TechSpot

Win7 64bit/Trojan.Generic,Trojan.Sirefef

By cloudsora
Jun 13, 2012
  1. So I have ^ its been incredibly annoying and Bitdefender won't get rid of it and I even got malwarebytes to try to help but it didn't get rid of it either.
    (although I see this is a very common problem atm)

    Please help me.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    I grabbed all these when except DDS before I came here now I have them all.
    Also sry I had to go to work thought I'd post the topic and wait for a reply till I came home but I was too tired.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    OK...
     
  5. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.14.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    cloudsora :: MALUS [administrator]

    Protection: Enabled

    6/14/2012 11:59:40 PM
    mbam-log-2012-06-14 (23-59-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228783
    Time elapsed: 13 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-15 01:54:26
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\RTP\xff7e\xff6f\xff84\xff71\xff6f\xff8c\xff9f\RPG2000RTP.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\[Games]\ 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\[Games]\ 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\[Games]\ 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\screenies\Parthenon\\x25cb\x308a\x306e 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\cloudsora\Downloads\0--120430-1A-RJ093336\120430-1A-RJ093336\( 1

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by cloudsora at 0:16:45 on 2012-06-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.4559 [GMT -4:00]
    .
    AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
    SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
    C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\taskeng.exe
    C:\Users\cloudsora\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Zune\Zune.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    TB: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Google Update] "C:\Users\cloudsora\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{79217D06-4968-4728-BCB9-3703D5F457FB} : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    TB-X64: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\cloudsora\AppData\Roaming\Mozilla\Firefox\Profiles\l2wpy810.default\
    FF - prefs.js: browser.startup.homepage - gamefaqs.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMXENG.DLL
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2012-3-4 90192]
    R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-3-4 103504]
    R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-5 654408]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-18 2320920]
    R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-4 66096]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
    R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
    R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
    S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
    S3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-4-27 75384]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2012-3-4 466736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    .
    =============== Created Last 30 ================
    .
    2012-06-14 18:06:3327136----a-w-C:\Windows\System32\bddel.exe
    2012-06-13 17:17:21--------d-----w-C:\Users\cloudsora\bootkit_remover
    2012-06-13 17:04:14--------d-----w-C:\Program Files\Alex Feinman
    2012-06-13 15:59:35514560----a-w-C:\Windows\SysWow64\qdvd.dll
    2012-06-13 15:59:35366592----a-w-C:\Windows\System32\qdvd.dll
    2012-06-06 22:45:15--------d-----w-C:\TDSSKiller_Quarantine
    2012-06-06 19:03:14--------d-----w-C:\Users\cloudsora\gmer
    2012-06-05 21:56:33--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-06-05 18:28:58--------d-----w-C:\Users\cloudsora\AppData\Roaming\Malwarebytes
    2012-06-05 18:28:5424904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-06-05 18:28:54--------d-----w-C:\ProgramData\Malwarebytes
    2012-06-05 18:28:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-02 01:26:23--------d-----w-C:\Users\cloudsora\AppData\Local\CRE
    2012-06-02 01:26:21--------d-----w-C:\Program Files (x86)\Conduit
    2012-06-02 01:26:20--------d-----w-C:\Users\cloudsora\AppData\Local\Conduit
    2012-06-02 01:26:19--------d-----w-C:\Program Files (x86)\uTorrentControl2
    2012-05-31 05:43:532528832----a-w-C:\Windows\System32\FMAPO64.dll
    2012-05-31 05:43:45202336----a-w-C:\Windows\System32\AERTAC64.dll
    2012-05-31 05:43:45108640----a-w-C:\Windows\System32\AERTAR64.dll
    2012-05-31 05:43:33757760----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-05-31 05:43:3369715------w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-05-31 05:43:3365024----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-05-31 05:43:335632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-05-31 05:43:3332768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2012-05-31 05:43:33274432----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-05-31 05:43:33204800----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-05-31 05:43:31331908----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-05-31 05:43:31200836----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-05-31 00:53:41--------d-----w-C:\Program Files (x86)\Realtek
    2012-05-28 09:20:22--------d-----w-C:\Users\cloudsora\AppData\Roaming\FatalFightPC
    2012-05-26 19:11:55--------d-----w-C:\Program Files (x86)\Oracle
    2012-05-26 19:09:20772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-05-24 02:35:26--------d-----w-C:\Users\cloudsora\AppData\Roaming\LolClient2
    2012-05-22 17:31:46--------d-----w-C:\Users\cloudsora\AppData\Roaming\Razer
    2012-05-22 17:27:4285504----a-w-C:\Windows\SysWow64\DeathAdder64.cpl
    2012-05-22 17:27:336656----a-w-C:\Windows\System32\drivers\hidkmdf.sys
    2012-05-22 17:27:3213312----a-w-C:\Windows\System32\drivers\VKbms.sys
    2012-05-22 17:27:3212032----a-w-C:\Windows\System32\drivers\danew.sys
    2012-05-22 00:53:26--------d-----w-C:\Users\cloudsora\Tekkit_Server_2.1.1(1)
    2012-05-21 17:54:13--------d-----w-C:\Users\cloudsora\Game.of.Thrones.S02E08.720p.HDTV.x264-IMMERSE [PublicHD]
    2012-05-18 22:28:04--------d-----w-C:\Users\cloudsora\AppData\Roaming\com.apexvj.com
    2012-05-18 22:28:03--------d-----w-C:\Program Files (x86)\apexvjdesktop
    .
    ==================== Find3M ====================
    .
    2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
    2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:333146752----a-w-C:\Windows\System32\win32k.sys
    2012-05-05 05:16:0870304----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 05:16:08419488----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 05:16:038744608----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:5677312----a-w-C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55149504----a-w-C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:279216----a-w-C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37184320----a-w-C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:361462272----a-w-C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:421158656----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2012-04-07 12:31:403216384----a-w-C:\Windows\System32\msi.dll
    2012-04-07 11:26:292342400----a-w-C:\Windows\SysWow64\msi.dll
    2012-04-04 22:47:02687504----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-03-30 20:45:44691896----a-w-C:\Windows\System32\drivers\avc3.sys
    2012-03-30 11:35:471918320----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-03-27 21:03:364015592------w-C:\Windows\System32\drivers\RTKVHD64.sys
    2012-03-24 17:22:1795248----a-w-C:\Windows\System32\drivers\AtihdW76.sys
    2012-03-24 16:53:362700288----a-w-C:\Windows\System32\drivers\athrx.sys
    2012-03-20 14:47:203608680----a-w-C:\Windows\System32\RtkAPO64.dll
    2012-03-19 23:01:20102504----a-w-C:\Windows\System32\RCoInstII64.dll
    2012-03-17 07:58:5775120----a-w-C:\Windows\System32\drivers\partmgr.sys
    .
    ============= FINISH: 0:19:13.25 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/18/2011 6:28:01 AM
    System Uptime: 6/14/2012 2:03:24 PM (10 hours ago)
    .
    Motherboard: Dell Inc. | | 0G3HR7
    Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | CPU 1 | 2934/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 923 GiB total, 399.809 GiB free.
    D: is FIXED (NTFS) - 2795 GiB total, 2065.742 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: BitDefender AVC HV
    Device ID: ROOT\SYSTEM\0002
    Manufacturer: (Standard system devices)
    Name: BitDefender AVC HV
    PNP Device ID: ROOT\SYSTEM\0002
    Service: avchv
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ?????????????
    ????????????? Append01
    ????????????? Append02
    ????????????? Ver2.00 Update
    µTorrent
    Adobe AIR
    Adobe Reader X (10.1.3)
    AIM 7
    Amnesia: The Dark Descent
    APEXvjDesktop
    Application Profiles
    Assassin's Creed Revelations
    AviSynth 2.5
    Bastion
    Battlelog Web Plugins
    Build Your Own Net Dream (remove only)
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Champions Online: Free For All
    Chantelise
    Combined Community Codec Pack 2011-11-11
    ConvertXtoDVD 3.3.4.106e
    Creation Kit
    Diablo III
    Dota 2
    Dota 2 Test
    Download Updater (AOL LLC)
    Far Cry 2
    Flash Renamer 6.58
    Fraps (remove only)
    Free Mouse Auto Clicker 2.8.2
    GIMP 2.6.11
    Google Chrome
    Intel(R) Management Engine Components
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 17
    Java(TM) 6 Update 22
    Java(TM) 6 Update 29
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    JDownloader 0.9
    Just Cause 2
    Katawa Shoujo
    Kingdoms of Amalur Reckoning
    League of Legends
    LG United Mobile Drivers
    LogMeIn Hamachi
    Magicka
    Malwarebytes Anti-Malware version 1.61.0.1400
    MatrixEngine
    Microsoft AppLocale
    Microsoft Visual Basic PowerPacks 10.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    mIRC
    Mozilla Firefox 6.0.2 (x86 en-US)
    MSVCRT Redists
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    NVIDIA PhysX
    OpenAL
    OpenOffice.org 3.3
    Origin
    Pando Media Booster
    PCSX2 - Playstation 2 Emulator
    PFPortChecker 1.0.39
    PS3 Video 9 6
    Rage
    Razer DeathAdder(TM) Mouse
    Realtek High Definition Audio Driver
    Recettear: An Item Shop's Tale
    RGSS-RTP Standard
    RPG Maker 2003 v1.08
    RPG Maker VX RTP
    RPG????2000 ??????????
    Rusty Hearts
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype Click to Call
    Skype™ 5.8
    Sothink SWF Decompiler
    Space Pirates and Zombies
    SpeedFan (remove only)
    Star Wars: The Old Republic
    Steam
    swMSM
    Terrafirma
    Terraria
    The Elder Scrolls III: Morrowind
    The Elder Scrolls IV: Oblivion
    The Elder Scrolls V: Skyrim
    The Longest Journey
    The Witcher: Enhanced Edition
    Total War: SHOGUN 2
    Ubisoft Game Launcher
    Ubuntu One
    Uniblue DriverScanner
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    uTorrentControl2 Toolbar
    VC80CRTRedist - 8.0.50727.6195
    Vegas Pro 10.0
    VLC
    VLC media player 1.1.11
    Winter Voices
    WinZip 15.0
    Xfire (remove only)
    XSplit
    Yume Nikki 0.10 English
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/8/2012 2:30:03 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume META.
    6/8/2012 2:26:44 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
    6/15/2012 12:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 11 time(s).
    6/14/2012 9:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 8 time(s).
