TechSpot

Trojan

Solved
By JuiceBox
Sep 11, 2012
  1. JuiceBox

    JuiceBox TS Rookie Topic Starter Posts: 92

    No, nothing seems supremely wrong right now. Here's the first part of the OTL.txt:
    5/2012 3:59:08 PM - Run 1
    OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Landie\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    7.98 Gb Total Physical Memory | 6.81 Gb Available Physical Memory | 85.35% Memory free
    15.96 Gb Paging File | 13.99 Gb Available in Paging File | 87.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 919.21 Gb Total Space | 674.56 Gb Free Space | 73.38% Space Free | Partition Type: NTFS
    Drive J: | 3.60 Gb Total Space | 2.22 Gb Free Space | 61.70% Space Free | Partition Type: FAT32

    Computer Name: NEWDELL | User Name: Landie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/25 15:57:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Landie\Desktop\OTL.exe
    PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2011/01/23 17:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
    PRC - [2011/01/23 17:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
    PRC - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/09/13 17:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/09/03 00:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/03/10 15:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    PRC - [2008/12/23 11:47:56 | 000,351,352 | ---- | M] (The Neat Company) -- C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 07:03:37 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
    MOD - [2012/06/14 07:01:49 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/06/14 07:01:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 07:01:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/13 13:54:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
    MOD - [2012/05/13 13:28:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/13 13:27:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/13 13:27:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/13 13:27:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/13 13:27:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/13 13:27:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/01/23 17:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
    MOD - [2011/01/23 17:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
    MOD - [2010/09/03 00:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2010/08/30 02:34:12 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
    MOD - [2010/04/05 03:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll
    MOD - [2010/04/05 03:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
    MOD - [2010/04/05 03:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll
    MOD - [2010/04/05 03:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll
    MOD - [2010/04/05 03:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
    MOD - [2010/04/05 03:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll
    MOD - [2010/04/05 03:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll
    MOD - [2010/04/05 03:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll
    MOD - [2010/04/01 10:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll
    MOD - [2010/04/01 10:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
    MOD - [2009/05/27 05:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
    MOD - [2009/04/07 16:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
    MOD - [2009/03/09 22:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
    MOD - [2009/03/02 07:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2010/05/17 19:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/04/14 13:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
    SRV:64bit: - [2010/04/14 13:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/07 15:51:45 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/04/05 12:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2011/01/28 14:31:58 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/09/04 00:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/09/04 00:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/04/14 13:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
    SRV - [2010/04/14 13:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/12/23 11:47:56 | 000,351,352 | ---- | M] (The Neat Company) [Auto | Running] -- C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe -- (NeatWorksDatabaseController)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/21 20:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/09/14 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2010/06/08 05:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2010/05/17 19:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/05/17 18:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/04/08 05:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/01/29 01:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2007/07/05 02:58:36 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxu6.sys -- (athrusb6)
    DRV:64bit: - [2007/03/27 19:06:48 | 001,021,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3AFCB586-88DB-4248-BE0B-808D946FBB65}
    IE:64bit: - HKLM\..\SearchScopes\{3AFCB586-88DB-4248-BE0B-808D946FBB65}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {9AF6C5D1-63EA-4FFC-89E6-4D8E67983CA1}
    IE - HKLM\..\SearchScopes\{9AF6C5D1-63EA-4FFC-89E6-4D8E67983CA1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\..\SearchScopes,DefaultScope = {9AF6C5D1-63EA-4FFC-89E6-4D8E67983CA1}
    IE - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Landie\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Landie\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



