Solved Win7 64bit/Trojan.Generic,Trojan.Sirefef

cloudsora

cloudsora

Posts: 17   +0
So I have ^ its been incredibly annoying and Bitdefender won't get rid of it and I even got malwarebytes to try to help but it didn't get rid of it either.
(although I see this is a very common problem atm)

Please help me.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
I grabbed all these when except DDS before I came here now I have them all.
Also sry I had to go to work thought I'd post the topic and wait for a reply till I came home but I was too tired.
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
cloudsora :: MALUS [administrator]

Protection: Enabled

6/14/2012 11:59:40 PM
mbam-log-2012-06-14 (23-59-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228783
Time elapsed: 13 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-15 01:54:26
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\RTP\xff7e\xff6f\xff84\xff71\xff6f\xff8c\xff9f\RPG2000RTP.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\[Games]\ 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\[Games]\ 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\[Games]\ 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\screenies\Parthenon\\x25cb\x308a\x306e 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\Downloads\0--120430-1A-RJ093336\120430-1A-RJ093336\( 1

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by cloudsora at 0:16:45 on 2012-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.4559 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskeng.exe
C:\Users\cloudsora\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Zune\Zune.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Google Update] "C:\Users\cloudsora\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{79217D06-4968-4728-BCB9-3703D5F457FB} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
TB-X64: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cloudsora\AppData\Roaming\Mozilla\Firefox\Profiles\l2wpy810.default\
FF - prefs.js: browser.startup.homepage - gamefaqs.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMXENG.DLL
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2012-3-4 90192]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-3-4 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-5 654408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-18 2320920]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-4 66096]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-4-27 75384]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2012-3-4 466736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-06-14 18:06:3327136----a-w-C:\Windows\System32\bddel.exe
2012-06-13 17:17:21--------d-----w-C:\Users\cloudsora\bootkit_remover
2012-06-13 17:04:14--------d-----w-C:\Program Files\Alex Feinman
2012-06-13 15:59:35514560----a-w-C:\Windows\SysWow64\qdvd.dll
2012-06-13 15:59:35366592----a-w-C:\Windows\System32\qdvd.dll
2012-06-06 22:45:15--------d-----w-C:\TDSSKiller_Quarantine
2012-06-06 19:03:14--------d-----w-C:\Users\cloudsora\gmer
2012-06-05 21:56:33--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-06-05 18:28:58--------d-----w-C:\Users\cloudsora\AppData\Roaming\Malwarebytes
2012-06-05 18:28:5424904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-06-05 18:28:54--------d-----w-C:\ProgramData\Malwarebytes
2012-06-05 18:28:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-02 01:26:23--------d-----w-C:\Users\cloudsora\AppData\Local\CRE
2012-06-02 01:26:21--------d-----w-C:\Program Files (x86)\Conduit
2012-06-02 01:26:20--------d-----w-C:\Users\cloudsora\AppData\Local\Conduit
2012-06-02 01:26:19--------d-----w-C:\Program Files (x86)\uTorrentControl2
2012-05-31 05:43:532528832----a-w-C:\Windows\System32\FMAPO64.dll
2012-05-31 05:43:45202336----a-w-C:\Windows\System32\AERTAC64.dll
2012-05-31 05:43:45108640----a-w-C:\Windows\System32\AERTAR64.dll
2012-05-31 05:43:33757760----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-05-31 05:43:3369715------w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-05-31 05:43:3365024----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-05-31 05:43:335632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-05-31 05:43:3332768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-05-31 05:43:33274432----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-05-31 05:43:33204800----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-05-31 05:43:31331908----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-05-31 05:43:31200836----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-05-31 00:53:41--------d-----w-C:\Program Files (x86)\Realtek
2012-05-28 09:20:22--------d-----w-C:\Users\cloudsora\AppData\Roaming\FatalFightPC
2012-05-26 19:11:55--------d-----w-C:\Program Files (x86)\Oracle
2012-05-26 19:09:20772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-05-24 02:35:26--------d-----w-C:\Users\cloudsora\AppData\Roaming\LolClient2
2012-05-22 17:31:46--------d-----w-C:\Users\cloudsora\AppData\Roaming\Razer
2012-05-22 17:27:4285504----a-w-C:\Windows\SysWow64\DeathAdder64.cpl
2012-05-22 17:27:336656----a-w-C:\Windows\System32\drivers\hidkmdf.sys
2012-05-22 17:27:3213312----a-w-C:\Windows\System32\drivers\VKbms.sys
2012-05-22 17:27:3212032----a-w-C:\Windows\System32\drivers\danew.sys
2012-05-22 00:53:26--------d-----w-C:\Users\cloudsora\Tekkit_Server_2.1.1(1)
2012-05-21 17:54:13--------d-----w-C:\Users\cloudsora\Game.of.Thrones.S02E08.720p.HDTV.x264-IMMERSE [PublicHD]
2012-05-18 22:28:04--------d-----w-C:\Users\cloudsora\AppData\Roaming\com.apexvj.com
2012-05-18 22:28:03--------d-----w-C:\Program Files (x86)\apexvjdesktop
.
==================== Find3M ====================
.
2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:333146752----a-w-C:\Windows\System32\win32k.sys
2012-05-05 05:16:0870304----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 05:16:08419488----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 05:16:038744608----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:5677312----a-w-C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:279216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37140288----a-w-C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:361462272----a-w-C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:421158656----a-w-C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:403216384----a-w-C:\Windows\System32\msi.dll
2012-04-07 11:26:292342400----a-w-C:\Windows\SysWow64\msi.dll
2012-04-04 22:47:02687504----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-03-30 20:45:44691896----a-w-C:\Windows\System32\drivers\avc3.sys
2012-03-30 11:35:471918320----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-03-27 21:03:364015592------w-C:\Windows\System32\drivers\RTKVHD64.sys
2012-03-24 17:22:1795248----a-w-C:\Windows\System32\drivers\AtihdW76.sys
2012-03-24 16:53:362700288----a-w-C:\Windows\System32\drivers\athrx.sys
2012-03-20 14:47:203608680----a-w-C:\Windows\System32\RtkAPO64.dll
2012-03-19 23:01:20102504----a-w-C:\Windows\System32\RCoInstII64.dll
2012-03-17 07:58:5775120----a-w-C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 0:19:13.25 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/18/2011 6:28:01 AM
System Uptime: 6/14/2012 2:03:24 PM (10 hours ago)
.
Motherboard: Dell Inc. | | 0G3HR7
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | CPU 1 | 2934/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 923 GiB total, 399.809 GiB free.
D: is FIXED (NTFS) - 2795 GiB total, 2065.742 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: BitDefender AVC HV
Device ID: ROOT\SYSTEM\0002
Manufacturer: (Standard system devices)
Name: BitDefender AVC HV
PNP Device ID: ROOT\SYSTEM\0002
Service: avchv
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
?????????????
????????????? Append01
????????????? Append02
????????????? Ver2.00 Update
µTorrent
Adobe AIR
Adobe Reader X (10.1.3)
AIM 7
Amnesia: The Dark Descent
APEXvjDesktop
Application Profiles
Assassin's Creed Revelations
AviSynth 2.5
Bastion
Battlelog Web Plugins
Build Your Own Net Dream (remove only)
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Champions Online: Free For All
Chantelise
Combined Community Codec Pack 2011-11-11
ConvertXtoDVD 3.3.4.106e
Creation Kit
Diablo III
Dota 2
Dota 2 Test
Download Updater (AOL LLC)
Far Cry 2
Flash Renamer 6.58
Fraps (remove only)
Free Mouse Auto Clicker 2.8.2
GIMP 2.6.11
Google Chrome
Intel(R) Management Engine Components
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 17
Java(TM) 6 Update 22
Java(TM) 6 Update 29
Java(TM) 7 Update 4
JavaFX 2.1.0
JDownloader 0.9
Just Cause 2
Katawa Shoujo
Kingdoms of Amalur Reckoning
League of Legends
LG United Mobile Drivers
LogMeIn Hamachi
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
MatrixEngine
Microsoft AppLocale
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
mIRC
Mozilla Firefox 6.0.2 (x86 en-US)
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NVIDIA PhysX
OpenAL
OpenOffice.org 3.3
Origin
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PFPortChecker 1.0.39
PS3 Video 9 6
Rage
Razer DeathAdder(TM) Mouse
Realtek High Definition Audio Driver
Recettear: An Item Shop's Tale
RGSS-RTP Standard
RPG Maker 2003 v1.08
RPG Maker VX RTP
RPG????2000 ??????????
Rusty Hearts
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.8
Sothink SWF Decompiler
Space Pirates and Zombies
SpeedFan (remove only)
Star Wars: The Old Republic
Steam
swMSM
Terrafirma
Terraria
The Elder Scrolls III: Morrowind
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The Longest Journey
The Witcher: Enhanced Edition
Total War: SHOGUN 2
Ubisoft Game Launcher
Ubuntu One
Uniblue DriverScanner
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 10.0
VLC
VLC media player 1.1.11
Winter Voices
WinZip 15.0
Xfire (remove only)
XSplit
Yume Nikki 0.10 English
.
==== Event Viewer Messages From Past Week ========
.
6/8/2012 2:30:03 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume META.
6/8/2012 2:26:44 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
6/15/2012 12:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 11 time(s).
6/14/2012 9:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 8 time(s).
6/14/2012 8:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 7 time(s).
6/14/2012 7:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 6 time(s).
6/14/2012 6:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 5 time(s).
6/14/2012 5:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 4 time(s).
6/14/2012 4:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 3 time(s).
6/14/2012 3:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 2 time(s).
6/14/2012 3:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 15 time(s).
6/14/2012 2:16:01 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 1 time(s).
6/14/2012 2:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 14 time(s).
6/14/2012 2:04:31 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/14/2012 2:04:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/14/2012 2:04:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: trufos
6/14/2012 2:04:08 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
6/14/2012 12:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 12 time(s).
6/14/2012 11:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 10 time(s).
6/14/2012 10:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 9 time(s).
6/14/2012 1:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 13 time(s).
6/12/2012 10:11:48 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/11/2012 5:48:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
.
==== End Of File ===========================
 
Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

===================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-15 14:49:30
-----------------------------
14:49:30.516 OS Version: Windows x64 6.1.7601 Service Pack 1
14:49:30.516 Number of processors: 8 586 0x1E05
14:49:30.517 ComputerName: MALUS UserName:
14:49:32.260 Initialize success
14:50:07.180 AVAST engine defs: 12061500
14:50:12.566 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:50:12.570 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 8
14:50:12.575 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:50:12.579 Disk 1 Vendor: Hitachi_ MEAO Size: 764436MB BusType: 8
14:50:12.596 Disk 0 MBR read successfully
14:50:12.602 Disk 0 MBR scan
14:50:12.685 Disk 0 Windows 7 default MBR code
14:50:12.719 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:50:12.748 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 945617 MB offset 206848
14:50:12.760 Disk 0 Partition - 00 05 Extended 8150 MB offset 1936832510
14:50:12.831 Disk 0 scanning C:\Windows\system32\drivers
14:50:27.577 Service scanning
14:50:49.410 Modules scanning
14:50:49.423 Disk 0 trace - called modules:
14:50:49.441 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
14:50:49.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e04790]
14:50:49.453 3 CLASSPNP.SYS[fffff88001bac43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b53050]
14:50:51.487 AVAST engine scan C:\Windows
14:50:56.640 AVAST engine scan C:\Windows\system32
14:54:45.618 AVAST engine scan C:\Windows\system32\drivers
14:54:58.672 AVAST engine scan C:\Users\cloudsora
15:00:08.334 Disk 0 MBR has been saved successfully to "C:\Users\cloudsora\Desktop\MBR.dat"
15:00:08.343 The log file has been saved successfully to "C:\Users\cloudsora\Desktop\aswMBR.txt"
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-06-15.06 - cloudsora 06/15/2012 15:43:32.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6820 [GMT -4:00]
Running from: c:\users\cloudsora\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\1327681734.bdinstall.bin
c:\programdata\1330883007.bdinstall.bin
c:\users\cloudsora\[4ls]_katawa_shoujo_[windows][C3798628].exe
c:\users\cloudsora\AppData\Roaming\inst.exe
c:\users\cloudsora\AppData\Roaming\vso_ts_preview.xml
c:\users\cloudsora\Minecraft.exe
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\@
c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\L\00000004.@
c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\L\1afb2d56
c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\L\201d3dde
c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\00000004.@
c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\00000008.@
c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\000000cb.@
c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\80000000.@
c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\80000032.@
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
D:\install.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 19:52 . 2012-06-15 19:52--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-15 06:15 . 2012-06-15 06:59--------d-----w-c:\users\cloudsora\21.Jump.Street.2012.720p.BluRay.x264-Felony [PublicHD]
2012-06-13 17:17 . 2012-06-13 17:17--------d-----w-c:\users\cloudsora\bootkit_remover
2012-06-13 17:04 . 2012-06-13 17:04--------d-----w-c:\program files\Alex Feinman
2012-06-13 15:59 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
2012-06-13 15:59 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
2012-06-06 22:45 . 2012-06-06 22:45--------d-----w-C:\TDSSKiller_Quarantine
2012-06-06 19:03 . 2012-06-06 19:03--------d-----w-c:\users\cloudsora\gmer
2012-06-05 21:56 . 2012-06-05 21:56--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-06-05 18:28 . 2012-06-05 18:28--------d-----w-c:\users\cloudsora\AppData\Roaming\Malwarebytes
2012-06-05 18:28 . 2012-06-05 18:28--------d-----w-c:\programdata\Malwarebytes
2012-06-05 18:28 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-05 18:28 . 2012-06-05 18:28--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 01:26 . 2012-06-02 01:26--------d-----w-c:\users\cloudsora\AppData\Local\CRE
2012-06-02 01:26 . 2012-06-02 01:26--------d-----w-c:\program files (x86)\Conduit
2012-06-02 01:26 . 2012-06-02 01:26--------d-----w-c:\users\cloudsora\AppData\Local\Conduit
2012-06-02 01:26 . 2012-06-02 01:26--------d-----w-c:\program files (x86)\uTorrentControl2
2012-05-31 05:43 . 2012-02-21 18:262528832----a-w-c:\windows\system32\FMAPO64.dll
2012-05-31 00:53 . 2012-05-31 00:53--------d-----w-c:\program files (x86)\Realtek
2012-05-28 09:20 . 2012-05-28 09:20--------d-----w-c:\users\cloudsora\AppData\Roaming\FatalFightPC
2012-05-26 19:12 . 2012-05-26 19:12--------d-----w-c:\program files (x86)\Common Files\Java
2012-05-26 19:11 . 2012-05-26 19:11--------d-----w-c:\program files (x86)\Oracle
2012-05-26 19:09 . 2012-04-04 22:47772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-05-24 02:35 . 2012-05-24 02:35--------d-----w-c:\users\cloudsora\AppData\Roaming\LolClient2
2012-05-22 17:31 . 2012-05-22 17:31--------d-----w-c:\users\cloudsora\AppData\Roaming\Razer
2012-05-22 17:27 . 2007-05-07 22:1985504----a-w-c:\windows\SysWow64\DeathAdder64.cpl
2012-05-22 17:27 . 2010-09-30 00:456656----a-w-c:\windows\system32\drivers\hidkmdf.sys
2012-05-22 17:27 . 2010-10-01 04:1613312----a-w-c:\windows\system32\drivers\VKbms.sys
2012-05-22 17:27 . 2010-03-23 20:3712032----a-w-c:\windows\system32\drivers\danew.sys
2012-05-22 17:27 . 2012-05-22 17:27--------d-----w-c:\program files (x86)\Razer
2012-05-22 17:26 . 2012-05-22 17:26--------d-----w-c:\users\cloudsora\AppData\Roaming\InstallShield
2012-05-22 00:53 . 2012-06-12 04:22--------d-----w-c:\users\cloudsora\Tekkit_Server_2.1.1(1)
2012-05-21 17:54 . 2012-05-21 17:54--------d-----w-c:\users\cloudsora\Game.of.Thrones.S02E08.720p.HDTV.x264-IMMERSE [PublicHD]
2012-05-18 22:28 . 2012-05-18 22:28--------d-----w-c:\users\cloudsora\AppData\Roaming\com.apexvj.com
2012-05-18 22:28 . 2012-05-18 22:28--------d-----w-c:\program files (x86)\apexvjdesktop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 05:16 . 2012-03-31 16:32419488----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 05:16 . 2011-09-18 13:1470304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 05:16 . 2012-03-31 17:168744608----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 00:38 . 2012-04-24 00:4552736----a-w-c:\users\cloudsora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
2012-04-04 22:47 . 2011-11-06 01:24687504----a-w-c:\windows\SysWow64\deployJava1.dll
2012-03-30 20:45 . 2012-03-04 18:20691896----a-w-c:\windows\system32\drivers\avc3.sys
2012-03-30 11:35 . 2012-05-10 10:521918320----a-w-c:\windows\system32\drivers\tcpip.sys
2012-03-24 17:22 . 2012-03-24 17:2295248----a-w-c:\windows\system32\drivers\AtihdW76.sys
2012-03-24 16:53 . 2012-03-24 16:532700288----a-w-c:\windows\system32\drivers\athrx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-09-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-09-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-02 880528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-04-27 75384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2012-03-04 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005;c:\users\CLOUDS~1\AppData\Local\Temp\0054CF8.tmp [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-03-04 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-03-04 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-30 66096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 05:16]
.
2012-06-15 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-12-24 19:43]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000Core.job
- c:\users\cloudsora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 10:52]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000UA.job
- c:\users\cloudsora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 10:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-04-27 13:07266952------w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-04-27 13:07266952------w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-04-27 13:07266952------w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-04-27 13:07266952------w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-04-27 1067256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\cloudsora\AppData\Roaming\Mozilla\Firefox\Profiles\l2wpy810.default\
FF - prefs.js: browser.startup.homepage - gamefaqs.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
SafeBoot-90281763.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\CLOUDS~1\AppData\Local\Temp\0054CF8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-15 16:06:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 20:06
.
Pre-Run: 421,738,758,144 bytes free
Post-Run: 422,284,537,856 bytes free
.
- - End Of File - - 2F2DE5FF72DC643029C2102906DC55EA

Having an issue now where I can't connect to the internet unless I run in safe mode with networking, did I do something wrong?
For some reason my firewalls are now blocking Chrome from the internet.
 
It's the case for everything: uTorrent, skype, LoL, chrome, firefox, IE, ect.
If I turn bitdefenders firewall from off it cuts them all off but if its is off they run like they used to.

I can probably fix that by reinstalling it but I'd rather make sure my computer's clean of this virus/malware first.
Also I can use google again and its not redirecting me.
 
I'm not sure if I understand.
How can you use Google if you're saying none of the browsers work?
 
If I turn Bitdefenders firewall off everything runs like it used to run.
If its on it cuts everything off from the internet.
 
I assume you reinstalled just BitDefender?
If so, I'll review your OTL logs.
Let me know.
 
LOL...
Yes the above logs assuming you reinstalled just BitDefender not Windows so I need to know what exactly you reinstalled.
 
