\Crysis.exe" = C:\Program Files (x86)\Steam\steamapps\common\crysis warhead\Bin32\Crysis.exe:*:Enabled:Crysis Warhead -- (Crytek GmbH)
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\age of chivalry\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\age of chivalry\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\team fortress 2\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\Program Files (x86)\AVG\AVG9\avgupd.exe" = C:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\PFPortChecker\PFPortChecker.exe" = C:\Program Files (x86)\PFPortChecker\PFPortChecker.exe:*:EnabledFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Turok.Full-Rip.Skullptura\Turok.Full-Rip.Skullptura\Turok\Binaries\TurokGame.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Turok.Full-Rip.Skullptura\Turok.Full-Rip.Skullptura\Turok\Binaries\TurokGame.exe:*:Enabled:Turok
"C:\Program Files (x86)\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files (x86)\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files (x86)\World of Warcraft\Launcher.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe
"C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files (x86)\StarCraft II Beta\StarCraft II.exe" = C:\Program Files (x86)\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base14803\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base14803\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15097\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15097\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15133\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15250\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- (Microsoft Corporation)
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15343\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15392\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15392\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15449\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15449\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15580\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15580\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15623\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15623\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15655\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15655\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Doom 1&2\Doom 1&2\Idese.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Doom 1&2\Doom 1&2\Idese.exe:*:Enabled:Idese -- ()
"C:\Documents and Settings\Administrator\My Documents\Downloads\Doom 1&2\Doom 1&2\Skulltag.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Doom 1&2\Doom 1&2\Skulltag.exe:*:Enabled:Skulltag -- ( )
"C:\Program Files (x86)\Steam\steamapps\common\dead space\Dead Space.exe" = C:\Program Files (x86)\Steam\steamapps\common\dead space\Dead Space.exe:*:Enabledead Space -- ()
"C:\Program Files (x86)\Steam\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files (x86)\Steam\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabledead Space -- ()
"C:\Program Files (x86)\StarCraft II\StarCraft II.exe" = C:\Program Files (x86)\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files (x86)\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files (x86)\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\StarCraft II\Versions\Base16605\SC2.exe" = C:\Program Files (x86)\StarCraft II\Versions\Base16605\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files (x86)\StarCraft II\Versions\Base16755\SC2.exe" = C:\Program Files (x86)\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files (x86)\StarCraft II\Versions\Base16939\SC2.exe" = C:\Program Files (x86)\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe" = C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\garrysmod\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\garrysmod\hl2.exe:*:Enabled:Garry's Mod
"C:\Program Files (x86)\Steam\steamapps\common\crysis 2 - demo\Bin32\Crysis2Demo.exe" = C:\Program Files (x86)\Steam\steamapps\common\crysis 2 - demo\Bin32\Crysis2Demo.exe:*:Enabled:Crysis 2 Demo -- (Crytek GmbH)
"C:\Program Files (x86)\Skulltag\skulltag.exe" = C:\Program Files (x86)\Skulltag\skulltag.exe:*:Enabled:Skulltag -- ( )

 

[Broni]

"C:\Program Files (x86)\Skulltag\doomseeker.exe" = C:\Program Files (x86)\Skulltag\doomseeker.exe:*:Enabledoomseeker -- ()
"C:\Program Files (x86)\Skulltag\rcon_utility.exe" = C:\Program Files (x86)\Skulltag\rcon_utility.exe:*:Enabled:RCON_utility -- ()
"C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\day of defeat source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\day of defeat source\hl2.exe:*:Enableday of Defeat: Source
"C:\Program Files (x86)\FrostWire\FrostWire.exe" = C:\Program Files (x86)\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()

 

[Broni]