    ========== Chrome ==========

    CHR - homepage: http://www.google.ca/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.ca/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Landie\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Landie\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Landie\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Landie\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: VStripe = C:\Users\Landie\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfkmahepejjpgmckcdbllhcgfekmhph\1.0_0\
    CHR - Extension: YouTube = C:\Users\Landie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Landie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Landie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/09/24 16:45:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
    O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Lexmark Pro800-Pro900 Series] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe ()
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
    O4 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Landie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2344966874-3736381344-1801091321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B48A33B-BD00-46C1-8317-CD77EB5032BD}: DhcpNameServer = 192.168.1.254 75.153.176.9
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C99A5B1C-6C63-4A11-BC71-F9C6A44E582F}: DhcpNameServer = 192.168.1.254 199.185.220.254
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/25 15:58:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Landie\Desktop\OTL.exe
    [2012/09/24 16:45:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/09/24 16:39:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/24 16:39:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/24 16:39:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/24 16:35:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/23 14:24:02 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Landie\Desktop\unhide.exe
    [2012/09/22 10:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/22 10:59:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/22 10:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/09/22 10:57:00 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Landie\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/09/22 10:51:16 | 000,000,000 | ---D | C] -- C:\Users\Landie\Desktop\RK_Quarantine
    [2012/09/13 16:50:23 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Landie\Desktop\billy.exe
    [2012/09/13 16:22:10 | 000,000,000 | ---D | C] -- C:\found.001
    [2012/09/13 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\Landie\Desktop\tdsskiller
    [2012/09/13 16:09:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Landie\Desktop\aswMBR.exe
    [2012/09/12 16:03:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Landie\Desktop\dds.com
    [2012/08/27 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Landie\Desktop\Crazy Bass Stuff
    [2010/06/02 05:22:02 | 001,801,048 | ---- | C] (Microsoft Corporation) -- C:\Users\Landie\AppData\Local\dsetup32.dll
    [2010/06/02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Users\Landie\AppData\Local\DSETUP.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/09/25 15:57:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Landie\Desktop\OTL.exe
    [2012/09/25 15:56:50 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000UA.job
    [2012/09/25 15:56:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/25 15:56:40 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000Core.job
    [2012/09/24 17:04:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/24 17:04:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/24 16:57:43 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2012/09/24 16:56:50 | 2133,823,487 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/24 16:52:50 | 000,000,624 | ---- | M] () -- C:\Users\Landie\Desktop\iExplore.exe - Shortcut.lnk
    [2012/09/24 16:45:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/24 16:34:41 | 000,000,624 | ---- | M] () -- C:\Users\Landie\Desktop\ComboFix.exe - Shortcut.lnk
    [2012/09/23 14:23:24 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Landie\Desktop\unhide.exe
    [2012/09/22 10:59:04 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/22 10:57:27 | 000,799,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/22 10:57:27 | 000,680,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/22 10:57:27 | 000,129,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/22 10:55:38 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Landie\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/09/22 10:44:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Landie\Desktop\aswMBR.exe
    [2012/09/22 10:40:48 | 001,388,032 | ---- | M] () -- C:\Users\Landie\Desktop\RogueKiller.exe
    [2012/09/22 10:39:40 | 002,193,278 | ---- | M] () -- C:\Users\Landie\Desktop\tdsskiller.zip
    [2012/09/13 16:12:19 | 000,000,681 | ---- | M] () -- C:\Users\Landie\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
  2. JuiceBox

    JuiceBox TS Rookie Topic Starter Posts: 92

    And the Second part of the OTL.txt:
    File_Recovery.lnk
    [2012/09/12 15:59:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Landie\Desktop\dds.com
    [2012/09/12 15:57:08 | 000,302,592 | ---- | M] () -- C:\Users\Landie\Desktop\cbr8bk3o.exe
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/30 08:56:41 | 527,974,013 | ---- | M] () -- C:\Windows\MEMORY.DMP