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Extras logfile created on: 6/15/2012 6:41:51 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\cloudsora\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.18 Gb Available Physical Memory | 77.66% Memory free
15.92 Gb Paging File | 13.84 Gb Available in Paging File | 86.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.45 Gb Total Space | 393.16 Gb Free Space | 42.57% Space Free | Partition Type: NTFS
Drive D: | 2794.52 Gb Total Space | 2067.03 Gb Free Space | 73.97% Space Free | Partition Type: NTFS

Computer Name: MALUS | User Name: cloudsora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{134C7AAA-8C53-466E-9347-E797A01CE12D}" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{214DCBFA-5742-4161-8ADC-DB13B30874C8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDF949C9-B77F-429A-8C2B-8A2B9BD12198}" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F965ED8C-E8A9-46F8-8CE6-DEE063847E6C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{4F3B7124-18A8-4776-889A-4019F06511C7}C:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe |
"TCP Query User{A7D49F1A-8B4E-4DD4-9154-2B9B5F3F5546}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{7251CA72-CE37-42E0-8E05-3EC3323BB06C}C:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe |
"UDP Query User{D0C7162F-CCEE-4447-A421-1AF1AFDCB5AE}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Total Security 2012
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bitdefender" = Bitdefender Total Security 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-bit)
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{10EBB586-D21E-60CA-0856-AA753EBE1F16}" = Application Profiles
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = DW 1525 Driver Installation
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6B1A1AD8-301F-46A8-9AB3-816AD02EE752}" = XSplit
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1" = Free Mouse Auto Clicker 2.8.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839BB90D-EB71-4BF1-B20A-52626B7D8B78}" = Terrafirma
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB0FCF85-3A90-98A4-6545-55A9C6B2C1EE}" = APEXvjDesktop
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F57FD7AF-DC0A-2E99-B850-9047DAB3F24C}" = Application Profiles
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"AIM_7" = AIM 7
"AviSynth" = AviSynth 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"com.apexvj.com" = APEXvjDesktop
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Diablo III" = Diablo III
"Flash Renamer_is1" = Flash Renamer 6.58
"Fraps" = Fraps (remove only)
"InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"IrfanView" = IrfanView (remove only)
"Katawa Shoujo" = Katawa Shoujo
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"LogMeIn Hamachi" = LogMeIn Hamachi
"MatrixEngine 1.0" = MatrixEngine
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PFPortChecker" = PFPortChecker 1.0.39
"PS3 Video 9" = PS3 Video 9 6
"Rage_is1" = Rage
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 107200" = Space Pirates and Zombies
"Steam App 19900" = Far Cry 2
"Steam App 202480" = Creation Kit
"Steam App 205790" = Dota 2 Test
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 36630" = Rusty Hearts
"Steam App 42910" = Magicka
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6310" = The Longest Journey
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 70420" = Chantelise
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 72900" = Winter Voices
"Steam App 8190" = Just Cause 2
"Steam App 9880" = Champions Online: Free For All
"Ubuntu One 1.0-beta3" = Ubuntu One
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4120677949-2524487292-1252143343-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yume Nikki 0.10 English" = Yume Nikki 0.10 Englishe Chrome


========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2012 3:35:04 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: MSHTML.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c3300 Exception code: 0xc0000005 Fault offset: 0x001d96b6 Faulting process
id: 0x1fa0 Faulting application start time: 0x01cd49369abc4f92 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\MSHTML.dll
Report
Id: 4a59e925-b52a-11e1-a29f-842b2bad97a9

Error - 6/13/2012 5:41:41 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: Flash32_11_2_202_235.ocx, version: 11.2.202.235,
time stamp: 0x4f9af5a5 Exception code: 0xc0000005 Fault offset: 0x0047c6b7 Faulting
process id: 0x1370 Faulting application start time: 0x01cd49480d5e149d Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx
Report
Id: fa29aa69-b53b-11e1-a29f-842b2bad97a9

Error - 6/13/2012 6:50:32 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: MSHTML.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c3300 Exception code: 0xc0000005 Fault offset: 0x001d96b6 Faulting process
id: 0x2e4 Faulting application start time: 0x01cd4951d643f094 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\MSHTML.dll
Report
Id: 98c095a1-b545-11e1-a29f-842b2bad97a9

Error - 6/13/2012 8:11:45 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0xe30 Faulting application start time: 0x01cd495d1f817a3d Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: f13ca0eb-b550-11e1-a29f-842b2bad97a9

Error - 6/13/2012 8:46:27 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: Flash32_11_2_202_235.ocx, version: 11.2.202.235,
time stamp: 0x4f9af5a5 Exception code: 0xc0000005 Fault offset: 0x0042598a Faulting
process id: 0x1600 Faulting application start time: 0x01cd496206abc9e1 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx
Report
Id: ca5ec852-b555-11e1-a29f-842b2bad97a9

Error - 6/13/2012 11:36:52 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 19.0.1084.56, time
stamp: 0x4fd04f16 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1878 Faulting application start time: 0x01cd497a44616134 Faulting application
path: C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 98dd8c89-b56d-11e1-a29f-842b2bad97a9

Error - 6/15/2012 3:25:24 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: MSHTML.dll, version: 9.0.8112.16446, time
stamp: 0x4fb58407 Exception code: 0xc0000005 Fault offset: 0x001d9a56 Faulting process
id: 0x1d0c Faulting application start time: 0x01cd4ac772f3c072 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\MSHTML.dll
Report
Id: 451dac9d-b6bb-11e1-8d59-842b2bad97a9

Error - 6/15/2012 3:39:07 PM | Computer Name = MALUS | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 6/15/2012 4:48:17 PM | Computer Name = MALUS | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 6/15/2012 5:28:47 PM | Computer Name = MALUS | Source = Application Hang | ID = 1002
Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12a4 Start
Time: 01cd4b3dd30b7ba5 Termination Time: 2 Application Path: C:\Riot Games\League
of Legends\RADS\system\rads_user_kernel.exe Report Id: 15da66be-b731-11e1-81aa-842b2bad97a9


[ System Events ]
Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 6/15/2012 4:44:43 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/15/2012 4:44:43 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/15/2012 4:49:16 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
trufos


< End of report >
 
OTL logfile created on: 6/15/2012 6:41:51 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\cloudsora\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.18 Gb Available Physical Memory | 77.66% Memory free
15.92 Gb Paging File | 13.84 Gb Available in Paging File | 86.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.45 Gb Total Space | 393.16 Gb Free Space | 42.57% Space Free | Partition Type: NTFS
Drive D: | 2794.52 Gb Total Space | 2067.03 Gb Free Space | 73.97% Space Free | Partition Type: NTFS

Computer Name: MALUS | User Name: cloudsora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 18:40:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cloudsora\Desktop\OTL.exe
PRC - [2012/06/01 21:26:16 | 000,880,528 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2011/07/11 19:33:04 | 000,066,072 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\Antispam32\pchooklaunch32.exe
PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/09/30 20:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/07/11 19:53:12 | 001,903,080 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2011/07/11 19:46:26 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011/07/08 15:48:02 | 000,074,336 | ---- | M] (BitDefender) [On_Demand | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2011/07/06 17:47:38 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/01 11:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/31 20:47:10 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/05 01:16:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 09:16:46 | 000,158,856 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 20:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 20:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/15 18:09:03 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/06/15 18:08:41 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2012/06/15 18:08:35 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/06/15 18:04:55 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012/06/15 18:04:48 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2012/06/15 18:04:26 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/06/15 18:03:58 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/03/24 13:22:17 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/24 16:59:47 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/03/24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/04/08 04:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2010/01/19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009/10/16 02:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 15:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "gamefaqs.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/06/15 18:06:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/15 16:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/26 15:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/06/15 18:06:08 | 000,000,000 | ---D | M]

