Inactive [A] Google redirect virus mess!

Greckia · May 14, 2012

I have currently been infected with the google redirect virus which has been redirecting my search results to various bogus websites. Also, it has affected Microsoft Security Essentials to where I can't even open the program without it closing within 1 sec. I unistalled MSE and reinstalled to no avail. I have installed avast for the time being. Any help would be greatly appreciated. Thank you.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Garet :: GARET-PC [administrator]

Protection: Enabled

5/14/2012 3:19:59 AM
mbam-log-2012-05-14 (03-19-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271575
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-14 04:02:49
Windows 6.1.7601 Service Pack 1
Running: ih01qcf2.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0x3A 0x31 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x00 0x76 0xA5 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0xE7 0xA8 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0xFE 0xA7 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0x3A 0x31 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x00 0x76 0xA5 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0xE7 0xA8 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0xFE 0xA7 0x6F ...

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Garet at 4:18:37 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.1655 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\gigabyte\EnergySaver2\des2svr.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\gigabyte\smart6\dbios\SDBMSG.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\Garet\Desktop\ih01qcf2.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Garet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.garena.com/portal/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: FVDSearchHook Class: {6778613d-616b-4a6c-9856-65de943cf424} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [ESEA Client] C:\Program Files (x86)\ESEA\ESEA Client\eseaclient.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Google Update] "C:\Users\Garet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [DES2] C:\Program Files (x86)\gigabyte\EnergySaver2\des2.exe state
mRunOnce: [SDBOK] C:\Program Files (x86)\gigabyte\smart6\dbios\run.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll/IECONTEXT.DLL.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{21143A5E-4EE3-408A-809E-2F7CDCA50F4D} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{BD7575F6-F816-43B4-9C45-C444EA6035B6} : DhcpNameServer = 75.75.76.76 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BHO Class: {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll
BHO-X64: CStat - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [DES2] C:\Program Files (x86)\gigabyte\EnergySaver2\des2.exe state
mRunOnce-x64: [SDBOK] C:\Program Files (x86)\gigabyte\smart6\dbios\run.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Garet\AppData\Roaming\Mozilla\Firefox\Profiles\vw1h4t73.default\
FF - prefs.js: browser.search.selectedEngine - Google Custom Search
FF - prefs.js: browser.startup.homepage - www.woot.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Garet\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-14 44768]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-29 212232]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\gigabyte\EnergySaver2\des2svr.exe [2009-12-30 68136]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-10 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 2348352]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2009-12-30 102400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-2-3 134760]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 257696]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-15 1038088]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-12-30 30528]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-1-8 19544]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-05-14 07:27:03819032----a-w-C:\Windows\System32\drivers\aswSnx.sys
2012-05-14 07:27:0369976----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2012-05-14 07:27:0353080----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2012-05-14 07:26:4741184----a-w-C:\Windows\avastSS.scr
2012-05-14 07:26:38--------d-----w-C:\ProgramData\AVAST Software
2012-05-14 07:26:38--------d-----w-C:\Program Files\AVAST Software
2012-05-14 06:32:17--------d-----w-C:\Users\Garet\AppData\Local\{BEAD7583-4F72-4597-86A0-929483BCA095}
2012-05-14 06:31:55--------d-----w-C:\Users\Garet\AppData\Local\{64ED3285-F5AA-46A4-9387-BB72E3828DEB}
2012-05-14 06:23:35--------d-----w-C:\Users\Garet\AppData\Local\{854D49F4-25C1-439D-84DB-E80F77504BC4}
2012-05-14 06:23:14--------d-----w-C:\Users\Garet\AppData\Local\{1BEB2E48-F33B-461E-BAAC-9FFCECBD2229}
2012-05-14 06:21:08--------d-----w-C:\Users\Garet\AppData\Local\{60C17DBC-7247-46C2-9670-EB008B14DC90}
2012-05-14 06:20:46--------d-----w-C:\Users\Garet\AppData\Local\{E04F36D8-FC75-4424-9AF4-76F1BE1EC570}
2012-05-14 06:20:12419488----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-12 15:07:00--------d-----w-C:\Users\Garet\Diablo-III-8370-enUS-Installer