    ========== Files Created - No Company Name ==========

    [2012/09/24 16:52:50 | 000,000,624 | ---- | C] () -- C:\Users\Landie\Desktop\iExplore.exe - Shortcut.lnk
    [2012/09/24 16:39:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/24 16:39:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/24 16:39:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/24 16:39:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/24 16:39:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/24 16:39:20 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
    [2012/09/24 16:39:20 | 000,000,995 | ---- | C] () -- C:\Users\Landie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    [2012/09/24 16:34:41 | 000,000,624 | ---- | C] () -- C:\Users\Landie\Desktop\ComboFix.exe - Shortcut.lnk
    [2012/09/23 14:34:24 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2012/09/23 14:34:24 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/09/23 14:34:24 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2012/09/23 14:34:24 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2012/09/23 14:34:24 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/09/23 14:34:24 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/09/23 14:34:24 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2012/09/23 14:34:24 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/09/23 14:34:24 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/09/23 14:34:24 | 000,001,126 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker VX.lnk
    [2012/09/23 14:34:23 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/09/23 14:34:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/09/23 14:34:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/09/23 14:34:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/09/23 14:34:22 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
    [2012/09/23 14:34:22 | 000,001,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
    [2012/09/23 14:34:22 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    [2012/09/23 14:34:22 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    [2012/09/23 14:34:22 | 000,000,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Construct 2.lnk
    [2012/09/22 10:59:04 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/22 10:51:13 | 001,388,032 | ---- | C] () -- C:\Users\Landie\Desktop\RogueKiller.exe
    [2012/09/13 16:12:19 | 000,000,681 | ---- | C] () -- C:\Users\Landie\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
    [2012/09/13 16:12:19 | 000,000,657 | ---- | C] () -- C:\Users\Landie\Desktop\File_Recovery.lnk
    [2012/09/13 16:09:37 | 002,193,278 | ---- | C] () -- C:\Users\Landie\Desktop\tdsskiller.zip
    [2012/09/12 16:03:03 | 000,302,592 | ---- | C] () -- C:\Users\Landie\Desktop\cbr8bk3o.exe
    [2012/07/31 13:03:12 | 000,001,148 | ---- | C] () -- C:\Windows\SysWow64\game.ini
    [2012/07/31 12:54:34 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
    [2012/05/26 07:16:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012/03/29 21:08:40 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2012/03/29 21:06:23 | 000,000,476 | ---- | C] () -- C:\Windows\eReg.dat
    [2012/03/26 17:52:47 | 000,212,988 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/03/04 20:10:42 | 000,000,297 | ---- | C] () -- C:\Windows\EReg072.dat
    [2011/11/07 18:42:45 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
    [2011/11/07 18:42:20 | 000,000,016 | ---- | C] () -- C:\Windows\encore_launcher.ini
    [2011/10/07 15:37:12 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
    [2011/10/07 15:37:12 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
    [2011/10/07 15:37:11 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
    [2011/10/07 15:37:11 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
    [2011/10/07 15:37:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
    [2011/10/07 15:37:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
    [2011/10/07 15:37:10 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
    [2011/10/07 15:37:10 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
    [2011/10/07 15:37:10 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
    [2011/10/07 15:37:10 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
    [2011/10/07 15:37:10 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
    [2011/10/07 15:37:10 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
    [2011/10/07 15:37:09 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
    [2011/10/07 15:37:09 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
    [2011/10/07 15:37:08 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
    [2011/10/07 15:37:08 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
    [2011/10/07 15:37:08 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
    [2011/10/07 15:37:07 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
    [2011/10/07 15:37:07 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
    [2011/10/07 15:37:07 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
    [2011/10/07 15:37:06 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
    [2011/10/07 15:35:53 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
    [2011/10/07 15:35:53 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/10 14:58:00 | 000,000,120 | ---- | C] () -- C:\Users\Landie\AppData\Local\Ewaqi.dat
    [2011/09/10 14:58:00 | 000,000,000 | ---- | C] () -- C:\Users\Landie\AppData\Local\Fxeyaponadu.bin
    [2011/07/26 13:12:13 | 000,005,632 | ---- | C] () -- C:\Users\Landie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/18 12:33:44 | 000,000,244 | ---- | C] () -- C:\Users\Landie\appMobiToolkit.props
    [2011/07/03 20:29:40 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/05/30 23:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2011/05/30 23:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
    [2011/04/19 17:29:31 | 000,001,159 | ---- | C] () -- C:\Windows\hpomdl42.dat.temp
    [2011/04/09 10:45:30 | 000,175,831 | ---- | C] () -- C:\Windows\hpoins42.dat
    [2011/04/09 10:45:30 | 000,001,159 | ---- | C] () -- C:\Windows\hpomdl42.dat
    [2011/03/20 20:30:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
    [2011/03/07 16:46:37 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
    [2011/02/07 20:32:40 | 000,804,910 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/28 16:22:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/01/28 16:05:53 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/01/28 14:32:21 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2011/01/28 14:32:21 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2011/01/28 14:32:21 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2011/01/28 14:32:19 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011/01/28 14:32:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/06/02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Users\Landie\AppData\Local\OCT2006_d3dx9_31_x64.cab
    [2010/06/02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Users\Landie\AppData\Local\OCT2006_d3dx9_31_x86.cab
    [2010/06/02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_XAudio_x64.cab
    [2010/06/02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_XAudio_x86.cab
    [2010/06/02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Users\Landie\AppData\Local\OCT2006_XACT_x64.cab
    [2010/06/02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Users\Landie\AppData\Local\OCT2006_XACT_x86.cab
    [2010/06/02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Users\Landie\AppData\Local\Oct2005_xinput_x64.cab
    [2010/06/02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Users\Landie\AppData\Local\Oct2005_xinput_x86.cab
    [2010/06/02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_d3dx9_40_x64.cab
    [2010/06/02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_d3dx9_40_x86.cab
    [2010/06/02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_d3dx10_40_x86.cab
    [2010/06/02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_XACT_x64.cab
    [2010/06/02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_XACT_x86.cab
    [2010/06/02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_X3DAudio_x64.cab
    [2010/06/02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_X3DAudio_x86.cab
    [2010/06/02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2008_d3dx10_40_x64.cab
    [2010/06/02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Users\Landie\AppData\Local\NOV2007_XACT_x64.cab
    [2010/06/02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Users\Landie\AppData\Local\NOV2007_XACT_x86.cab
    [2010/06/02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Users\Landie\AppData\Local\NOV2007_X3DAudio_x64.cab
    [2010/06/02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Users\Landie\AppData\Local\NOV2007_X3DAudio_x86.cab
    [2010/06/02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2007_d3dx9_36_x64.cab
    [2010/06/02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2007_d3dx9_36_x86.cab
    [2010/06/02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2007_d3dx10_36_x64.cab
    [2010/06/02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Users\Landie\AppData\Local\Nov2007_d3dx10_36_x86.cab
    [2010/06/02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_XAudio_x86.cab
    [2010/06/02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_XAudio_x64.cab
    [2010/06/02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_XACT_x64.cab
    [2010/06/02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_XACT_x86.cab
    [2010/06/02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_X3DAudio_x64.cab
    [2010/06/02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_X3DAudio_x86.cab
    [2010/06/02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_d3dx9_41_x64.cab
    [2010/06/02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_d3dx9_41_x86.cab
    [2010/06/02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_d3dx10_41_x64.cab
    [2010/06/02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2009_d3dx10_41_x86.cab
    [2010/06/02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_XAudio_x64.cab
    [2010/06/02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_XAudio_x86.cab
    [2010/06/02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_XACT_x64.cab