    6/14/2012 8:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 7 time(s).
    6/14/2012 7:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 6 time(s).
    6/14/2012 6:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 5 time(s).
    6/14/2012 5:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 4 time(s).
    6/14/2012 4:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 3 time(s).
    6/14/2012 3:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 2 time(s).
    6/14/2012 3:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 15 time(s).
    6/14/2012 2:16:01 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 1 time(s).
    6/14/2012 2:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 14 time(s).
    6/14/2012 2:04:31 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    6/14/2012 2:04:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    6/14/2012 2:04:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: trufos
    6/14/2012 2:04:08 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    6/14/2012 12:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 12 time(s).
    6/14/2012 11:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 10 time(s).
    6/14/2012 10:16:00 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 9 time(s).
    6/14/2012 1:16:00 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 13 time(s).
    6/12/2012 10:11:48 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    6/11/2012 5:48:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ===================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-15 14:49:30
    -----------------------------
    14:49:30.516 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:49:30.516 Number of processors: 8 586 0x1E05
    14:49:30.517 ComputerName: MALUS UserName:
    14:49:32.260 Initialize success
    14:50:07.180 AVAST engine defs: 12061500
    14:50:12.566 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:50:12.570 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 8
    14:50:12.575 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    14:50:12.579 Disk 1 Vendor: Hitachi_ MEAO Size: 764436MB BusType: 8
    14:50:12.596 Disk 0 MBR read successfully
    14:50:12.602 Disk 0 MBR scan
    14:50:12.685 Disk 0 Windows 7 default MBR code
    14:50:12.719 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    14:50:12.748 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 945617 MB offset 206848
    14:50:12.760 Disk 0 Partition - 00 05 Extended 8150 MB offset 1936832510
    14:50:12.831 Disk 0 scanning C:\Windows\system32\drivers
    14:50:27.577 Service scanning
    14:50:49.410 Modules scanning
    14:50:49.423 Disk 0 trace - called modules:
    14:50:49.441 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
    14:50:49.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e04790]
    14:50:49.453 3 CLASSPNP.SYS[fffff88001bac43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b53050]
    14:50:51.487 AVAST engine scan C:\Windows
    14:50:56.640 AVAST engine scan C:\Windows\system32
    14:54:45.618 AVAST engine scan C:\Windows\system32\drivers
    14:54:58.672 AVAST engine scan C:\Users\cloudsora
    15:00:08.334 Disk 0 MBR has been saved successfully to "C:\Users\cloudsora\Desktop\MBR.dat"
    15:00:08.343 The log file has been saved successfully to "C:\Users\cloudsora\Desktop\aswMBR.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    ComboFix 12-06-15.06 - cloudsora 06/15/2012 15:43:32.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6820 [GMT -4:00]
    Running from: c:\users\cloudsora\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
    FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\prefs.js
    c:\programdata\1327681734.bdinstall.bin
    c:\programdata\1330883007.bdinstall.bin
    c:\users\cloudsora\[4ls]_katawa_shoujo_[windows][C3798628].exe
    c:\users\cloudsora\AppData\Roaming\inst.exe
    c:\users\cloudsora\AppData\Roaming\vso_ts_preview.xml
    c:\users\cloudsora\Minecraft.exe
    c:\windows\apppatch\AppLoc.exe
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\@
    c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\L\00000004.@
    c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\L\1afb2d56
    c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\L\201d3dde
    c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\00000004.@
    c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\00000008.@
    c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\000000cb.@
    c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\80000000.@
    c:\windows\Installer\{dd19163f-2374-cf79-ac74-7afca7fbb733}\U\80000032.@
    c:\windows\SysWow64\avisynth.dll
    c:\windows\SysWow64\devil.dll
    D:\install.exe
    .
    Infected copy of c:\windows\system32\services.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-15 19:52 . 2012-06-15 19:52--------d-----w-c:\users\Default\AppData\Local\temp
    2012-06-15 06:15 . 2012-06-15 06:59--------d-----w-c:\users\cloudsora\21.Jump.Street.2012.720p.BluRay.x264-Felony [PublicHD]
    2012-06-13 17:17 . 2012-06-13 17:17--------d-----w-c:\users\cloudsora\bootkit_remover
    2012-06-13 17:04 . 2012-06-13 17:04--------d-----w-c:\program files\Alex Feinman
    2012-06-13 15:59 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
    2012-06-13 15:59 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
    2012-06-06 22:45 . 2012-06-06 22:45--------d-----w-C:\TDSSKiller_Quarantine
    2012-06-06 19:03 . 2012-06-06 19:03--------d-----w-c:\users\cloudsora\gmer
    2012-06-05 21:56 . 2012-06-05 21:56--------d-sh--w-c:\windows\SysWow64\%APPDATA%
    2012-06-05 18:28 . 2012-06-05 18:28--------d-----w-c:\users\cloudsora\AppData\Roaming\Malwarebytes
    2012-06-05 18:28 . 2012-06-05 18:28--------d-----w-c:\programdata\Malwarebytes
    2012-06-05 18:28 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-05 18:28 . 2012-06-05 18:28--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-02 01:26 . 2012-06-02 01:26--------d-----w-c:\users\cloudsora\AppData\Local\CRE
    2012-06-02 01:26 . 2012-06-02 01:26--------d-----w-c:\program files (x86)\Conduit
    2012-06-02 01:26 . 2012-06-02 01:26--------d-----w-c:\users\cloudsora\AppData\Local\Conduit
    2012-06-02 01:26 . 2012-06-02 01:26--------d-----w-c:\program files (x86)\uTorrentControl2
    2012-05-31 05:43 . 2012-02-21 18:262528832----a-w-c:\windows\system32\FMAPO64.dll
    2012-05-31 00:53 . 2012-05-31 00:53--------d-----w-c:\program files (x86)\Realtek
    2012-05-28 09:20 . 2012-05-28 09:20--------d-----w-c:\users\cloudsora\AppData\Roaming\FatalFightPC
    2012-05-26 19:12 . 2012-05-26 19:12--------d-----w-c:\program files (x86)\Common Files\Java
    2012-05-26 19:11 . 2012-05-26 19:11--------d-----w-c:\program files (x86)\Oracle
    2012-05-26 19:09 . 2012-04-04 22:47772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-05-24 02:35 . 2012-05-24 02:35--------d-----w-c:\users\cloudsora\AppData\Roaming\LolClient2
    2012-05-22 17:31 . 2012-05-22 17:31--------d-----w-c:\users\cloudsora\AppData\Roaming\Razer
    2012-05-22 17:27 . 2007-05-07 22:1985504----a-w-c:\windows\SysWow64\DeathAdder64.cpl
    2012-05-22 17:27 . 2010-09-30 00:456656----a-w-c:\windows\system32\drivers\hidkmdf.sys
    2012-05-22 17:27 . 2010-10-01 04:1613312----a-w-c:\windows\system32\drivers\VKbms.sys
    2012-05-22 17:27 . 2010-03-23 20:3712032----a-w-c:\windows\system32\drivers\danew.sys
    2012-05-22 17:27 . 2012-05-22 17:27--------d-----w-c:\program files (x86)\Razer
    2012-05-22 17:26 . 2012-05-22 17:26--------d-----w-c:\users\cloudsora\AppData\Roaming\InstallShield
    2012-05-22 00:53 . 2012-06-12 04:22--------d-----w-c:\users\cloudsora\Tekkit_Server_2.1.1(1)
    2012-05-21 17:54 . 2012-05-21 17:54--------d-----w-c:\users\cloudsora\Game.of.Thrones.S02E08.720p.HDTV.x264-IMMERSE [PublicHD]
    2012-05-18 22:28 . 2012-05-18 22:28--------d-----w-c:\users\cloudsora\AppData\Roaming\com.apexvj.com
    2012-05-18 22:28 . 2012-05-18 22:28--------d-----w-c:\program files (x86)\apexvjdesktop
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 05:16 . 2012-03-31 16:32419488----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 05:16 . 2011-09-18 13:1470304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 05:16 . 2012-03-31 17:168744608----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-24 00:38 . 2012-04-24 00:4552736----a-w-c:\users\cloudsora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
    2012-04-04 22:47 . 2011-11-06 01:24687504----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-03-30 20:45 . 2012-03-04 18:20691896----a-w-c:\windows\system32\drivers\avc3.sys
    2012-03-30 11:35 . 2012-05-10 10:521918320----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-03-24 17:22 . 2012-03-24 17:2295248----a-w-c:\windows\system32\drivers\AtihdW76.sys
    2012-03-24 16:53 . 2012-03-24 16:532700288----a-w-c:\windows\system32\drivers\athrx.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [-] 2011-09-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    [-] 2011-09-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-02 880528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
    "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
    R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-04-27 75384]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2012-03-04 466736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 X6va005;X6va005;c:\users\CLOUDS~1\AppData\Local\Temp\0054CF8.tmp [x]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-03-04 90192]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-03-04 103504]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
    S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-30 66096]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
    S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
    S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 05:16]
    .
    2012-06-15 c:\windows\Tasks\DriverScanner.job
    - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-12-24 19:43]
    .
    2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000Core.job
    - c:\users\cloudsora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 10:52]
    .
    2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000UA.job
    - c:\users\cloudsora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 10:52]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
    @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
    [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
    2012-04-27 13:07266952------w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
    @="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
    [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
    2012-04-27 13:07266952------w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
    @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
    [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
    2012-04-27 13:07266952------w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
    @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
    [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
    2012-04-27 13:07266952------w-c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-04-27 1067256]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\cloudsora\AppData\Roaming\Mozilla\Firefox\Profiles\l2wpy810.default\
    FF - prefs.js: browser.startup.homepage - gamefaqs.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    SafeBoot-90281763.sys
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\CLOUDS~1\AppData\Local\Temp\0054CF8.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-15 16:06:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-15 20:06
    .
    Pre-Run: 421,738,758,144 bytes free
    Post-Run: 422,284,537,856 bytes free
    .
    - - End Of File - - 2F2DE5FF72DC643029C2102906DC55EA