[2011/09/19 00:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cloudsora\AppData\Roaming\mozilla\Extensions
[2012/06/15 17:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cloudsora\AppData\Roaming\mozilla\Firefox\Profiles\l2wpy810.default\extensions
[2012/06/01 21:26:22 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\cloudsora\AppData\Roaming\mozilla\Firefox\Profiles\l2wpy810.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/06/15 17:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cloudsora\AppData\Roaming\mozilla\Firefox\Profiles\l2wpy810.default\extensions\staged
[2012/06/15 16:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 21:14:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/12 11:12:42 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CLOUDSORA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L2WPY810.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/07/08 17:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll
[2009/03/18 18:45:44 | 000,147,456 | ---- | M] (NETDIMENSION CORPORATION) -- C:\Program Files (x86)\mozilla firefox\plugins\NPMXENG.DLL
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/18 08:15:11 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: MatrixEngine (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPMXENG.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Google Translate = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: TooManyTabs for Chrome = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.1_0\
CHR - Extension: Sothink Flash Downloader for Chrome = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi\1.0.24_0\
CHR - Extension: APNG = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp\0.7.1_0\
CHR - Extension: AdBlock = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: AT_HatsuneMiku = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcacbggjcnkdgchjnekppjkkkhlijkdd\2_0\
CHR - Extension: Weather Window by WeatherBug = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: mydeco 3D planner = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi\2.3_0\

O1 HOSTS File: ([2012/06/15 16:01:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79217D06-4968-4728-BCB9-3703D5F457FB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A34F070A-C787-4D2A-8DF4-206D1F88C301}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 18:40:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\cloudsora\Desktop\OTL.exe
[2012/06/15 18:09:03 | 000,545,064 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012/06/15 18:08:35 | 000,691,896 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012/06/15 18:06:43 | 000,442,088 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys.upd
[2012/06/15 18:04:55 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012/06/15 18:04:48 | 000,079,952 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012/06/15 18:04:26 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012/06/15 18:04:05 | 000,090,192 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
[2012/06/15 18:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012
[2012/06/15 17:59:41 | 000,431,176 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2012/06/15 17:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2012/06/15 16:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/15 16:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/15 16:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem Diagnostic Tool
[2012/06/15 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
[2012/06/15 16:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2012/06/15 16:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetWaiting
[2012/06/15 16:29:53 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Local\BVRP Software
[2012/06/15 16:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Line Detect
[2012/06/15 16:28:31 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/06/15 16:28:31 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012/06/15 16:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW
[2012/06/15 16:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/06/15 16:09:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/15 15:41:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/15 15:41:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/15 15:41:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/15 15:28:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/15 15:28:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/15 15:24:23 | 004,559,503 | R--- | C] (Swearware) -- C:\Users\cloudsora\Desktop\ComboFix.exe
[2012/06/15 02:15:26 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\21.Jump.Street.2012.720p.BluRay.x264-Felony [PublicHD]
[2012/06/13 13:17:21 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\bootkit_remover
[2012/06/13 13:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2012/06/06 18:45:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/06 15:03:14 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\gmer
[2012/06/05 17:56:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/05 14:28:58 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\Malwarebytes
[2012/06/05 14:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/04 22:38:58 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\Documents\StarCraft II
[2012/06/01 21:26:23 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Local\CRE
[2012/06/01 21:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/06/01 21:26:20 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Local\Conduit
[2012/06/01 21:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2
[2012/05/31 01:44:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/05/31 01:44:05 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/05/31 01:44:05 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/05/31 01:44:05 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/05/31 01:44:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/05/31 01:44:05 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/05/31 01:44:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/05/31 01:44:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/05/31 01:44:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/05/31 01:44:04 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/05/31 01:44:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/05/31 01:44:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/05/31 01:44:03 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/05/31 01:44:03 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012/05/31 01:44:03 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/05/31 01:43:53 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/05/30 20:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/05/28 05:20:22 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\FatalFightPC
[2012/05/26 15:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/26 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/26 01:37:42 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parthenon
[2012/05/26 01:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parthenon
[2012/05/23 22:35:26 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\LolClient2
[2012/05/22 13:31:46 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\Razer
[2012/05/22 13:27:42 | 000,085,504 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysWow64\DeathAdder64.cpl