    [2010/06/02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_XACT_x86.cab
    [2010/06/02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_d3dx9_37_x64.cab
    [2010/06/02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_d3dx9_37_x86.cab
    [2010/06/02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_d3dx10_37_x86.cab
    [2010/06/02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_X3DAudio_x64.cab
    [2010/06/02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_X3DAudio_x86.cab
    [2010/06/02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx9_43_x64.cab
    [2010/06/02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Users\Landie\AppData\Local\Mar2008_d3dx10_37_x64.cab
    [2010/06/02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx9_43_x86.cab
    [2010/06/02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_XAudio_x86.cab
    [2010/06/02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_XAudio_x64.cab
    [2010/06/02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_XACT_x64.cab
    [2010/06/02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_XACT_x86.cab
    [2010/06/02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dcsx_43_x86.cab
    [2010/06/02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx10_43_x64.cab
    [2010/06/02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx10_43_x86.cab
    [2010/06/02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx11_43_x64.cab
    [2010/06/02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dx11_43_x86.cab
    [2010/06/02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_D3DCompiler_43_x64.cab
    [2010/06/02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_D3DCompiler_43_x86.cab
    [2010/06/02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2010_d3dcsx_43_x64.cab
    [2010/06/02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_XAudio_x86.cab
    [2010/06/02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_d3dx9_38_x64.cab
    [2010/06/02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_d3dx9_38_x86.cab
    [2010/06/02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_d3dx10_38_x64.cab
    [2010/06/02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_d3dx10_38_x86.cab
    [2010/06/02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_XAudio_x64.cab
    [2010/06/02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_XACT_x86.cab
    [2010/06/02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_XACT_x64.cab
    [2010/06/02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_XACT_x86.cab
    [2010/06/02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_X3DAudio_x64.cab
    [2010/06/02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2008_X3DAudio_x86.cab
    [2010/06/02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_d3dx9_34_x64.cab
    [2010/06/02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_d3dx9_34_x86.cab
    [2010/06/02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2005_d3dx9_26_x86.cab
    [2010/06/02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_d3dx10_34_x64.cab
    [2010/06/02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_d3dx10_34_x86.cab
    [2010/06/02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2007_XACT_x64.cab
    [2010/06/02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2006_XACT_x64.cab
    [2010/06/02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Users\Landie\AppData\Local\JUN2006_XACT_x86.cab
    [2010/06/02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Users\Landie\AppData\Local\Jun2005_d3dx9_26_x64.cab
    [2010/06/02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_XAudio_x86.cab
    [2010/06/02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_XAudio_x64.cab
    [2010/06/02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_XACT_x64.cab
    [2010/06/02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_XACT_x86.cab
    [2010/06/02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Users\Landie\AppData\Local\FEB2007_XACT_x64.cab
    [2010/06/02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Users\Landie\AppData\Local\FEB2007_XACT_x86.cab
    [2010/06/02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_X3DAudio_x64.cab
    [2010/06/02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2010_X3DAudio_x86.cab
    [2010/06/02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2006_XACT_x64.cab
    [2010/06/02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2006_XACT_x86.cab
    [2010/06/02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2006_d3dx9_29_x86.cab
    [2010/06/02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_d3dx9_32_x86.cab
    [2010/06/02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2006_d3dx9_29_x64.cab
    [2010/06/02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2005_d3dx9_24_x64.cab
    [2010/06/02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Users\Landie\AppData\Local\Feb2005_d3dx9_24_x86.cab
    [2010/06/02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_XACT_x64.cab
    [2010/06/02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_XACT_x86.cab
    [2010/06/02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Users\Landie\AppData\Local\dxupdate.cab
    [2010/06/02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Users\Landie\AppData\Local\dxdllreg_x86.cab
    [2010/06/02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_d3dx9_32_x64.cab
    [2010/06/02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Users\Landie\AppData\Local\Dec2005_d3dx9_28_x64.cab
    [2010/06/02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Users\Landie\AppData\Local\Dec2005_d3dx9_28_x86.cab
    [2010/06/02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_XAudio_x64.cab
    [2010/06/02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_XAudio_x86.cab
    [2010/06/02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_d3dx10_00_x64.cab
    [2010/06/02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Users\Landie\AppData\Local\DEC2006_d3dx10_00_x86.cab
    [2010/06/02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_XACT_x64.cab
    [2010/06/02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_XACT_x86.cab
    [2010/06/02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx9_42_x64.cab
    [2010/06/02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx9_42_x86.cab
    [2010/06/02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx10_42_x64.cab
    [2010/06/02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx10_42_x86.cab
    [2010/06/02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx11_42_x64.cab
    [2010/06/02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dx11_42_x86.cab
    [2010/06/02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dcsx_42_x86.cab
    [2010/06/02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_d3dcsx_42_x64.cab
    [2010/06/02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_D3DCompiler_42_x86.cab
    [2010/06/02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2009_D3DCompiler_42_x64.cab
    [2010/06/02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_XAudio_x64.cab
    [2010/06/02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_XAudio_x86.cab
    [2010/06/02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_d3dx9_39_x64.cab
    [2010/06/02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_d3dx9_39_x86.cab
    [2010/06/02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_d3dx10_39_x86.cab
    [2010/06/02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_XACT_x64.cab
    [2010/06/02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_XACT_x86.cab
    [2010/06/02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_XACT_x64.cab
    [2010/06/02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_XACT_x86.cab
    [2010/06/02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_d3dx9_35_x64.cab
    [2010/06/02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_d3dx9_35_x86.cab
    [2010/06/02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2008_d3dx10_39_x64.cab
    [2010/06/02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_d3dx10_35_x64.cab
    [2010/06/02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2007_d3dx10_35_x86.cab
    [2010/06/02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2005_d3dx9_27_x64.cab
    [2010/06/02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Users\Landie\AppData\Local\Aug2005_d3dx9_27_x86.cab
    [2010/06/02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2006_XACT_x64.cab
    [2010/06/02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2006_XACT_x86.cab
    [2010/06/02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2006_xinput_x64.cab
    [2010/06/02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_xinput_x86.cab
    [2010/06/02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Users\Landie\AppData\Local\AUG2006_xinput_x86.cab
    [2010/06/02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_d3dx9_33_x86.cab
    [2010/06/02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_XACT_x64.cab
    [2010/06/02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_XACT_x86.cab
    [2010/06/02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_xinput_x64.cab
    [2010/06/02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_d3dx9_33_x64.cab
    [2010/06/02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_d3dx10_33_x64.cab
    [2010/06/02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Users\Landie\AppData\Local\APR2007_d3dx10_33_x86.cab
    [2010/06/02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_xinput_x86.cab
    [2010/06/02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_xinput_x64.cab
    [2010/06/02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_MDX1_x86_Archive.cab
    [2010/06/02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_MDX1_x86.cab
    [2010/06/02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_XACT_x64.cab
    [2010/06/02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_XACT_x86.cab
    [2010/06/02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_d3dx9_30_x64.cab
    [2010/06/02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2005_d3dx9_25_x64.cab
    [2010/06/02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2006_d3dx9_30_x86.cab
    [2010/06/02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Users\Landie\AppData\Local\Apr2005_d3dx9_25_x86.cab