    Having an issue now where I can't connect to the internet unless I run in safe mode with networking, did I do something wrong?
    For some reason my firewalls are now blocking Chrome from the internet.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    See if you have same issue with IE.
     
  11. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    It's the case for everything: uTorrent, skype, LoL, chrome, firefox, IE, ect.
    If I turn bitdefenders firewall from off it cuts them all off but if its is off they run like they used to.

    I can probably fix that by reinstalling it but I'd rather make sure my computer's clean of this virus/malware first.
    Also I can use google again and its not redirecting me.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    I'm not sure if I understand.
    How can you use Google if you're saying none of the browsers work?
     
  13. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    If I turn Bitdefenders firewall off everything runs like it used to run.
    If its on it cuts everything off from the internet.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    In that case I suggest you reinstall BitDefender and we'll go from there.
     
  15. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    Reinstalled everything seems to be working fine now.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    I assume you reinstalled just BitDefender?
    If so, I'll review your OTL logs.
    Let me know.
     
  17. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    Is that something I should send you or are you saying you'll review what I posted above?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    LOL...
    Yes the above logs assuming you reinstalled just BitDefender not Windows so I need to know what exactly you reinstalled.
     
  19. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    Bitdefender.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Cool :)
    Hold on...
     
  21. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    OTL Extras logfile created on: 6/15/2012 6:41:51 PM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\cloudsora\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.96 Gb Total Physical Memory | 6.18 Gb Available Physical Memory | 77.66% Memory free
    15.92 Gb Paging File | 13.84 Gb Available in Paging File | 86.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 923.45 Gb Total Space | 393.16 Gb Free Space | 42.57% Space Free | Partition Type: NTFS
    Drive D: | 2794.52 Gb Total Space | 2067.03 Gb Free Space | 73.97% Space Free | Partition Type: NTFS