"C:\Program Files (x86)\Stunlock Studios\Bloodline Champions\Binary\BloodlineChampions.exe" = C:\Program Files (x86)\Stunlock Studios\Bloodline Champions\Binary\BloodlineChampions.exe:*:Enabled:Bloodline Champions -- (Stunlock Studios)
"C:\Program Files (x86)\REACTOR\REACTOR.exe" = C:\Program Files (x86)\REACTOR\REACTOR.exe:*:Enabled:Reactor Application -- (NHN Corporation)
"C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe" = C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\zombie panic! source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\zombie panic! source\hl2.exe:*:Enabled:Zombie Panic Source -- ()
"C:\Program Files (x86)\Steam\steamapps\common\duke nukem forever\System\DukeForever.exe" = C:\Program Files (x86)\Steam\steamapps\common\duke nukem forever\System\DukeForever.exe:*:Enableduke Nukem Forever -- ()
"C:\Program Files (x86)\Steam\steamapps\common\ava\REACTOR.exe" = C:\Program Files (x86)\Steam\steamapps\common\ava\REACTOR.exe:*:Enabled:Alliance of Valiant Arms -- (NHN Corporation)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*:Enabled:Combat Arms -- (Nexon)
"C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\GlobalAgenda.exe" = C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\GlobalAgenda.exe:*:Enabled:TgGame Client -- (HiRez Studios, Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\champions online\Champions Online.exe" = C:\Program Files (x86)\Steam\steamapps\common\champions online\Champions Online.exe:*:Enabled:Champions Online: Free For All -- ()
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)
"C:\Program Files (x86)\Runes of Magic\Client.exe" = C:\Program Files (x86)\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)

 

[Broni]

"C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe" = C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe:*:Enabled:Global Agenda -- (Hi-Rez Studios Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE.exe" = C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE.exe:*:Enabled:Serious Sam HD: The Second Encounter -- ()
"C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE_Unrestricted.exe" = C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE_Unrestricted.exe:*:Enabled:Serious Sam HD: The Second Encounter -- ()
"C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the first encounter\Bin\SamHD.exe" = C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the first encounter\Bin\SamHD.exe:*:Enabled:Serious Sam HD: The First Encounter -- (Croteam)
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:EnablednkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:EnablednkBstrB -- ()
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe" = C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe:*:Enabledortal 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe" = C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe:*:Enabled:Spiral Knights -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\Red Chair Software\Anapod Explorer\anamgr.exe" = C:\Program Files (x86)\Red Chair Software\Anapod Explorer\anamgr.exe:*:Enabled:Anapod Xtreamer -- (Red Chair Software, Inc.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files (x86)\LimeWire\LimeWire.exe" = C:\Program Files (x86)\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files (x86)\Steam\steamapps\common\crysis warhead\Bin32\Crysis.exe" = C:\Program Files (x86)\Steam\steamapps\common\crysis warhead\Bin32\Crysis.exe:*:Enabled:Crysis Warhead -- (Crytek GmbH)
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\age of chivalry\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\age of chivalry\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\team fortress 2\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\Program Files (x86)\AVG\AVG9\avgupd.exe" = C:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\PFPortChecker\PFPortChecker.exe" = C:\Program Files (x86)\PFPortChecker\PFPortChecker.exe:*:EnabledFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Turok.Full-Rip.Skullptura\Turok.Full-Rip.Skullptura\Turok\Binaries\TurokGame.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Turok.Full-Rip.Skullptura\Turok.Full-Rip.Skullptura\Turok\Binaries\TurokGame.exe:*:Enabled:Turok
"C:\Program Files (x86)\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files (x86)\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files (x86)\World of Warcraft\Launcher.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe

 

[Broni]