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== LOP Check ==========

    [2012/06/21 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\.minecraft
    [2012/06/21 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\2K Sports
    [2012/06/01 06:53:24 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\capy
    [2012/06/21 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Coby
    [2011/07/18 12:06:57 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Coby Media Manager
    [2011/07/09 12:44:11 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/02/10 21:10:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\digipen
    [2011/10/11 07:07:40 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Fingertapps
    [2012/06/21 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\FirstClass
    [2011/11/21 21:29:25 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\fretsonfire
    [2011/07/30 18:55:03 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Hi-Rez Studios
    [2012/06/21 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\MotioninJoy
    [2012/06/09 16:48:36 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Mount&Blade
    [2012/06/11 20:49:17 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Mount&Blade Warband
    [2012/07/30 07:45:35 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Mount&Blade With Fire and Sword
    [2012/06/21 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\PCDr
    [2011/04/11 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Petroglyph
    [2011/12/07 09:56:48 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Pro800-Pro900 Series
    [2012/03/22 16:35:51 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\pymclevel
    [2011/05/21 11:01:49 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\ScanSoft
    [2011/07/08 15:16:33 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Scirra
    [2012/06/21 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\SoftGrid Client
    [2011/09/11 14:28:32 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\supertuxkart
    [2011/02/07 20:33:04 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\TP
    [2011/12/19 17:41:02 | 000,000,000 | ---D | M] -- C:\Users\Landie\AppData\Roaming\Trine2

    ========== Purity Check ==========


    < End of report >
  3. JuiceBox

    JuiceBox TS Rookie Topic Starter Posts: 92

    And here's the Extras.txt:
    OTL Extras logfile created on: 9/25/2012 3:59:08 PM - Run 1
    OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Landie\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    7.98 Gb Total Physical Memory | 6.81 Gb Available Physical Memory | 85.35% Memory free
    15.96 Gb Paging File | 13.99 Gb Available in Paging File | 87.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 919.21 Gb Total Space | 674.56 Gb Free Space | 73.38% Space Free | Partition Type: NTFS
    Drive J: | 3.60 Gb Total Space | 2.22 Gb Free Space | 61.70% Space Free | Partition Type: FAT32