    Computer Name: MALUS | User Name: cloudsora | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{134C7AAA-8C53-466E-9347-E797A01CE12D}" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{214DCBFA-5742-4161-8ADC-DB13B30874C8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DDF949C9-B77F-429A-8C2B-8A2B9BD12198}" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F965ED8C-E8A9-46F8-8CE6-DEE063847E6C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{4F3B7124-18A8-4776-889A-4019F06511C7}C:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe |
    "TCP Query User{A7D49F1A-8B4E-4DD4-9154-2B9B5F3F5546}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{7251CA72-CE37-42E0-8E05-3EC3323BB06C}C:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2012\bdtpwiz.exe |
    "UDP Query User{D0C7162F-CCEE-4447-A421-1AF1AFDCB5AE}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
    "{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Total Security 2012
    "{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
    "{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
    "{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Bitdefender" = Bitdefender Total Security 2012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "WinRAR archiver" = WinRAR 4.00 (64-bit)
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
    "{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
    "{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
    "{10EBB586-D21E-60CA-0856-AA753EBE1F16}" = Application Profiles
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
    "{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
    "{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
    "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
    "{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ
    "{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
    "{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
    "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
    "{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
    "{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
    "{451517F1-7E41-400B-AA36-FB7E2563526D}" = DW 1525 Driver Installation
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
    "{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6B1A1AD8-301F-46A8-9AB3-816AD02EE752}" = XSplit
    "{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
    "{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1" = Free Mouse Auto Clicker 2.8.2
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{839BB90D-EB71-4BF1-B20A-52626B7D8B78}" = Terrafirma
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
    "{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
    "{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
    "{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
    "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
    "{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
    "{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
    "{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
    "{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
    "{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
    "{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
    "{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
    "{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
    "{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
    "{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EB0FCF85-3A90-98A4-6545-55A9C6B2C1EE}" = APEXvjDesktop
    "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
    "{F57FD7AF-DC0A-2E99-B850-9047DAB3F24C}" = Application Profiles
    "{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
    "{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
    "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "5513-1208-7298-9440" = JDownloader 0.9
    "Adobe AIR" = Adobe AIR
    "AIM_7" = AIM 7
    "AviSynth" = AviSynth 2.5
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
    "com.apexvj.com" = APEXvjDesktop
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
    "Diablo III" = Diablo III
    "Flash Renamer_is1" = Flash Renamer 6.58
    "Fraps" = Fraps (remove only)
    "InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
    "InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
    "InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
    "InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
    "IrfanView" = IrfanView (remove only)
    "Katawa Shoujo" = Katawa Shoujo
    "Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "MatrixEngine 1.0" = MatrixEngine
    "Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "OpenAL" = OpenAL
    "Origin" = Origin
    "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
    "PFPortChecker" = PFPortChecker 1.0.39
    "PS3 Video 9" = PS3 Video 9 6
    "Rage_is1" = Rage
    "RPG Maker 2003_is1" = RPG Maker 2003 v1.08
    "RPG Maker VX RTP_is1" = RPG Maker VX RTP
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SpeedFan" = SpeedFan (remove only)
    "Steam App 105600" = Terraria
    "Steam App 107100" = Bastion
    "Steam App 107200" = Space Pirates and Zombies
    "Steam App 19900" = Far Cry 2
    "Steam App 202480" = Creation Kit
    "Steam App 205790" = Dota 2 Test
    "Steam App 20900" = The Witcher: Enhanced Edition
    "Steam App 22320" = The Elder Scrolls III: Morrowind
    "Steam App 22330" = The Elder Scrolls IV: Oblivion
    "Steam App 34330" = Total War: SHOGUN 2
    "Steam App 36630" = Rusty Hearts
    "Steam App 42910" = Magicka
    "Steam App 570" = Dota 2
    "Steam App 57300" = Amnesia: The Dark Descent
    "Steam App 6310" = The Longest Journey
    "Steam App 70400" = Recettear: An Item Shop's Tale
    "Steam App 70420" = Chantelise
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 72900" = Winter Voices
    "Steam App 8190" = Just Cause 2
    "Steam App 9880" = Champions Online: Free For All
    "Ubuntu One 1.0-beta3" = Ubuntu One
    "uTorrent" = µTorrent
    "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
    "VLC media player" = VLC media player 1.1.11
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "Xfire" = Xfire (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4120677949-2524487292-1252143343-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Yume Nikki 0.10 English" = Yume Nikki 0.10 Englishe Chrome


    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/13/2012 3:35:04 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
    Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc964 Faulting module name: MSHTML.dll, version: 9.0.8112.16443, time
    stamp: 0x4f4c3300 Exception code: 0xc0000005 Fault offset: 0x001d96b6 Faulting process
    id: 0x1fa0 Faulting application start time: 0x01cd49369abc4f92 Faulting application
    path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\MSHTML.dll
    Report
    Id: 4a59e925-b52a-11e1-a29f-842b2bad97a9

    Error - 6/13/2012 5:41:41 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
    Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc964 Faulting module name: Flash32_11_2_202_235.ocx, version: 11.2.202.235,
    time stamp: 0x4f9af5a5 Exception code: 0xc0000005 Fault offset: 0x0047c6b7 Faulting
    process id: 0x1370 Faulting application start time: 0x01cd49480d5e149d Faulting application
    path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx
    Report
    Id: fa29aa69-b53b-11e1-a29f-842b2bad97a9

    Error - 6/13/2012 6:50:32 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
    Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc964 Faulting module name: MSHTML.dll, version: 9.0.8112.16443, time
    stamp: 0x4f4c3300 Exception code: 0xc0000005 Fault offset: 0x001d96b6 Faulting process
    id: 0x2e4 Faulting application start time: 0x01cd4951d643f094 Faulting application
    path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\MSHTML.dll
    Report
    Id: 98c095a1-b545-11e1-a29f-842b2bad97a9

    Error - 6/13/2012 8:11:45 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
    Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc964 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0xe30 Faulting application start time: 0x01cd495d1f817a3d Faulting application
    path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: f13ca0eb-b550-11e1-a29f-842b2bad97a9

    Error - 6/13/2012 8:46:27 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
    Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc964 Faulting module name: Flash32_11_2_202_235.ocx, version: 11.2.202.235,
    time stamp: 0x4f9af5a5 Exception code: 0xc0000005 Fault offset: 0x0042598a Faulting
    process id: 0x1600 Faulting application start time: 0x01cd496206abc9e1 Faulting application
    path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx
    Report
    Id: ca5ec852-b555-11e1-a29f-842b2bad97a9

    Error - 6/13/2012 11:36:52 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
    Description = Faulting application name: chrome.exe, version: 19.0.1084.56, time
    stamp: 0x4fd04f16 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x1878 Faulting application start time: 0x01cd497a44616134 Faulting application
    path: C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
    module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 98dd8c89-b56d-11e1-a29f-842b2bad97a9

    Error - 6/15/2012 3:25:24 AM | Computer Name = MALUS | Source = Application Error | ID = 1000
    Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc964 Faulting module name: MSHTML.dll, version: 9.0.8112.16446, time
    stamp: 0x4fb58407 Exception code: 0xc0000005 Fault offset: 0x001d9a56 Faulting process
    id: 0x1d0c Faulting application start time: 0x01cd4ac772f3c072 Faulting application
    path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\MSHTML.dll
    Report
    Id: 451dac9d-b6bb-11e1-8d59-842b2bad97a9

    Error - 6/15/2012 3:39:07 PM | Computer Name = MALUS | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: A system shutdown is in progress. .

    Error - 6/15/2012 4:48:17 PM | Computer Name = MALUS | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: A system shutdown is in progress. .