[2012/05/22 13:27:33 | 000,006,656 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys
[2012/05/22 13:27:32 | 000,013,312 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\VKbms.sys
[2012/05/22 13:27:32 | 000,012,032 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\danew.sys
[2012/05/22 13:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/05/22 13:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012/05/22 13:26:30 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\InstallShield
[2012/05/21 20:53:26 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\Tekkit_Server_2.1.1(1)
[2012/05/21 13:54:13 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\Game.of.Thrones.S02E08.720p.HDTV.x264-IMMERSE [PublicHD]
[2012/05/18 18:28:04 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\com.apexvj.com
[2012/05/18 18:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\apexvjdesktop
[2011/10/24 16:59:47 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\cloudsora\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/06/15 18:40:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cloudsora\Desktop\OTL.exe
[2012/06/15 18:09:03 | 000,545,064 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012/06/15 18:08:35 | 000,691,896 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012/06/15 18:06:43 | 000,442,088 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys.upd
[2012/06/15 18:04:55 | 000,329,800 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012/06/15 18:04:48 | 000,079,952 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012/06/15 18:04:26 | 000,258,736 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012/06/15 18:04:05 | 000,090,192 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
[2012/06/15 18:02:02 | 000,159,162 | ---- | M] () -- C:\ProgramData\1339797578.bdinstall.bin
[2012/06/15 18:01:43 | 000,000,262 | -H-- | M] () -- C:\bdr-conf
[2012/06/15 18:00:49 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
[2012/06/15 17:58:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012/06/15 17:57:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 17:57:11 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 17:56:20 | 000,013,059 | ---- | M] () -- C:\ProgramData\1339797298.bdinstall.bin
[2012/06/15 17:54:14 | 000,128,690 | ---- | M] () -- C:\ProgramData\1339797183.bdinstall.bin
[2012/06/15 17:24:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000UA.job
[2012/06/15 17:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 16:29:29 | 000,001,970 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/06/15 16:01:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/15 15:24:24 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\cloudsora\Desktop\ComboFix.exe
[2012/06/15 15:00:08 | 000,000,512 | ---- | M] () -- C:\Users\cloudsora\Desktop\MBR.dat
[2012/06/14 18:07:27 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 18:07:27 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 15:11:48 | 000,000,115 | ---- | M] () -- C:\Users\cloudsora\Desktop\[Active] - Win7 64bit-Trojan.Generic,Trojan.Sirefef - TechSpot Forums.url
[2012/06/13 12:28:14 | 000,292,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 12:06:29 | 000,792,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/13 12:06:29 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/13 12:06:29 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/11 23:07:42 | 000,000,059 | ---- | M] () -- C:\Users\cloudsora\Desktop\The Original SOF Works and Shop by SOFworks on Etsy.url
[2012/06/11 19:37:52 | 000,000,121 | ---- | M] () -- C:\Users\cloudsora\Desktop\Get you throwaways ready - What is the grossest, most regrettable thing you have done sexually- (NSFW) - AskReddit.url
[2012/06/08 11:06:07 | 000,000,091 | ---- | M] () -- C:\Users\cloudsora\Desktop\Sandwich Nazi [nsfw] - videos.url
[2012/06/08 00:57:34 | 000,000,124 | ---- | M] () -- C:\Users\cloudsora\Desktop\So many amazing Life Hack posts as of late, a few with really good sex tips I wanted to expand upon. Does anyone else have other -Sex Hacks,- specifically, they want to share- - AskReddit.url
[2012/06/06 22:31:26 | 000,000,120 | ---- | M] () -- C:\Users\cloudsora\Desktop\[UPDATE] I was requested to compile all of the real-life cheats into an easy to read list. - AskReddit.url
[2012/06/06 02:27:03 | 000,000,120 | ---- | M] () -- C:\Users\cloudsora\Desktop\Why Diablo 3 is less addictive than Diablo 2- a “scientific” explanation - Alex Curelea's Dev Log.url
[2012/06/06 00:18:25 | 000,000,114 | ---- | M] () -- C:\Users\cloudsora\Desktop\Collection of Guides and Tips for Inferno - Diablo.url
[2012/06/05 19:05:36 | 000,000,053 | ---- | M] () -- C:\Users\cloudsora\Desktop\sirefef dot com -- virus removal instructions.url
[2012/06/05 01:21:21 | 000,000,098 | ---- | M] () -- C:\Users\cloudsora\Desktop\JManga- Hoshi no Samidare- The Lucifer and Biscuit Hammer Vol.1.url
[2012/06/04 21:18:55 | 2416,264,411 | ---- | M] () -- C:\Users\cloudsora\Game.of.Thrones.S02E10.1080i.HDTV.DD5.1.MPEG2-Fizo.ts
[2012/06/04 01:14:21 | 1477,593,007 | ---- | M] () -- C:\Users\cloudsora\Game.of.Thrones.S02E09.1080i.HDTV.DD5.1.MPEG2-Fizo [PublicHD].ts
[2012/06/04 01:11:33 | 000,000,050 | ---- | M] () -- C:\Users\cloudsora\Desktop\Adventure Time Princesses - Imgur.url
[2012/06/03 16:52:39 | 000,000,124 | ---- | M] () -- C:\Users\cloudsora\Desktop\Avatar Elemental Tribe Shot and Pint Glasses Etsy... - The Drunken Moogle.url
[2012/06/01 21:26:17 | 000,000,976 | ---- | M] () -- C:\Users\cloudsora\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/01 15:24:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000Core.job
[2012/06/01 05:13:38 | 000,000,057 | ---- | M] () -- C:\Users\cloudsora\Desktop\Vizivius - Spera Damno.url
[2012/05/31 21:17:03 | 000,000,047 | ---- | M] () -- C:\Users\cloudsora\Desktop\HDMI Cable, Home Theater Accessories, HDMI Products, Cables, Adapters, Video-Audio Switch, Networking, USB, Firewire, Printer Toner, and more!.url
[2012/05/28 05:40:25 | 000,000,063 | ---- | M] () -- C:\Users\cloudsora\Desktop\Download G905 rar.url
[2012/05/26 04:00:05 | 000,000,117 | ---- | M] () -- C:\Users\cloudsora\Desktop\The Batcave — thedrunkenmoogle- Avatar Elemental Tribe Shot....url
[2012/05/25 23:40:29 | 000,000,065 | ---- | M] () -- C:\Users\cloudsora\Desktop\DepositFiles.url
[2012/05/25 04:24:26 | 000,000,046 | ---- | M] () -- C:\Users\cloudsora\Desktop\The Booru Project - the home of imageboards.url
[2012/05/24 21:18:55 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012/05/23 16:59:35 | 000,000,066 | ---- | M] () -- C:\Users\cloudsora\Desktop\Click to Loot - Diablo III Powergaming- Diablo III Combat Mechanics Compendium.url
[2012/05/23 16:56:14 | 000,000,102 | ---- | M] () -- C:\Users\cloudsora\Desktop\Diablo- IncGamers – The Unofficial Diablo 3 Site News and Forums » It’s dangerous to go alone! ..or is it-.url
[2012/05/22 13:27:30 | 000,624,633 | ---- | M] () -- C:\Users\cloudsora\Documents\DA3500OMG-Eng.pdf
[2012/05/21 20:52:58 | 013,974,613 | ---- | M] () -- C:\Users\cloudsora\Tekkit_Server_2.1.1(1).zip
[2012/05/20 21:08:51 | 000,000,169 | ---- | M] () -- C:\Users\cloudsora\Desktop\Amazon.com- ECOMGEAR(TM) Mini protoble Vacuum USB Case Cooler Cooling Fan Notebook Laptop- Electronics.url
[2012/05/18 18:28:03 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\apexvjdesktop.lnk
[2012/05/18 18:25:14 | 001,081,172 | ---- | M] () -- C:\Users\cloudsora\Documents\APEXvjDesktop.air