    Computer Name: NEWDELL | User Name: Landie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{12841CA1-052D-4789-9326-C1F71BDF2162}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{26DB245D-18EF-487A-9815-9D7D628BD1AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0C09E7CD-A4D3-4132-9920-74424A70AB48}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{0C7ABFC2-EB77-4512-8EE2-45B61E5378DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beyond good and evil\checkapplication.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{16A72FED-ECB7-42E4-9033-ECD7E9A7C3A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beyond good and evil\checkapplication.exe |
    "{2031304A-CF92-43E4-953F-0A02045E8F35}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{2CD91834-AE6F-4748-98F9-6B61FE3090CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
    "{316C83C9-656F-493F-A4CC-9EC5E873DEF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\drakensang\drakensang.exe |
    "{3A4FAAEE-C951-4BE6-92F2-16D62443CA1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
    "{47ECBDF2-1E98-4EDF-A94A-67780159879A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\drakensang\drakensang.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{55CC1252-76B5-4A6C-BEAC-AFE19081BF1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{64BB16F9-8607-41DB-B50E-153AD218BD3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{65C6BCD4-F68A-42FB-AF2D-CAAB158F34AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
    "{68C58E7B-6D6D-471E-BAC7-02D60B11FD14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7E6A75F9-4623-4600-8AFA-A7881AB61721}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
    "{83FDA624-73A5-4022-B2D9-B89C9565DDEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8D9EEC6B-6CC9-46D3-BAED-3C1567A725F3}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{9921542B-D025-4A6F-8ED4-7C0CD2DB0DD0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{A1A4F675-DB13-4532-BC1B-D77C8173F7FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monster trucks nitro\monstertrucksnitro.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5925FB4-26E8-406B-8A0A-34140C742215}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
    "{A91AECBB-6156-4776-9AA6-FB29C03B5397}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AEBB7ABB-16DB-43AA-809E-28534065624C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe |
    "{B42FE8C3-AB65-4C59-8ADA-3F7FBF5CB5B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
    "{B837E56B-D375-4A32-A861-CB13AEE48FF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{C5CFD5A6-D2BB-48D2-8A78-A7CB44CFF202}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monster trucks nitro\monstertrucksnitro.exe |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D0D85E16-12F2-4462-B860-96312F80BEE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D83F96B1-5AF6-4D6C-A479-E7025AE564D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
    "{E526A696-90CC-4E5D-9B56-0B4FE0B1172A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F29216D6-1250-4842-AD7A-873EFCC0FFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
    "{F3AEF775-E379-4095-8A6A-7F425CE76038}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{2803002B-8021-490A-ABB5-9B5854B917A8}C:\program files (x86)\steam\steamapps\common\nba 2k12\nba2k12.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nba 2k12\nba2k12.exe |
    "TCP Query User{5AB4A5DB-7E2D-4396-93DA-B1AE07594BFA}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
    "TCP Query User{5E4405E5-3B2C-49F6-AEC2-7E86EF91F8B5}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
    "TCP Query User{964ED3E2-93B1-4700-9C58-852736EF8403}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
    "TCP Query User{C79BFDEB-9F4D-4FB8-96DD-CBC47EA7CBB8}C:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
    "UDP Query User{660E3EA2-714C-4A6C-AEFA-461BFA9B6063}C:\program files (x86)\steam\steamapps\common\nba 2k12\nba2k12.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nba 2k12\nba2k12.exe |
    "UDP Query User{A37F6322-213D-4850-942D-AA58C0CAF246}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
    "UDP Query User{C70C47B0-E8D8-47AC-BA3F-64D9A6E48C14}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
    "UDP Query User{D18E29B8-408F-4519-80D4-D53B76E0FEE2}C:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
    "UDP Query User{D7F8D793-A895-4D58-AECF-34F54BBFBF43}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
    "{3EA71966-4551-1758-775B-91769B69720A}" = ccc-utility64
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{4D12EB25-2908-4204-BB98-06BD9C588E28}" = HP Photosmart Prem-Web C309n-s All-in-One Driver 14.0 Rel. 6
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}" = Neat ADF Scanner Driver
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
    "{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}" = Neat Mobile Scanner (Silver) Driver
    "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}" = Neat Mobile Scanner 2008 Driver
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Construct 2_is1" = Construct 2 r46
    "Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E428946-8332-B93E-9C26-8ADFCEB8DDD8}" = CCC Help Spanish
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{114EA307-D8C8-C17C-4908-4A6F01EFFE1A}" = CCC Help Thai
    "{15E289CE-7F02-4841-85A5-B3C6254636FC}" = PS_AIO_06_C309n-s_SW_Min
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B37E535-AEFD-A318-5424-BDCD373D7F1C}" = Catalyst Control Center Localization All
    "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20AE5481-1D87-5BAA-A18E-176953166A1D}" = Skins
    "{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars Knights of the Old Republic
    "{2AD129C1-F00C-4F99-74DC-864008611F81}" = Catalyst Control Center InstallProxy