    Error - 6/15/2012 5:28:47 PM | Computer Name = MALUS | Source = Application Hang | ID = 1002
    Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 12a4 Start
    Time: 01cd4b3dd30b7ba5 Termination Time: 2 Application Path: C:\Riot Games\League
    of Legends\RADS\system\rads_user_kernel.exe Report Id: 15da66be-b731-11e1-81aa-842b2bad97a9


    [ System Events ]
    Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 6/15/2012 4:44:41 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1068

    Error - 6/15/2012 4:44:43 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 6/15/2012 4:44:43 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 6/15/2012 4:49:16 PM | Computer Name = MALUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    trufos


    < End of report >
     
  23. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    OTL logfile created on: 6/15/2012 6:41:51 PM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\cloudsora\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.96 Gb Total Physical Memory | 6.18 Gb Available Physical Memory | 77.66% Memory free
    15.92 Gb Paging File | 13.84 Gb Available in Paging File | 86.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 923.45 Gb Total Space | 393.16 Gb Free Space | 42.57% Space Free | Partition Type: NTFS
    Drive D: | 2794.52 Gb Total Space | 2067.03 Gb Free Space | 73.97% Space Free | Partition Type: NTFS

    Computer Name: MALUS | User Name: cloudsora | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/15 18:40:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cloudsora\Desktop\OTL.exe
    PRC - [2012/06/01 21:26:16 | 000,880,528 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
    PRC - [2011/07/11 19:33:04 | 000,066,072 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\Antispam32\pchooklaunch32.exe
    PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2009/09/30 20:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 20:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    MOD - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
    MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2011/07/11 19:53:12 | 001,903,080 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
    SRV:64bit: - [2011/07/11 19:46:26 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
    SRV:64bit: - [2011/07/08 15:48:02 | 000,074,336 | ---- | M] (BitDefender) [On_Demand | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
    SRV:64bit: - [2011/07/06 17:47:38 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/06/01 11:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/31 20:47:10 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/05 01:16:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/02/29 09:16:46 | 000,158,856 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/30 20:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/09/30 20:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/06/15 18:09:03 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
    DRV:64bit: - [2012/06/15 18:08:41 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
    DRV:64bit: - [2012/06/15 18:08:35 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
    DRV:64bit: - [2012/06/15 18:04:55 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
    DRV:64bit: - [2012/06/15 18:04:48 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
    DRV:64bit: - [2012/06/15 18:04:26 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
    DRV:64bit: - [2012/06/15 18:03:58 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
    DRV:64bit: - [2012/03/24 13:22:17 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/24 16:59:47 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2011/03/24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2011/02/14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2011/02/14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
    DRV:64bit: - [2010/04/08 04:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
    DRV:64bit: - [2010/01/19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
    DRV:64bit: - [2009/10/16 02:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 15:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
    IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "gamefaqs.com"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/06/15 18:06:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/15 16:57:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/26 15:09:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/06/15 18:06:08 | 000,000,000 | ---D | M]

    [2011/09/19 00:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cloudsora\AppData\Roaming\mozilla\Extensions
    [2012/06/15 17:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cloudsora\AppData\Roaming\mozilla\Firefox\Profiles\l2wpy810.default\extensions
    [2012/06/01 21:26:22 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\cloudsora\AppData\Roaming\mozilla\Firefox\Profiles\l2wpy810.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/06/15 17:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cloudsora\AppData\Roaming\mozilla\Firefox\Profiles\l2wpy810.default\extensions\staged
    [2012/06/15 16:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/04/20 21:14:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/04/12 11:12:42 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CLOUDSORA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L2WPY810.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2008/07/08 17:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll
    [2009/03/18 18:45:44 | 000,147,456 | ---- | M] (NETDIMENSION CORPORATION) -- C:\Program Files (x86)\mozilla firefox\plugins\NPMXENG.DLL
    [2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/09/18 08:15:11 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    [2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cloudsora\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: MatrixEngine (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPMXENG.DLL
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\cloudsora\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: Google Translate = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
    CHR - Extension: TooManyTabs for Chrome = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.1_0\
    CHR - Extension: Sothink Flash Downloader for Chrome = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi\1.0.24_0\
    CHR - Extension: APNG = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp\0.7.1_0\
    CHR - Extension: AdBlock = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
    CHR - Extension: AT_HatsuneMiku = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcacbggjcnkdgchjnekppjkkkhlijkdd\2_0\
    CHR - Extension: Weather Window by WeatherBug = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
    CHR - Extension: mydeco 3D planner = C:\Users\cloudsora\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi\2.3_0\

    O1 HOSTS File: ([2012/06/15 16:01:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79217D06-4968-4728-BCB9-3703D5F457FB}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A34F070A-C787-4D2A-8DF4-206D1F88C301}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
    Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  24. cloudsora