========== Files Created - No Company Name ==========

[2012/06/15 18:02:02 | 000,159,162 | ---- | C] () -- C:\ProgramData\1339797578.bdinstall.bin
[2012/06/15 18:01:43 | 026,196,909 | -H-- | C] () -- C:\bdrescue.gz
[2012/06/15 18:01:43 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm
[2012/06/15 18:01:43 | 000,217,769 | -H-- | C] () -- C:\bdrescue
[2012/06/15 18:01:43 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr
[2012/06/15 18:01:43 | 000,000,262 | -H-- | C] () -- C:\bdr-conf
[2012/06/15 18:00:49 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
[2012/06/15 17:56:20 | 000,013,059 | ---- | C] () -- C:\ProgramData\1339797298.bdinstall.bin
[2012/06/15 17:54:14 | 000,128,690 | ---- | C] () -- C:\ProgramData\1339797183.bdinstall.bin
[2012/06/15 16:29:29 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/06/15 16:28:31 | 000,017,044 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012/06/15 16:28:31 | 000,008,342 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012/06/15 15:41:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/15 15:41:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/15 15:41:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/15 15:41:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/15 15:41:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/15 15:00:08 | 000,000,512 | ---- | C] () -- C:\Users\cloudsora\Desktop\MBR.dat
[2012/06/14 15:11:48 | 000,000,115 | ---- | C] () -- C:\Users\cloudsora\Desktop\[Active] - Win7 64bit-Trojan.Generic,Trojan.Sirefef - TechSpot Forums.url
[2012/06/11 23:07:42 | 000,000,059 | ---- | C] () -- C:\Users\cloudsora\Desktop\The Original SOF Works and Shop by SOFworks on Etsy.url
[2012/06/11 19:37:52 | 000,000,121 | ---- | C] () -- C:\Users\cloudsora\Desktop\Get you throwaways ready - What is the grossest, most regrettable thing you have done sexually- (NSFW) - AskReddit.url
[2012/06/08 11:06:07 | 000,000,091 | ---- | C] () -- C:\Users\cloudsora\Desktop\Sandwich Nazi [nsfw] - videos.url
[2012/06/08 00:57:34 | 000,000,124 | ---- | C] () -- C:\Users\cloudsora\Desktop\So many amazing Life Hack posts as of late, a few with really good sex tips I wanted to expand upon. Does anyone else have other -Sex Hacks,- specifically, they want to share- - AskReddit.url
[2012/06/06 22:31:26 | 000,000,120 | ---- | C] () -- C:\Users\cloudsora\Desktop\[UPDATE] I was requested to compile all of the real-life cheats into an easy to read list. - AskReddit.url
[2012/06/06 02:27:03 | 000,000,120 | ---- | C] () -- C:\Users\cloudsora\Desktop\Why Diablo 3 is less addictive than Diablo 2- a “scientific” explanation - Alex Curelea's Dev Log.url
[2012/06/06 00:18:25 | 000,000,114 | ---- | C] () -- C:\Users\cloudsora\Desktop\Collection of Guides and Tips for Inferno - Diablo.url
[2012/06/05 19:05:36 | 000,000,053 | ---- | C] () -- C:\Users\cloudsora\Desktop\sirefef dot com -- virus removal instructions.url
[2012/06/05 01:21:21 | 000,000,098 | ---- | C] () -- C:\Users\cloudsora\Desktop\JManga- Hoshi no Samidare- The Lucifer and Biscuit Hammer Vol.1.url
[2012/06/04 01:16:56 | 2416,264,411 | ---- | C] () -- C:\Users\cloudsora\Game.of.Thrones.S02E10.1080i.HDTV.DD5.1.MPEG2-Fizo.ts
[2012/06/04 01:11:33 | 000,000,050 | ---- | C] () -- C:\Users\cloudsora\Desktop\Adventure Time Princesses - Imgur.url
[2012/06/03 16:52:39 | 000,000,124 | ---- | C] () -- C:\Users\cloudsora\Desktop\Avatar Elemental Tribe Shot and Pint Glasses Etsy... - The Drunken Moogle.url
[2012/06/01 05:13:38 | 000,000,057 | ---- | C] () -- C:\Users\cloudsora\Desktop\Vizivius - Spera Damno.url
[2012/05/31 21:17:03 | 000,000,047 | ---- | C] () -- C:\Users\cloudsora\Desktop\HDMI Cable, Home Theater Accessories, HDMI Products, Cables, Adapters, Video-Audio Switch, Networking, USB, Firewire, Printer Toner, and more!.url
[2012/05/31 01:44:04 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012/05/31 01:42:34 | 000,292,728 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/28 05:40:25 | 000,000,063 | ---- | C] () -- C:\Users\cloudsora\Desktop\Download G905 rar.url
[2012/05/28 01:08:08 | 1477,593,007 | ---- | C] () -- C:\Users\cloudsora\Game.of.Thrones.S02E09.1080i.HDTV.DD5.1.MPEG2-Fizo [PublicHD].ts
[2012/05/26 04:00:05 | 000,000,117 | ---- | C] () -- C:\Users\cloudsora\Desktop\The Batcave — thedrunkenmoogle- Avatar Elemental Tribe Shot....url
[2012/05/25 23:40:29 | 000,000,065 | ---- | C] () -- C:\Users\cloudsora\Desktop\DepositFiles.url
[2012/05/25 04:24:26 | 000,000,046 | ---- | C] () -- C:\Users\cloudsora\Desktop\The Booru Project - the home of imageboards.url
[2012/05/23 16:59:35 | 000,000,066 | ---- | C] () -- C:\Users\cloudsora\Desktop\Click to Loot - Diablo III Powergaming- Diablo III Combat Mechanics Compendium.url
[2012/05/23 16:56:14 | 000,000,102 | ---- | C] () -- C:\Users\cloudsora\Desktop\Diablo- IncGamers – The Unofficial Diablo 3 Site News and Forums » It’s dangerous to go alone! ..or is it-.url
[2012/05/22 13:29:38 | 000,624,633 | ---- | C] () -- C:\Users\cloudsora\Documents\DA3500OMG-Eng.pdf
[2012/05/21 20:52:55 | 013,974,613 | ---- | C] () -- C:\Users\cloudsora\Tekkit_Server_2.1.1(1).zip
[2012/05/20 21:08:51 | 000,000,169 | ---- | C] () -- C:\Users\cloudsora\Desktop\Amazon.com- ECOMGEAR(TM) Mini protoble Vacuum USB Case Cooler Cooling Fan Notebook Laptop- Electronics.url
[2012/05/18 18:28:03 | 000,000,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\apexvjdesktop.lnk
[2012/05/18 18:28:03 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\apexvjdesktop.lnk
[2012/05/18 18:27:26 | 001,081,172 | ---- | C] () -- C:\Users\cloudsora\Documents\APEXvjDesktop.air
[2012/05/05 13:36:25 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/04 19:07:47 | 000,005,672 | ---- | C] () -- C:\Users\cloudsora\AppData\Local\Temp8.html
[2012/03/04 19:07:15 | 000,001,955 | ---- | C] () -- C:\Users\cloudsora\AppData\Local\Temp1.html