"C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files (x86)\StarCraft II Beta\StarCraft II.exe" = C:\Program Files (x86)\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base14803\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base14803\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15097\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15097\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15133\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15250\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- (Microsoft Corporation)
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15343\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15392\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15392\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15449\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15449\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15580\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15580\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15623\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15623\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15655\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15655\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Doom 1&2\Doom 1&2\Idese.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Doom 1&2\Doom 1&2\Idese.exe:*:Enabled:Idese -- ()
"C:\Documents and Settings\Administrator\My Documents\Downloads\Doom 1&2\Doom 1&2\Skulltag.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Doom 1&2\Doom 1&2\Skulltag.exe:*:Enabled:Skulltag -- ( )
"C:\Program Files (x86)\Steam\steamapps\common\dead space\Dead Space.exe" = C:\Program Files (x86)\Steam\steamapps\common\dead space\Dead Space.exe:*:Enabledead Space -- ()
"C:\Program Files (x86)\Steam\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files (x86)\Steam\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabledead Space -- ()
"C:\Program Files (x86)\StarCraft II\StarCraft II.exe" = C:\Program Files (x86)\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files (x86)\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files (x86)\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\StarCraft II\Versions\Base16605\SC2.exe" = C:\Program Files (x86)\StarCraft II\Versions\Base16605\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files (x86)\StarCraft II\Versions\Base16755\SC2.exe" = C:\Program Files (x86)\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files (x86)\StarCraft II\Versions\Base16939\SC2.exe" = C:\Program Files (x86)\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe" = C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\garrysmod\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\garrysmod\hl2.exe:*:Enabled:Garry's Mod
"C:\Program Files (x86)\Steam\steamapps\common\crysis 2 - demo\Bin32\Crysis2Demo.exe" = C:\Program Files (x86)\Steam\steamapps\common\crysis 2 - demo\Bin32\Crysis2Demo.exe:*:Enabled:Crysis 2 Demo -- (Crytek GmbH)
"C:\Program Files (x86)\Skulltag\skulltag.exe" = C:\Program Files (x86)\Skulltag\skulltag.exe:*:Enabled:Skulltag -- ( )
"C:\Program Files (x86)\Skulltag\doomseeker.exe" = C:\Program Files (x86)\Skulltag\doomseeker.exe:*:Enabledoomseeker -- ()
"C:\Program Files (x86)\Skulltag\rcon_utility.exe" = C:\Program Files (x86)\Skulltag\rcon_utility.exe:*:Enabled:RCON_utility -- ()

 

[Broni]

"C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\day of defeat source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\day of defeat source\hl2.exe:*:Enableday of Defeat: Source
"C:\Program Files (x86)\FrostWire\FrostWire.exe" = C:\Program Files (x86)\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"C:\Program Files (x86)\Stunlock Studios\Bloodline Champions\Binary\BloodlineChampions.exe" = C:\Program Files (x86)\Stunlock Studios\Bloodline Champions\Binary\BloodlineChampions.exe:*:Enabled:Bloodline Champions -- (Stunlock Studios)
"C:\Program Files (x86)\REACTOR\REACTOR.exe" = C:\Program Files (x86)\REACTOR\REACTOR.exe:*:Enabled:Reactor Application -- (NHN Corporation)
"C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe" = C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\zombie panic! source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\zombie panic! source\hl2.exe:*:Enabled:Zombie Panic Source -- ()
"C:\Program Files (x86)\Steam\steamapps\common\duke nukem forever\System\DukeForever.exe" = C:\Program Files (x86)\Steam\steamapps\common\duke nukem forever\System\DukeForever.exe:*:Enableduke Nukem Forever -- ()
"C:\Program Files (x86)\Steam\steamapps\common\ava\REACTOR.exe" = C:\Program Files (x86)\Steam\steamapps\common\ava\REACTOR.exe:*:Enabled:Alliance of Valiant Arms -- (NHN Corporation)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*:Enabled:Combat Arms -- (Nexon)
"C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\GlobalAgenda.exe" = C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\GlobalAgenda.exe:*:Enabled:TgGame Client -- (HiRez Studios, Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\champions online\Champions Online.exe" = C:\Program Files (x86)\Steam\steamapps\common\champions online\Champions Online.exe:*:Enabled:Champions Online: Free For All -- ()
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)
"C:\Program Files (x86)\Runes of Magic\Client.exe" = C:\Program Files (x86)\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)
"C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe" = C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe:*:Enabled:Global Agenda -- (Hi-Rez Studios Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE.exe" = C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE.exe:*:Enabled:Serious Sam HD: The Second Encounter -- ()
"C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE_Unrestricted.exe" = C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the second encounter\Bin\SamHD_TSE_Unrestricted.exe:*:Enabled:Serious Sam HD: The Second Encounter -- ()
"C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the first encounter\Bin\SamHD.exe" = C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the first encounter\Bin\SamHD.exe:*:Enabled:Serious Sam HD: The First Encounter -- (Croteam)
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:EnablednkBstrA -- ()

 

[Broni]