    cloudsora TS Rookie Topic Starter Posts: 17

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/15 18:40:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\cloudsora\Desktop\OTL.exe
    [2012/06/15 18:09:03 | 000,545,064 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
    [2012/06/15 18:08:35 | 000,691,896 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
    [2012/06/15 18:06:43 | 000,442,088 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys.upd
    [2012/06/15 18:04:55 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
    [2012/06/15 18:04:48 | 000,079,952 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
    [2012/06/15 18:04:26 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
    [2012/06/15 18:04:05 | 000,090,192 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
    [2012/06/15 18:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012
    [2012/06/15 17:59:41 | 000,431,176 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
    [2012/06/15 17:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
    [2012/06/15 16:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/06/15 16:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/06/15 16:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem Diagnostic Tool
    [2012/06/15 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
    [2012/06/15 16:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
    [2012/06/15 16:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetWaiting
    [2012/06/15 16:29:53 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Local\BVRP Software
    [2012/06/15 16:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Line Detect
    [2012/06/15 16:28:31 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
    [2012/06/15 16:28:31 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
    [2012/06/15 16:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW
    [2012/06/15 16:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
    [2012/06/15 16:09:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/15 15:41:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/15 15:41:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/15 15:41:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/15 15:28:44 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/15 15:28:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/15 15:24:23 | 004,559,503 | R--- | C] (Swearware) -- C:\Users\cloudsora\Desktop\ComboFix.exe
    [2012/06/15 02:15:26 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\21.Jump.Street.2012.720p.BluRay.x264-Felony [PublicHD]
    [2012/06/13 13:17:21 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\bootkit_remover
    [2012/06/13 13:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
    [2012/06/06 18:45:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/06/06 15:03:14 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\gmer
    [2012/06/05 17:56:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/06/05 14:28:58 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\Malwarebytes
    [2012/06/05 14:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/04 22:38:58 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\Documents\StarCraft II
    [2012/06/01 21:26:23 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Local\CRE
    [2012/06/01 21:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/06/01 21:26:20 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Local\Conduit
    [2012/06/01 21:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2
    [2012/05/31 01:44:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2012/05/31 01:44:05 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2012/05/31 01:44:05 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2012/05/31 01:44:05 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2012/05/31 01:44:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2012/05/31 01:44:05 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2012/05/31 01:44:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2012/05/31 01:44:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2012/05/31 01:44:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2012/05/31 01:44:04 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2012/05/31 01:44:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2012/05/31 01:44:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2012/05/31 01:44:03 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2012/05/31 01:44:03 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
    [2012/05/31 01:44:03 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2012/05/31 01:43:53 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2012/05/30 20:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2012/05/28 05:20:22 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\FatalFightPC
    [2012/05/26 15:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/05/26 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/05/26 01:37:42 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parthenon
    [2012/05/26 01:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parthenon
    [2012/05/23 22:35:26 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\LolClient2
    [2012/05/22 13:31:46 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\Razer
    [2012/05/22 13:27:42 | 000,085,504 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysWow64\DeathAdder64.cpl
    [2012/05/22 13:27:33 | 000,006,656 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys
    [2012/05/22 13:27:32 | 000,013,312 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\VKbms.sys
    [2012/05/22 13:27:32 | 000,012,032 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\danew.sys
    [2012/05/22 13:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
    [2012/05/22 13:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
    [2012/05/22 13:26:30 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\InstallShield
    [2012/05/21 20:53:26 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\Tekkit_Server_2.1.1(1)
    [2012/05/21 13:54:13 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\Game.of.Thrones.S02E08.720p.HDTV.x264-IMMERSE [PublicHD]
    [2012/05/18 18:28:04 | 000,000,000 | ---D | C] -- C:\Users\cloudsora\AppData\Roaming\com.apexvj.com
    [2012/05/18 18:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\apexvjdesktop
    [2011/10/24 16:59:47 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\cloudsora\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/06/15 18:40:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cloudsora\Desktop\OTL.exe
    [2012/06/15 18:09:03 | 000,545,064 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
    [2012/06/15 18:08:35 | 000,691,896 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
    [2012/06/15 18:06:43 | 000,442,088 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys.upd
    [2012/06/15 18:04:55 | 000,329,800 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
    [2012/06/15 18:04:48 | 000,079,952 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
    [2012/06/15 18:04:26 | 000,258,736 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
    [2012/06/15 18:04:05 | 000,090,192 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
    [2012/06/15 18:02:02 | 000,159,162 | ---- | M] () -- C:\ProgramData\1339797578.bdinstall.bin
    [2012/06/15 18:01:43 | 000,000,262 | -H-- | M] () -- C:\bdr-conf
    [2012/06/15 18:00:49 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
    [2012/06/15 17:58:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
    [2012/06/15 17:57:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/15 17:57:11 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/15 17:56:20 | 000,013,059 | ---- | M] () -- C:\ProgramData\1339797298.bdinstall.bin
    [2012/06/15 17:54:14 | 000,128,690 | ---- | M] () -- C:\ProgramData\1339797183.bdinstall.bin
    [2012/06/15 17:24:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000UA.job
    [2012/06/15 17:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/15 16:29:29 | 000,001,970 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    [2012/06/15 16:01:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/15 15:24:24 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\cloudsora\Desktop\ComboFix.exe
    [2012/06/15 15:00:08 | 000,000,512 | ---- | M] () -- C:\Users\cloudsora\Desktop\MBR.dat
    [2012/06/14 18:07:27 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/14 18:07:27 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/14 15:11:48 | 000,000,115 | ---- | M] () -- C:\Users\cloudsora\Desktop\[Active] - Win7 64bit-Trojan.Generic,Trojan.Sirefef - TechSpot Forums.url
    [2012/06/13 12:28:14 | 000,292,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/13 12:06:29 | 000,792,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/13 12:06:29 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/13 12:06:29 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/11 23:07:42 | 000,000,059 | ---- | M] () -- C:\Users\cloudsora\Desktop\The Original SOF Works and Shop by SOFworks on Etsy.url
    [2012/06/11 19:37:52 | 000,000,121 | ---- | M] () -- C:\Users\cloudsora\Desktop\Get you throwaways ready - What is the grossest, most regrettable thing you have done sexually- (NSFW) - AskReddit.url
    [2012/06/08 11:06:07 | 000,000,091 | ---- | M] () -- C:\Users\cloudsora\Desktop\Sandwich Nazi [nsfw] - videos.url
    [2012/06/08 00:57:34 | 000,000,124 | ---- | M] () -- C:\Users\cloudsora\Desktop\So many amazing Life Hack posts as of late, a few with really good sex tips I wanted to expand upon. Does anyone else have other -Sex Hacks,- specifically, they want to share- - AskReddit.url
    [2012/06/06 22:31:26 | 000,000,120 | ---- | M] () -- C:\Users\cloudsora\Desktop\[UPDATE] I was requested to compile all of the real-life cheats into an easy to read list. - AskReddit.url
    [2012/06/06 02:27:03 | 000,000,120 | ---- | M] () -- C:\Users\cloudsora\Desktop\Why Diablo 3 is less addictive than Diablo 2- a “scientific” explanation - Alex Curelea's Dev Log.url
    [2012/06/06 00:18:25 | 000,000,114 | ---- | M] () -- C:\Users\cloudsora\Desktop\Collection of Guides and Tips for Inferno - Diablo.url
    [2012/06/05 19:05:36 | 000,000,053 | ---- | M] () -- C:\Users\cloudsora\Desktop\sirefef dot com -- virus removal instructions.url
    [2012/06/05 01:21:21 | 000,000,098 | ---- | M] () -- C:\Users\cloudsora\Desktop\JManga- Hoshi no Samidare- The Lucifer and Biscuit Hammer Vol.1.url
    [2012/06/04 21:18:55 | 2416,264,411 | ---- | M] () -- C:\Users\cloudsora\Game.of.Thrones.S02E10.1080i.HDTV.DD5.1.MPEG2-Fizo.ts
    [2012/06/04 01:14:21 | 1477,593,007 | ---- | M] () -- C:\Users\cloudsora\Game.of.Thrones.S02E09.1080i.HDTV.DD5.1.MPEG2-Fizo [PublicHD].ts
    [2012/06/04 01:11:33 | 000,000,050 | ---- | M] () -- C:\Users\cloudsora\Desktop\Adventure Time Princesses - Imgur.url
    [2012/06/03 16:52:39 | 000,000,124 | ---- | M] () -- C:\Users\cloudsora\Desktop\Avatar Elemental Tribe Shot and Pint Glasses Etsy... - The Drunken Moogle.url
    [2012/06/01 21:26:17 | 000,000,976 | ---- | M] () -- C:\Users\cloudsora\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012/06/01 15:24:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000Core.job
    [2012/06/01 05:13:38 | 000,000,057 | ---- | M] () -- C:\Users\cloudsora\Desktop\Vizivius - Spera Damno.url
    [2012/05/31 21:17:03 | 000,000,047 | ---- | M] () -- C:\Users\cloudsora\Desktop\HDMI Cable, Home Theater Accessories, HDMI Products, Cables, Adapters, Video-Audio Switch, Networking, USB, Firewire, Printer Toner, and more!.url
    [2012/05/28 05:40:25 | 000,000,063 | ---- | M] () -- C:\Users\cloudsora\Desktop\Download G905 rar.url
    [2012/05/26 04:00:05 | 000,000,117 | ---- | M] () -- C:\Users\cloudsora\Desktop\The Batcave — thedrunkenmoogle- Avatar Elemental Tribe Shot....url
    [2012/05/25 23:40:29 | 000,000,065 | ---- | M] () -- C:\Users\cloudsora\Desktop\DepositFiles.url
    [2012/05/25 04:24:26 | 000,000,046 | ---- | M] () -- C:\Users\cloudsora\Desktop\The Booru Project - the home of imageboards.url
    [2012/05/24 21:18:55 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
    [2012/05/23 16:59:35 | 000,000,066 | ---- | M] () -- C:\Users\cloudsora\Desktop\Click to Loot - Diablo III Powergaming- Diablo III Combat Mechanics Compendium.url
    [2012/05/23 16:56:14 | 000,000,102 | ---- | M] () -- C:\Users\cloudsora\Desktop\Diablo- IncGamers – The Unofficial Diablo 3 Site News and Forums » It’s dangerous to go alone! ..or is it-.url
    [2012/05/22 13:27:30 | 000,624,633 | ---- | M] () -- C:\Users\cloudsora\Documents\DA3500OMG-Eng.pdf
    [2012/05/21 20:52:58 | 013,974,613 | ---- | M] () -- C:\Users\cloudsora\Tekkit_Server_2.1.1(1).zip
    [2012/05/20 21:08:51 | 000,000,169 | ---- | M] () -- C:\Users\cloudsora\Desktop\Amazon.com- ECOMGEAR(TM) Mini protoble Vacuum USB Case Cooler Cooling Fan Notebook Laptop- Electronics.url
    [2012/05/18 18:28:03 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\apexvjdesktop.lnk
    [2012/05/18 18:25:14 | 001,081,172 | ---- | M] () -- C:\Users\cloudsora\Documents\APEXvjDesktop.air