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/08 14:15:20 | 000,003,584 | ---- | C] () -- C:\Users\cloudsora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 16:15:16 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/15 00:41:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/12/11 14:22:55 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2011/11/12 12:01:03 | 000,007,601 | ---- | C] () -- C:\Users\cloudsora\AppData\Local\Resmon.ResmonCfg
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/24 16:59:47 | 000,007,859 | ---- | C] () -- C:\Users\cloudsora\AppData\Roaming\pcouffin.cat
[2011/10/24 16:59:47 | 000,001,167 | ---- | C] () -- C:\Users\cloudsora\AppData\Roaming\pcouffin.inf
[2011/09/29 01:52:47 | 000,002,427 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/09/23 22:54:17 | 102,190,355 | ---- | C] () -- C:\Users\cloudsora\AppData\Roaming\.minecraft.rar
[2011/09/18 09:04:27 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/18 07:02:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/04/27 08:55:22 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\.minecraft
[2011/10/22 02:36:08 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\.minecraft_xray
[2012/06/11 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\.techniclauncher
[2012/01/30 10:26:53 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\acccore
[2011/12/06 23:09:45 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Audacity
[2012/03/04 13:50:30 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Bitdefender
[2011/09/18 08:13:26 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\BitLord
[2011/09/21 23:47:59 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Cobra Mobile
[2012/05/18 18:28:04 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\com.apexvj.com
[2011/10/19 02:46:11 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\DAEMON Tools Lite
[2011/09/21 03:23:56 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\DAEMON Tools Pro
[2012/05/28 05:20:22 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\FatalFightPC
[2011/09/25 07:16:37 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\fltk.org
[2011/11/24 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\gtk-2.0
[2012/03/04 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\IrfanView
[2011/12/23 21:35:34 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\LolClient
[2012/05/23 22:35:26 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\LolClient2
[2012/03/30 10:20:48 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\MinMaxGames
[2012/05/05 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Mumble
[2011/09/21 03:15:12 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\OpenCandy
[2012/02/20 02:21:07 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\OpenOffice.org
[2012/02/18 18:38:20 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Origin
[2011/11/07 05:43:43 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Publish Providers
[2011/12/05 17:45:26 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\PunkBuster
[2011/09/18 08:13:19 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Python-Eggs
[2012/01/27 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\QuickScan
[2012/05/22 13:31:46 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Razer
[2011/11/24 03:10:21 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Red Kawa
[2012/05/28 05:12:57 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\RenPy
[2012/04/09 15:35:49 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\SOFTPAL
[2011/11/07 06:02:07 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Sony
[2011/09/28 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\SplitMediaLabs
[2011/09/25 07:21:19 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\The Creative Assembly
[2011/09/23 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Thinstall
[2012/01/25 21:37:44 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Tific
[2012/04/16 18:45:03 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Ubisoft
[2011/12/24 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Uniblue
[2012/06/15 18:49:50 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\uTorrent
[2012/04/01 12:44:21 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Vso
[2012/05/15 16:10:42 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\YourFileDownloader
[2012/05/05 14:38:45 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\’O‰ºŒ“¬‹äŠy•”
[2012/06/15 17:58:12 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012/06/05 20:44:49 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/15 17:53:16 | 000,175,454 | ---- | M] () -- C:\bdlog.txt
[2012/06/15 18:01:43 | 000,000,262 | -H-- | M] () -- C:\bdr-conf
[2011/05/25 17:50:20 | 000,217,769 | -H-- | M] () -- C:\bdrescue
[2011/06/27 19:31:22 | 026,196,909 | -H-- | M] () -- C:\bdrescue.gz
[2011/05/25 17:17:42 | 000,009,216 | -H-- | M] () -- C:\bdrescue.mbr
[2011/06/10 10:48:12 | 002,510,608 | -H-- | M] () -- C:\bdrescue.vm
[2012/06/15 16:06:45 | 000,019,488 | ---- | M] () -- C:\ComboFix.txt
[2012/06/15 17:57:11 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 22:53:36 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
[2012/06/15 17:57:17 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys
[2012/06/13 11:32:57 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2012/06/06 15:24:02 | 000,004,714 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_06.06.2012_15.23.56_log.txt
[2012/06/06 15:34:37 | 000,248,372 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_06.06.2012_15.33.22_log.txt
[2012/06/06 18:45:20 | 000,127,886 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_06.06.2012_18.42.16_log.txt
[2012/06/11 18:43:54 | 000,019,974 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_11.06.2012_18.43.44_log.txt
[2012/06/11 18:46:19 | 000,126,280 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_11.06.2012_18.45.50_log.txt
[2012/06/13 11:35:48 | 000,005,256 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_13.06.2012_11.28.24_log.txt
[2011/12/27 17:45:22 | 000,002,496 | ---- | M] () -- C:\{6E2C50B0-31F5-4A00-B780-78C1C838BC5F}