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (NR2007)
    "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3643EF5F-D28D-4B25-9FA1-8859FC303710}" = Coby Media Manager
    "{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
    "{3AEB8580-42C8-E795-F770-5149255C4632}" = CCC Help Greek
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3E89148E-8827-DB7C-57E7-7C3555DDB752}" = CCC Help Dutch
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "{4A8F48C5-6FAC-9744-55C9-38BF1F0C9425}" = CCC Help Russian
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4F77DCBA-7370-CBAF-EF25-6FEB29541C84}" = CCC Help Czech
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{514D3391-F031-78C7-8939-94023AC8AB74}" = CCC Help French
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{56EBA9AE-2850-425E-BD83-595FAD8B76F4}" = BIONICLE Heroes Demo
    "{5A05DF12-909D-03A6-5983-C111BE26F2BF}" = CCC Help Portuguese
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
    "{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{695D218A-DEF0-503B-3183-EB992A395159}" = CCC Help Norwegian
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78D56726-B120-D93F-A426-279C95001F08}" = CCC Help Finnish
    "{7BD1EAE4-2E08-4087-8600-44B0ACB0C887}" = NeatWorks Core Files
    "{7C0759C8-4C6C-4AD7-89B8-0842C4C44F23}" = Jeopardy! 2003
    "{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{818FA1BB-A0A9-F553-D9C7-125C541F3A3A}" = CCC Help Italian
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
    "{888C03E4-58E6-046B-E380-F6CB1972C398}" = CCC Help Japanese
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9060F116-D570-7033-4B42-DB0E5119DDA0}" = CCC Help Swedish
    "{924AED21-D45C-3486-FE09-7DD182B35AA0}" = Catalyst Control Center Graphics Previews Common
    "{929B1DC7-1201-2305-0182-6CC7655AF596}" = CCC Help English
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
    "{99F8C520-B782-6C15-DBB7-91061BA752C5}" = CCC Help Polish
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1" = Nitronic Rush (2011-12-25) version 20111225.0
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7F702F8-B4AD-3EF4-5B4D-C1BB0DF9DBB6}" = CCC Help Hungarian
    "{A8443959-7C6F-3ED4-7BB5-DA0E0F85B9BA}" = ccc-core-static
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AD54E087-C6D2-3439-0993-3061CE6C10F1}" = Catalyst Control Center Graphics Previews Vista
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B196519A-A2AC-443E-84D1-F336B4E8F304}" = BIONICLE
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B3C9A765-F917-6C92-A32B-607751AF4C2B}" = CCC Help Turkish
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D616F4D0-6668-5E48-B8DB-5C7382410E75}" = CCC Help German
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{E747B6FB-0EED-4D06-26B0-E9D44678DFC2}" = CCC Help Chinese Standard
    "{E8989391-9865-473A-A107-625266D6D4BD}" = The Spirit Engine 2
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FB6467CC-73B3-9ABE-7D9D-EA41EC4AEB92}" = CCC Help Danish
    "{FC4464DB-66BB-44A7-6AF4-39857EBC393B}" = CCC Help Korean
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE951E3B-2001-C965-4D43-42CBBF914515}" = CCC Help Chinese Traditional
    "{FF1999B5-40C5-45B3-B001-46EA2B59B484}" = Dell MusicStage
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.57
    "Activision_SpaceInvadersUninstallKey" = Space Invaders
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "Construct Classic_is1" = Construct Classic r1.2
    "DebugMode Wax 2.0" = DebugMode Wax 2.0
    "DH Lore Invasion" = DH Lore Invasion
    "Episode 104 - Abe Lincoln Must Die!" = Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die!
    "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "InstallShield_{56EBA9AE-2850-425E-BD83-595FAD8B76F4}" = BIONICLE Heroes Demo
    "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
    "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "MechWarrior Mercenaries Downloadable Demo" = MechWarrior 4 Mercenaries Downloadable Trial
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mind Power(TM) Math - Trigonometry" = Mind Power(TM) Math - Trigonometry
    "NeatWorks" = NeatWorks
    "OpenAL" = OpenAL
    "RPG Maker VX RTP_is1" = RPG Maker VX RTP
    "RPG Maker VX_is1" = RPG Maker VX
    "RPGVXAce_E_is1" = RPG MAKER VX Ace
    "RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
    "Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
    "Steam App 11450" = Overlord
    "Steam App 12640" = Drakensang
    "Steam App 12850" = FUEL - Demo
    "Steam App 12900" = Audiosurf
    "Steam App 15130" = Beyond Good & Evil
    "Steam App 16620" = Monster Trucks Nitro
    "Steam App 17020" = Global Agenda
    "Steam App 218" = Source SDK Base 2007
    "Steam App 22100" = Mount & Blade
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 38220" = Section 8
    "Steam App 47890" = The Sims(TM) 3
    "Steam App 48700" = Mount & Blade: Warband
    "Steam App 48720" = Mount & Blade: With Fire and Sword
    "Steam App 57400" = Batman: Arkham City™
    "Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
    "Steam App 6060" = Star Wars - Battlefront II
    "Steam App 620" = Portal 2
    "Steam App 629" = Portal 2 Authoring Tools - Beta
    "Steam App 630" = Alien Swarm
    "Steam App 63200" = Monday Night Combat
    "Steam App 8720" = GTR Evolution Demo
    "Tribes 2" = Tribes 2
    "Vindictus" = Vindictus
    "VirtuallTek Fighter Factory Ultimate_is1" = Fighter Factory Ultimate
    "Warmonger" = Warmonger
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2344966874-3736381344-1801091321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "appMobi XDK" = appMobi XDK
    "Google Chrome" = Google Chrome
    "Limbo" = LIMBO
    "Star Wars Movie Duels 2" = Star Wars Movie Duels 2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/13/2012 12:52:06 AM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4006433