    ========== Files Created - No Company Name ==========

    [2012/06/15 18:02:02 | 000,159,162 | ---- | C] () -- C:\ProgramData\1339797578.bdinstall.bin
    [2012/06/15 18:01:43 | 026,196,909 | -H-- | C] () -- C:\bdrescue.gz
    [2012/06/15 18:01:43 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm
    [2012/06/15 18:01:43 | 000,217,769 | -H-- | C] () -- C:\bdrescue
    [2012/06/15 18:01:43 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr
    [2012/06/15 18:01:43 | 000,000,262 | -H-- | C] () -- C:\bdr-conf
    [2012/06/15 18:00:49 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
    [2012/06/15 17:56:20 | 000,013,059 | ---- | C] () -- C:\ProgramData\1339797298.bdinstall.bin
    [2012/06/15 17:54:14 | 000,128,690 | ---- | C] () -- C:\ProgramData\1339797183.bdinstall.bin
    [2012/06/15 16:29:29 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    [2012/06/15 16:28:31 | 000,017,044 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
    [2012/06/15 16:28:31 | 000,008,342 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
    [2012/06/15 15:41:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/15 15:41:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/15 15:41:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/15 15:41:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/15 15:41:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/15 15:00:08 | 000,000,512 | ---- | C] () -- C:\Users\cloudsora\Desktop\MBR.dat
    [2012/06/14 15:11:48 | 000,000,115 | ---- | C] () -- C:\Users\cloudsora\Desktop\[Active] - Win7 64bit-Trojan.Generic,Trojan.Sirefef - TechSpot Forums.url
    [2012/06/11 23:07:42 | 000,000,059 | ---- | C] () -- C:\Users\cloudsora\Desktop\The Original SOF Works and Shop by SOFworks on Etsy.url
    [2012/06/11 19:37:52 | 000,000,121 | ---- | C] () -- C:\Users\cloudsora\Desktop\Get you throwaways ready - What is the grossest, most regrettable thing you have done sexually- (NSFW) - AskReddit.url
    [2012/06/08 11:06:07 | 000,000,091 | ---- | C] () -- C:\Users\cloudsora\Desktop\Sandwich Nazi [nsfw] - videos.url
    [2012/06/08 00:57:34 | 000,000,124 | ---- | C] () -- C:\Users\cloudsora\Desktop\So many amazing Life Hack posts as of late, a few with really good sex tips I wanted to expand upon. Does anyone else have other -Sex Hacks,- specifically, they want to share- - AskReddit.url
    [2012/06/06 22:31:26 | 000,000,120 | ---- | C] () -- C:\Users\cloudsora\Desktop\[UPDATE] I was requested to compile all of the real-life cheats into an easy to read list. - AskReddit.url
    [2012/06/06 02:27:03 | 000,000,120 | ---- | C] () -- C:\Users\cloudsora\Desktop\Why Diablo 3 is less addictive than Diablo 2- a “scientific” explanation - Alex Curelea's Dev Log.url
    [2012/06/06 00:18:25 | 000,000,114 | ---- | C] () -- C:\Users\cloudsora\Desktop\Collection of Guides and Tips for Inferno - Diablo.url
    [2012/06/05 19:05:36 | 000,000,053 | ---- | C] () -- C:\Users\cloudsora\Desktop\sirefef dot com -- virus removal instructions.url
    [2012/06/05 01:21:21 | 000,000,098 | ---- | C] () -- C:\Users\cloudsora\Desktop\JManga- Hoshi no Samidare- The Lucifer and Biscuit Hammer Vol.1.url
    [2012/06/04 01:16:56 | 2416,264,411 | ---- | C] () -- C:\Users\cloudsora\Game.of.Thrones.S02E10.1080i.HDTV.DD5.1.MPEG2-Fizo.ts
    [2012/06/04 01:11:33 | 000,000,050 | ---- | C] () -- C:\Users\cloudsora\Desktop\Adventure Time Princesses - Imgur.url
    [2012/06/03 16:52:39 | 000,000,124 | ---- | C] () -- C:\Users\cloudsora\Desktop\Avatar Elemental Tribe Shot and Pint Glasses Etsy... - The Drunken Moogle.url
    [2012/06/01 05:13:38 | 000,000,057 | ---- | C] () -- C:\Users\cloudsora\Desktop\Vizivius - Spera Damno.url
    [2012/05/31 21:17:03 | 000,000,047 | ---- | C] () -- C:\Users\cloudsora\Desktop\HDMI Cable, Home Theater Accessories, HDMI Products, Cables, Adapters, Video-Audio Switch, Networking, USB, Firewire, Printer Toner, and more!.url
    [2012/05/31 01:44:04 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
    [2012/05/31 01:42:34 | 000,292,728 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/05/28 05:40:25 | 000,000,063 | ---- | C] () -- C:\Users\cloudsora\Desktop\Download G905 rar.url
    [2012/05/28 01:08:08 | 1477,593,007 | ---- | C] () -- C:\Users\cloudsora\Game.of.Thrones.S02E09.1080i.HDTV.DD5.1.MPEG2-Fizo [PublicHD].ts
    [2012/05/26 04:00:05 | 000,000,117 | ---- | C] () -- C:\Users\cloudsora\Desktop\The Batcave — thedrunkenmoogle- Avatar Elemental Tribe Shot....url
    [2012/05/25 23:40:29 | 000,000,065 | ---- | C] () -- C:\Users\cloudsora\Desktop\DepositFiles.url
    [2012/05/25 04:24:26 | 000,000,046 | ---- | C] () -- C:\Users\cloudsora\Desktop\The Booru Project - the home of imageboards.url
    [2012/05/23 16:59:35 | 000,000,066 | ---- | C] () -- C:\Users\cloudsora\Desktop\Click to Loot - Diablo III Powergaming- Diablo III Combat Mechanics Compendium.url
    [2012/05/23 16:56:14 | 000,000,102 | ---- | C] () -- C:\Users\cloudsora\Desktop\Diablo- IncGamers – The Unofficial Diablo 3 Site News and Forums » It’s dangerous to go alone! ..or is it-.url
    [2012/05/22 13:29:38 | 000,624,633 | ---- | C] () -- C:\Users\cloudsora\Documents\DA3500OMG-Eng.pdf
    [2012/05/21 20:52:55 | 013,974,613 | ---- | C] () -- C:\Users\cloudsora\Tekkit_Server_2.1.1(1).zip
    [2012/05/20 21:08:51 | 000,000,169 | ---- | C] () -- C:\Users\cloudsora\Desktop\Amazon.com- ECOMGEAR(TM) Mini protoble Vacuum USB Case Cooler Cooling Fan Notebook Laptop- Electronics.url
    [2012/05/18 18:28:03 | 000,000,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\apexvjdesktop.lnk
    [2012/05/18 18:28:03 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\apexvjdesktop.lnk
    [2012/05/18 18:27:26 | 001,081,172 | ---- | C] () -- C:\Users\cloudsora\Documents\APEXvjDesktop.air
    [2012/05/05 13:36:25 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
    [2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/03/04 19:07:47 | 000,005,672 | ---- | C] () -- C:\Users\cloudsora\AppData\Local\Temp8.html
    [2012/03/04 19:07:15 | 000,001,955 | ---- | C] () -- C:\Users\cloudsora\AppData\Local\Temp1.html
    [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/01/08 14:15:20 | 000,003,584 | ---- | C] () -- C:\Users\cloudsora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/19 16:15:16 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011/12/15 00:41:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2011/12/11 14:22:55 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
    [2011/11/12 12:01:03 | 000,007,601 | ---- | C] () -- C:\Users\cloudsora\AppData\Local\Resmon.ResmonCfg
    [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/10/24 16:59:47 | 000,007,859 | ---- | C] () -- C:\Users\cloudsora\AppData\Roaming\pcouffin.cat
    [2011/10/24 16:59:47 | 000,001,167 | ---- | C] () -- C:\Users\cloudsora\AppData\Roaming\pcouffin.inf
    [2011/09/29 01:52:47 | 000,002,427 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2011/09/23 22:54:17 | 102,190,355 | ---- | C] () -- C:\Users\cloudsora\AppData\Roaming\.minecraft.rar
    [2011/09/18 09:04:27 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/18 07:02:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== LOP Check ==========