"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:EnablednkBstrB -- ()
"C:\Program Files (x86)\Steam\steamapps\cjsrulz\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\cjsrulz\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe" = C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe:*:Enabledortal 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe" = C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe:*:Enabled:Spiral Knights -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\Red Chair Software\Anapod Explorer\anamgr.exe" = C:\Program Files (x86)\Red Chair Software\Anapod Explorer\anamgr.exe:*:Enabled:Anapod Xtreamer -- (Red Chair Software, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26 (64-bit)
"{773421E8-AD7B-4DC8-AED1-9300D69E1659}" = Touchstone Installer
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"WIC" = Windows Imaging Component
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}" = MapleStory
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5E814C20-F4B4-4C19-A555-A0288A7C805F}" = Infinite Algebra 1
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62EA0FD8-7EDD-4D5E-A519-F96698E01033}" = Nero 8 Essentials
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{8308FDDF-E877-4D08-BC71-AB5A6FFBFAD8}_is1" = AruaROSE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8467F9AC-3C0B-4B30-A202-327EBDF313FD}_is1" = PKOII version 2.4
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BA510D1-045B-4E1A-AF52-2282BBF69D5D}" = LightScribe System Software
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93712806-272D-485E-8D8E-C08E861CF3E0}" = A.V.A
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A944C55A-ECF0-42A9-B66C-0225C6428720}" = Portal
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C12A198C-E751-4729-839A-8FA07CF941C1}_is1" = Dragonica
"{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}" = MapleStory
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C54C7C1F-4015-4217-8F16-8CF993C59793}" = MySQL Server 5.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Anapod Explorer" = Anapod Explorer (remove only)
"Applian Director2.0" = Applian Director
"AruaROSE_is1" = AruaROSE
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"Cave Story Deluxe" = Cave Story Deluxe
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms" = Combat Arms
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Diablo II" = Diablo II
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"FrostWire" = FrostWire 4.21.5
"Game Maker 7.0" = Game Maker 7.0
"HijackThis" = HijackThis 2.0.2
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"LimeWire" = LimeWire 5.3.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"ManyCam" = ManyCam 2.4 (remove only)
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSNINST" = MSN
"Multimedia Fusion Developer 2" = Multimedia Fusion Developer 2
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Origin" = Origin
"PFPortChecker" = PFPortChecker 1.0.39
"Portforward Static IP Address" = Portforward Static IP Address 1.0.45
"PunkBusterSvc" = PunkBuster Services
"Replay Media Catcher 3.11B" = Replay Media Catcher
"Simple Port Forwarding" = Simple Port Forwarding
"Skulltag" = Skulltag
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 17020" = Global Agenda
"Steam App 17330" = Crysis Warhead
"Steam App 17470" = Dead Space
"Steam App 17500" = Zombie Panic Source
"Steam App 17510" = Age of Chivalry
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Steam App 9880" = Champions Online: Free For All
"Steam App 99850" = Crysis 2 Demo
"Steam App 99900" = Spiral Knights
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3449149126-3292954953-954699359-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2011 9:52:42 PM | Computer Name = CALVIN-6YRW29RV | Source = Application Error | ID = 1000
Description = Faulting application setc3.tmp, version 10.50.0.125, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 7/23/2011 9:54:40 PM | Computer Name = CALVIN-6YRW29RV | Source = Application Error | ID = 1000
Description = Faulting application setc7.tmp, version 10.50.0.125, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 7/23/2011 9:56:33 PM | Computer Name = CALVIN-6YRW29RV | Source = Application Error | ID = 1000
Description = Faulting application setca.tmp, version 10.50.0.125, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 7/23/2011 10:01:52 PM | Computer Name = CALVIN-6YRW29RV | Source = Application Error | ID = 1000
Description = Faulting application setce.tmp, version 10.50.0.125, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 7/23/2011 10:03:38 PM | Computer Name = CALVIN-6YRW29RV | Source = Application Error | ID = 1000
Description = Faulting application setd0.tmp, version 10.50.0.125, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 7/26/2011 5:37:24 PM | Computer Name = CALVIN-6YRW29RV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/26/2011 5:37:24 PM | Computer Name = CALVIN-6YRW29RV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/26/2011 7:38:13 PM | Computer Name = CALVIN-6YRW29RV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/26/2011 7:38:13 PM | Computer Name = CALVIN-6YRW29RV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/26/2011 9:43:28 PM | Computer Name = CALVIN-6YRW29RV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 6/14/2011 12:22:01 AM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 6/14/2011 12:22:01 AM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUM11F.tmp\GoogleUpdate.exe.
Reference
error message: The system cannot find the path specified. .