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/09/19 14:41:24 | 000,000,256 | -HS- | M] () -- C:\Users\cloudsora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2012/04/23 20:38:50 | 000,052,736 | ---- | M] (Technic) -- C:\Users\cloudsora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe

< %USERPROFILE%\Desktop\*.exe >
[2012/06/15 15:24:24 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\cloudsora\Desktop\ComboFix.exe
[2012/06/15 18:40:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cloudsora\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/15 17:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 17:58:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012/06/01 15:24:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000Core.job
[2012/06/15 17:24:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000UA.job
[2012/06/15 17:57:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/05 20:44:49 | 000,032,634 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/16 10:00:05 | 000,000,402 | -HS- | M] () -- C:\Users\cloudsora\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/06/15 17:54:14 | 000,128,690 | ---- | M] () -- C:\ProgramData\1339797183.bdinstall.bin
[2012/06/15 17:56:20 | 000,013,059 | ---- | M] () -- C:\ProgramData\1339797298.bdinstall.bin
[2012/06/15 18:02:02 | 000,159,162 | ---- | M] () -- C:\ProgramData\1339797578.bdinstall.bin

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2012/05/26 00:44:59 | 000,000,072 | ---- | M] ()(C:\Users\cloudsora\Desktop\[Full Game] Lilipalace -?????- - The Unofficial LineMarvel Forums.url) -- C:\Users\cloudsora\Desktop\[Full Game] Lilipalace -淫魔の巣窟- - The Unofficial LineMarvel Forums.url
[2012/05/26 00:44:59 | 000,000,072 | ---- | C] ()(C:\Users\cloudsora\Desktop\[Full Game] Lilipalace -?????- - The Unofficial LineMarvel Forums.url) -- C:\Users\cloudsora\Desktop\[Full Game] Lilipalace -淫魔の巣窟- - The Unofficial LineMarvel Forums.url
[2012/03/14 01:51:34 | 000,000,059 | ---- | M] ()(C:\Users\cloudsora\Desktop\FlowerTradeWind ?????????.url) -- C:\Users\cloudsora\Desktop\FlowerTradeWind のギャルゲー図書館.url
[2012/03/14 01:51:34 | 000,000,059 | ---- | C] ()(C:\Users\cloudsora\Desktop\FlowerTradeWind ?????????.url) -- C:\Users\cloudsora\Desktop\FlowerTradeWind のギャルゲー図書館.url
[2011/12/11 14:17:54 | 000,000,057 | ---- | M] ()(C:\Users\cloudsora\Desktop\[101026][creampot] ?????????!!.url) -- C:\Users\cloudsora\Desktop\[101026][creampot] アスカさんマジ天使!!.url
[2011/12/11 14:17:54 | 000,000,057 | ---- | C] ()(C:\Users\cloudsora\Desktop\[101026][creampot] ?????????!!.url) -- C:\Users\cloudsora\Desktop\[101026][creampot] アスカさんマジ天使!!.url
(C:\Users\cloudsora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\cloudsora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\エレクトリップ
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\妹いじめ

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:0C1EFF69
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:0C1EFF69
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

========================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=====================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E
dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni
J
🧐 Widescreen monitor text quality 3440x1440 🖥️
Replies
4
Views
41
janet77
J

Latest posts

Back