    [2012/04/27 08:55:22 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\.minecraft
    [2011/10/22 02:36:08 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\.minecraft_xray
    [2012/06/11 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\.techniclauncher
    [2012/01/30 10:26:53 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\acccore
    [2011/12/06 23:09:45 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Audacity
    [2012/03/04 13:50:30 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Bitdefender
    [2011/09/18 08:13:26 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\BitLord
    [2011/09/21 23:47:59 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Cobra Mobile
    [2012/05/18 18:28:04 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\com.apexvj.com
    [2011/10/19 02:46:11 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\DAEMON Tools Lite
    [2011/09/21 03:23:56 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\DAEMON Tools Pro
    [2012/05/28 05:20:22 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\FatalFightPC
    [2011/09/25 07:16:37 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\fltk.org
    [2011/11/24 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\gtk-2.0
    [2012/03/04 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\IrfanView
    [2011/12/23 21:35:34 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\LolClient
    [2012/05/23 22:35:26 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\LolClient2
    [2012/03/30 10:20:48 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\MinMaxGames
    [2012/05/05 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Mumble
    [2011/09/21 03:15:12 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\OpenCandy
    [2012/02/20 02:21:07 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\OpenOffice.org
    [2012/02/18 18:38:20 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Origin
    [2011/11/07 05:43:43 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Publish Providers
    [2011/12/05 17:45:26 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\PunkBuster
    [2011/09/18 08:13:19 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Python-Eggs
    [2012/01/27 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\QuickScan
    [2012/05/22 13:31:46 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Razer
    [2011/11/24 03:10:21 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Red Kawa
    [2012/05/28 05:12:57 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\RenPy
    [2012/04/09 15:35:49 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\SOFTPAL
    [2011/11/07 06:02:07 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Sony
    [2011/09/28 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\SplitMediaLabs
    [2011/09/25 07:21:19 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\The Creative Assembly
    [2011/09/23 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Thinstall
    [2012/01/25 21:37:44 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Tific
    [2012/04/16 18:45:03 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Ubisoft
    [2011/12/24 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Uniblue
    [2012/06/15 18:49:50 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\uTorrent
    [2012/04/01 12:44:21 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\Vso
    [2012/05/15 16:10:42 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\YourFileDownloader
    [2012/05/05 14:38:45 | 000,000,000 | ---D | M] -- C:\Users\cloudsora\AppData\Roaming\’O‰ºŒ“¬‹äŠy•”
    [2012/06/15 17:58:12 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
    [2012/06/05 20:44:49 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/06/15 17:53:16 | 000,175,454 | ---- | M] () -- C:\bdlog.txt
    [2012/06/15 18:01:43 | 000,000,262 | -H-- | M] () -- C:\bdr-conf
    [2011/05/25 17:50:20 | 000,217,769 | -H-- | M] () -- C:\bdrescue
    [2011/06/27 19:31:22 | 026,196,909 | -H-- | M] () -- C:\bdrescue.gz
    [2011/05/25 17:17:42 | 000,009,216 | -H-- | M] () -- C:\bdrescue.mbr
    [2011/06/10 10:48:12 | 002,510,608 | -H-- | M] () -- C:\bdrescue.vm
    [2012/06/15 16:06:45 | 000,019,488 | ---- | M] () -- C:\ComboFix.txt
    [2012/06/15 17:57:11 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/29 22:53:36 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
    [2012/06/15 17:57:17 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys
    [2012/06/13 11:32:57 | 000,000,361 | ---- | M] () -- C:\rkill.log
    [2012/06/06 15:24:02 | 000,004,714 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_06.06.2012_15.23.56_log.txt
    [2012/06/06 15:34:37 | 000,248,372 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_06.06.2012_15.33.22_log.txt
    [2012/06/06 18:45:20 | 000,127,886 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_06.06.2012_18.42.16_log.txt
    [2012/06/11 18:43:54 | 000,019,974 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_11.06.2012_18.43.44_log.txt
    [2012/06/11 18:46:19 | 000,126,280 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_11.06.2012_18.45.50_log.txt
    [2012/06/13 11:35:48 | 000,005,256 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_13.06.2012_11.28.24_log.txt
    [2011/12/27 17:45:22 | 000,002,496 | ---- | M] () -- C:\{6E2C50B0-31F5-4A00-B780-78C1C838BC5F}

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/09/19 14:41:24 | 000,000,256 | -HS- | M] () -- C:\Users\cloudsora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2012/04/23 20:38:50 | 000,052,736 | ---- | M] (Technic) -- C:\Users\cloudsora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/15 15:24:24 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\cloudsora\Desktop\ComboFix.exe
    [2012/06/15 18:40:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cloudsora\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/15 17:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/15 17:58:12 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
    [2012/06/01 15:24:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000Core.job
    [2012/06/15 17:24:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120677949-2524487292-1252143343-1000UA.job
    [2012/06/15 17:57:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/05 20:44:49 | 000,032,634 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 10:00:05 | 000,000,402 | -HS- | M] () -- C:\Users\cloudsora\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/06/15 17:54:14 | 000,128,690 | ---- | M] () -- C:\ProgramData\1339797183.bdinstall.bin
    [2012/06/15 17:56:20 | 000,013,059 | ---- | M] () -- C:\ProgramData\1339797298.bdinstall.bin
    [2012/06/15 18:02:02 | 000,159,162 | ---- | M] () -- C:\ProgramData\1339797578.bdinstall.bin

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    ========== Files - Unicode (All) ==========
    [2012/05/26 00:44:59 | 000,000,072 | ---- | M] ()(C:\Users\cloudsora\Desktop\[Full Game] Lilipalace -?????- - The Unofficial LineMarvel Forums.url) -- C:\Users\cloudsora\Desktop\[Full Game] Lilipalace -淫魔の巣窟- - The Unofficial LineMarvel Forums.url
    [2012/05/26 00:44:59 | 000,000,072 | ---- | C] ()(C:\Users\cloudsora\Desktop\[Full Game] Lilipalace -?????- - The Unofficial LineMarvel Forums.url) -- C:\Users\cloudsora\Desktop\[Full Game] Lilipalace -淫魔の巣窟- - The Unofficial LineMarvel Forums.url
    [2012/03/14 01:51:34 | 000,000,059 | ---- | M] ()(C:\Users\cloudsora\Desktop\FlowerTradeWind ?????????.url) -- C:\Users\cloudsora\Desktop\FlowerTradeWind のギャルゲー図書館.url
    [2012/03/14 01:51:34 | 000,000,059 | ---- | C] ()(C:\Users\cloudsora\Desktop\FlowerTradeWind ?????????.url) -- C:\Users\cloudsora\Desktop\FlowerTradeWind のギャルゲー図書館.url
    [2011/12/11 14:17:54 | 000,000,057 | ---- | M] ()(C:\Users\cloudsora\Desktop\[101026][creampot] ?????????!!.url) -- C:\Users\cloudsora\Desktop\[101026][creampot] アスカさんマジ天使!!.url
    [2011/12/11 14:17:54 | 000,000,057 | ---- | C] ()(C:\Users\cloudsora\Desktop\[101026][creampot] ?????????!!.url) -- C:\Users\cloudsora\Desktop\[101026][creampot] アスカさんマジ天使!!.url
    (C:\Users\cloudsora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\cloudsora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\エレクトリップ
    (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\妹いじめ

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:0C1EFF69
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
      O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
      O3 - HKU\S-1-5-21-4120677949-2524487292-1252143343-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      @Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:0C1EFF69
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =====================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...