Error - 6/14/2011 7:22:02 PM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 6/14/2011 7:22:02 PM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUM45.tmp\GoogleUpdate.exe.
Reference
error message: The system cannot find the path specified. .

Error - 6/15/2011 12:22:01 AM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 6/15/2011 12:22:01 AM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUM8B.tmp\GoogleUpdate.exe.
Reference
error message: The system cannot find the path specified. .

Error - 6/15/2011 6:22:01 PM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 6/15/2011 6:22:01 PM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUM45.tmp\GoogleUpdate.exe.
Reference
error message: The system cannot find the path specified. .

Error - 6/15/2011 11:22:02 PM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 6/15/2011 11:22:02 PM | Computer Name = CALVIN-6YRW29RV | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUME4.tmp\GoogleUpdate.exe.
Reference
error message: The system cannot find the path specified. .


< End of report >

 

[Broni]

Hold on there while I'm reviewing your logs....

 

[Broni]

You're running 64bit-Windows Server 2003, so we'll have issue with finding proper tools.

Which browser is getting redirected?

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKU\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33554
  FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
  O2 - BHO: (no name) - {0635001B-FF1B-4EA1-BEE0-B2F26E94BCCc} - File not found
  O3:64bit: - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
  O3:64bit: - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
  O3:64bit: - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
  O4:64bit: - HKLM..\Run: [NvCplDaemon] File not found
  O4:64bit: - HKLM..\Run: [NvMediaCenter] File not found
  O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-500..\Run: [AdobeBridge] File not found
  O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] File not found
  O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] File not found
  O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] File not found
  O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] File not found
  O4 - HKU\S-1-5-21-3449149126-3292954953-954699359-1005..\RunOnce: [tscuninstall] File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O15 - HKU\S-1-5-21-3449149126-3292954953-954699359-500\..Trusted Ranges: Range1979 ([http] in Trusted sites)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
  O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
  [C:\WINDOWS\system64] -> \systemroot\system32 -> Mount Point
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

 

[cjsrulz]

Sorry about the wait, here is the log of when I ran the fix:
All processes killed
========== OTL ==========
HKU\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0635001B-FF1B-4EA1-BEE0-B2F26E94BCCc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0635001B-FF1B-4EA1-BEE0-B2F26E94BCCc}\ deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ .
64bit-Registry value HKEY_USERS\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3449149126-3292954953-954699359-500\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3449149126-3292954953-954699359-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3449149126-3292954953-954699359-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET15.tmp deleted successfully.
C:\WINDOWS\SET1F.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET41.tmp deleted successfully.
C:\WINDOWS\SET5.tmp deleted successfully.
C:\WINDOWS\SysWow64\AUTOEXEC.TMP deleted successfully.
C:\WINDOWS\SysWow64\CONFIG.TMP deleted successfully.
Mount Point C:\WINDOWS\system64 removed successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3365523 bytes
->Temporary Internet Files folder emptied: 4225406 bytes
->Java cache emptied: 58209765 bytes
->FireFox cache emptied: 53437425 bytes
->Flash cache emptied: 1969 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 840354120 bytes
->Flash cache emptied: 20329 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 46892 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16453762 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17546271 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 5956900 bytes
RecycleBin emptied: 9141461 bytes

Total Files Cleaned = 962.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07262011_213146

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

You didn't say:

Which browser is getting redirected?