    Error - 9/13/2012 12:52:21 AM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/13/2012 12:52:21 AM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4022033

    Error - 9/13/2012 12:52:21 AM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4022033

    Error - 9/22/2012 4:20:22 PM | Computer Name = NewDell | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 9/23/2012 5:16:53 PM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/23/2012 5:16:53 PM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 74940166

    Error - 9/23/2012 5:16:53 PM | Computer Name = NewDell | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 74940166

    Error - 9/23/2012 6:07:54 PM | Computer Name = NewDell | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 9/24/2012 8:17:12 PM | Computer Name = NewDell | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    [ System Events ]
    Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.793.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 9/24/2012 8:07:09 PM | Computer Name = NewDell | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.793.0 Update Source: %%851 Update Stage:
    %%852 Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee7 Error description: The
    server name or address could not be resolved

    Error - 9/24/2012 8:25:53 PM | Computer Name = NewDell | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.


    < End of report >
  4. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "ThreadingModel" = Both
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\SysWow64\wbem\wbemess.dll
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  5. JuiceBox

    JuiceBox TS Rookie Topic Starter Posts: 92

    Okay, here's the OTLfix log:
    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Landie
    ->Temp folder emptied: 3968 bytes
    ->Temporary Internet Files folder emptied: 328596 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 2073 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10189 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 1678240 bytes

    Total Files Cleaned = 2.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Landie
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Landie
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.68.0 log created on 09262012_155635
    Files\Folders moved on Reboot...
    C:\Users\Landie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  6. JuiceBox

    JuiceBox TS Rookie Topic Starter Posts: 92

    And here's the Checkup.txt:
    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    JavaFX 2.1.1
    Java(TM) 6 Update 29
    Java(TM) 7 Update 5
    Java version out of Date!
    Adobe Flash Player 11.2.202.235 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  7. JuiceBox

    JuiceBox TS Rookie Topic Starter Posts: 92

    And here's the FSS log:
    Farbar Service Scanner Version: 19-09-2012
    Ran by Landie (administrator) on 26-09-2012 at 16:04:14
    Running from "C:\Users\Landie\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Attempt to access Google.com returned error: Other errors
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  8. JuiceBox

    JuiceBox TS Rookie Topic Starter Posts: 92

    And here's the adwcleaner log:
    # AdwCleaner v2.003 - Logfile created 09/26/2012 at 16:10:11
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Landie - NEWDELL
    # Boot Mode : Normal
    # Running from : C:\Users\Landie\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    -\\ Google Chrome v21.0.1180.89
    File : C:\Users\Landie\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [1399 octets] - [26/09/2012 16:10:11]
    ########## EOF - C:\AdwCleaner[S1].txt - [1459 octets] ##########
  9. JuiceBox

    JuiceBox TS Rookie Topic Starter Posts: 92

    After all this, I ran TFC succesfully, and then I ran ESET, and that went cleanly, producing no logs.
  10. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===============================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =============================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
  11. JuiceBox

    JuiceBox TS Rookie Topic Starter Posts: 92

    Wow, I thought we would never see the light at the end of the tunnel for a bit there. The computer's doing fine right now I guess. I ran some more virus scans, and those didn't come up with anything. So aside from any paranoia I have in the back of my head, all things can be considered good. Thanks for the help again. And I'll be sure to holler in case there might be a little straggler left behind. But thanks for everything though. I'm not sure what I would've done without you.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.