 

[cjsrulz]

And here's the quick scan:
OTL logfile created on: 7/26/2011 9:43:55 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 69.66% Memory free
5.75 Gb Paging File | 4.33 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 571.22 Gb Free Space | 61.32% Space Free | Partition Type: NTFS
Drive D: | 8.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CALVIN-6YRW29RV | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/26 20:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/07/05 01:48:21 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2011/06/23 15:00:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/14 15:07:20 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/02/19 13:46:34 | 004,431,016 | ---- | M] (Thorvald Natvig) -- C:\Program Files (x86)\Mumble\mumble.exe
PRC - [2010/11/16 15:45:04 | 001,242,448 | ---- | M] (Valve Corporation) -- c:\Program Files (x86)\Steam\steam.exe
PRC - [2010/07/15 10:02:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/26 10:49:49 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
PRC - [2008/07/23 18:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/06/24 15:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/12 12:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [2007/02/18 11:05:40 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/03/29 05:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ping.exe


========== Modules (SafeList) ==========

MOD - [2011/07/26 21:36:44 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2011/07/26 20:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/02/19 13:47:14 | 000,129,192 | ---- | M] () -- C:\Program Files (x86)\Mumble\mumble_ol.dll
MOD - [2010/09/07 18:04:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll
MOD - [2007/02/18 11:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime
MOD - [2007/02/18 11:05:22 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2006/03/29 05:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 10:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2011/07/05 01:48:21 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/07/15 10:02:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/21 12:41:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/11/14 22:57:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/03/29 05:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/12 14:55:18 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006/03/29 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 00 35 06 1B FF A1 4E BE E0 B2 F2 6E 94 BC CC [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..network.proxy.socks_version: 0
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/25 09:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/23 15:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/11 16:56:23 | 000,000,000 | ---D | M]

[2009/10/25 22:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/10/25 22:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/07/21 11:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions
[2011/07/20 13:03:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{1b1e3e9f-b94d-4738-ad18-9b070834d323}
[2010/07/22 11:57:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 21:55:58 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/01/12 16:27:18 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6zm1oea.default\searchplugins\conduit.xml
[2011/05/05 21:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/12 19:20:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G6ZM1OEA.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2009/10/25 22:54:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 15:00:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Anapod Manager.lnk = C:\Program Files (x86)\Red Chair Software\Anapod Explorer\anamgr.exe (Red Chair Software, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/19 17:44:17 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{195dd8d1-33ad-11df-9c57-00248caf1800}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{195dd8d1-33ad-11df-9c57-00248caf1800}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 21:36:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\system64
[2011/07/26 21:31:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/26 20:30:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/26 20:23:22 | 004,154,103 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/07/26 18:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2011/07/26 18:56:23 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/07/24 23:36:55 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2011/07/24 23:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/24 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/24 22:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/24 22:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/07/24 22:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/24 22:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/24 22:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/23 18:58:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/07/21 17:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\BFBC2
[2011/07/17 16:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Origin
[2011/07/17 16:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Origin
[2011/07/17 16:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Origin
[2011/07/17 16:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/07/17 16:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/07/17 16:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/07/15 19:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2011/07/15 19:23:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\{58DD9328-F612-41B7-8353-D3B190E70C7C}
[2011/07/15 19:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WUSB54GC_3.1.00.016_LA_20090410
[2011/07/12 21:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/07/03 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\save
[2011/07/01 16:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mumble
[2011/07/01 16:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble
[2011/07/01 16:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2011/06/29 00:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Cave Story Deluxe
[2011/06/29 00:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cave Story Deluxe
[2011/06/28 14:22:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Runes of Magic
[2011/06/28 03:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Runes of Magic
[2011/06/28 03:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runes of Magic
[2011/06/28 02:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/06/28 01:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/06/28 01:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters
[2011/06/28 01:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/06/28 01:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
[2011/06/28 01:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2011/06/28 00:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RoM4-Full-US
[2011/06/28 00:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA GAMES
[2011/06/28 00:04:09 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/06/27 23:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Phyxion.net
[2011/06/27 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2011/06/27 16:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Funcom
[2011/06/27 16:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Funcom
[2011/06/27 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2011/06/27 02:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PunkBuster

========== Files - Modified Within 30 Days ==========

[2011/07/26 21:36:20 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/26 21:36:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/26 21:22:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/26 20:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/26 20:23:31 | 004,154,103 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/07/26 18:56:23 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/07/26 18:56:04 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2011/07/26 17:39:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2011/07/26 14:25:11 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spiral Knights.url
[2011/07/26 13:13:24 | 000,000,732 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\hosts
[2011/07/24 23:36:55 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/24 22:17:26 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/23 19:11:26 | 000,000,072 | ---- | M] () -- C:\WINDOWS\SysWow64\1113901059
[2011/07/23 18:19:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk
[2011/07/21 17:34:06 | 000,215,128 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.xtr
[2011/07/21 17:34:06 | 000,215,128 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2011/07/20 13:14:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/17 14:49:13 | 000,215,128 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2011/07/12 00:41:21 | 000,611,158 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2011/07/05 01:48:21 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2011/07/04 00:30:36 | 002,434,856 | ---- | M] () -- C:\WINDOWS\SysWow64\pbsvc_bc2.exe
[2011/07/01 16:17:20 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MumbleAutomaticCertificateBackup.p12
[2011/07/01 16:14:56 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/06/29 00:52:55 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Play Cave Story.lnk
[2011/06/28 03:32:28 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Runes of Magic.lnk

========== Files Created - No Company Name ==========

[2011/07/26 18:56:06 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2011/07/26 14:25:11 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spiral Knights.url
[2011/07/26 13:12:22 | 000,000,732 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\hosts
[2011/07/24 23:36:55 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/24 22:17:26 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/20 13:03:09 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SysWow64\1113901059
[2011/07/17 16:13:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk
[2011/07/04 00:30:36 | 002,434,856 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc_bc2.exe
[2011/07/01 16:17:20 | 000,002,378 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MumbleAutomaticCertificateBackup.p12
[2011/07/01 16:14:56 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/06/29 00:52:55 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Play Cave Story.lnk
[2011/06/28 03:32:29 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Runes of Magic.lnk
[2011/06/27 02:53:57 | 000,215,128 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.xtr
[2011/06/17 10:40:56 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll
[2011/06/17 10:40:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll
[2011/06/17 10:40:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll
[2011/06/17 10:39:55 | 000,026,297 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/06/04 00:48:48 | 000,056,952 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2011/04/15 18:01:09 | 000,000,143 | ---- | C] () -- C:\WINDOWS\SysWow64\msexcr.ini
[2011/01/03 19:35:53 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.pls
[2010/10/26 19:57:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/07/09 01:54:29 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/07/05 23:08:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\SysWow64\rmc_rtspdl.dll
[2010/04/12 14:18:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2010/03/14 00:26:59 | 000,131,072 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall.exe
[2010/03/14 00:26:59 | 000,036,110 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/03/06 01:50:01 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/25 22:32:03 | 001,970,176 | ---- | C] () -- C:\WINDOWS\SysWow64\d3dx9.dll
[2009/11/08 00:43:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/08 00:43:28 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/26 21:33:16 | 000,611,158 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/10/26 21:31:50 | 000,215,128 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2009/10/26 21:31:50 | 000,075,136 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2009/10/26 21:31:49 | 000,669,184 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2009/10/26 15:06:00 | 000,024,576 | R--- | C] () -- C:\WINDOWS\SysWow64\AsIO.dll
[2009/10/26 15:06:00 | 000,014,392 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2009/10/26 15:05:57 | 000,011,832 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2009/10/26 15:05:57 | 000,010,216 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys
[2009/10/26 14:56:22 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2009/10/26 14:52:46 | 000,023,208 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/26 14:52:46 | 000,010,296 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2009/10/26 01:06:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/25 21:02:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/25 15:48:15 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/25 15:17:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\SysWow64\OpenQuicktimeLib.dll
[2006/03/29 05:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2006/03/29 05:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2006/03/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2006/03/29 05:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2006/03/29 05:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2006/03/29 05:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2006/03/29 05:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2006/03/29 05:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2006/03/29 05:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2006/03/29 05:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2006/03/29 05:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2006/03/29 05:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2006/03/29 05:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2006/03/29 05:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2006/03/29 05:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2006/03/29 05:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2006/03/29 05:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2006/03/29 05:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2006/03/29 05:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2006/03/29 05:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2006/03/29 05:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2006/03/29 05:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

========== LOP Check ==========

 

[cjsrulz]

You didn't say:

Sorry about that, I am using Firefox, it is fully updated too.