2012-05-11 18:12:34--------d-----w-C:\Users\Garet\AppData\Local\{101634E4-A32B-4E8F-8EAE-1DE9DAE44841}
2012-05-11 18:12:25--------d-----w-C:\Users\Garet\AppData\Local\{0ACB85C0-FA04-41ED-AD3E-C25C378E39FC}
2012-05-10 14:41:38--------d-----w-C:\Users\Garet\AppData\Roaming\Malwarebytes
2012-05-10 14:41:02--------d-----w-C:\ProgramData\Malwarebytes
2012-05-10 14:41:0124904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-05-10 14:41:01--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-10 14:38:26--------d-----w-C:\Users\Garet\AppData\Local\{441277C5-C8E7-4D93-A5EA-6246437AE1A1}
2012-05-10 14:38:15--------d-----w-C:\Users\Garet\AppData\Local\{8BE33FF7-54EE-4C16-B456-7F5F9316B35D}
2012-05-09 18:04:17--------d-----w-C:\Users\Garet\AppData\Local\{DE29F587-0E97-47BC-BEE8-9005232FA358}
2012-05-09 18:04:02--------d-----w-C:\Users\Garet\AppData\Local\{C6A01294-4357-455D-8B47-7D24A2803627}
2012-04-27 01:52:41--------d-----w-C:\Users\Garet\AppData\Local\PMB Files
2012-04-27 01:52:36--------d-----w-C:\ProgramData\PMB Files
2012-04-26 16:51:10--------d-----w-C:\Program Files (x86)\Diablo-III-8370-enUS-Installer
2012-04-22 21:37:35--------d-----w-C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2012-05-14 06:57:4825640----a-w-C:\Windows\gdrv.sys
2012-05-14 06:20:1270304----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-02 14:48:25147456--sha-r-C:\Windows\SysWow64\iaspolcy0.dll
2012-03-31 06:05:575559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:373968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:373913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:033146240----a-w-C:\Windows\System32\win32k.sys
2012-03-30 11:35:471918320----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:5775120----a-w-C:\Windows\System32\drivers\partmgr.sys
2012-03-08 22:50:2849016----a-w-C:\Windows\SysWow64\sirenacm.dll
2012-03-03 06:35:381544704----a-w-C:\Windows\System32\DWrite.dll
2012-03-03 05:31:191077248----a-w-C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:1623408----a-w-C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27220672----a-w-C:\Windows\System32\wintrust.dll
2012-03-01 06:33:5081408----a-w-C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:475120----a-w-C:\Windows\System32\wmi.dll
2012-03-01 05:37:41172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23159232----a-w-C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:165120----a-w-C:\Windows\SysWow64\wmi.dll
2012-02-28 06:39:371188864----a-w-C:\Windows\System32\wininet.dll
2012-02-28 05:38:52981504----a-w-C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:381638912----a-w-C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:271638912----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:261031680----a-w-C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22826880----a-w-C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:3223552----a-w-C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 16:09:441070352----a-w-C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-13 02:41:38829172253----a-w-C:\Program Files (x86)\AIKAOnline_20111209.exe
.
============= FINISH: 4:19:23.52 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2009 4:56:22 PM
System Uptime: 5/14/2012 2:57:04 AM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55M-UD2
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | Socket 1156 | 1173/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 344.178 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.5.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Aika Online: Epic II
AIM 7
Alien Swarm
ASIO4ALL
AutoUpdate
avast! Free Antivirus
Bandisoft MPEG-1 Decoder
BlueJ 3.0.2
Brawl Busters
Browser Configuration Utility
BufferChm
Collab
Connect
Copy
Counter-Strike
Counter-Strike: Global Offensive Beta
Counter-Strike: Source
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DES 2.0
Destinations
DeviceDiscovery
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Media Foundation Components
DivX Plus Web Player
DivX Version Checker
DJ_AIO_05_F4400_Software_Min
DragonNest
EVEREST Home Edition v2.20
F4400
FL Studio 8
FVD Suite 2.6.6
Garena
Gigabyte Raid Configurer
Google Chrome
GPBaseService2
H.264 Decoder
Half-Life 2: Deathmatch
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
IL Download Manager
Java Auto Updater
Java(TM) 6 Update 29
kuler
League of Legends
Malwarebytes Anti-Malware version 1.61.0.1400
MapleStory
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
MKV Splitter
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
Nexon Game Manager
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
OpenAL
Opera 11.61
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Pirates, Vikings, & Knights II
PoiZone
Quake Live Mozilla Plugin
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Runes of Magic
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Skype™ 5.8
Smart 6 B9.0722.3
SmartDraw 2012
SmartWebPrinting
SolutionCenter
SopCast 3.0.3
Status
Steam
Suite Shared Configuration CS4
The Elder Scrolls V: Skyrim
Toolbox
Toxic Biohazard
TrayApp
Tribler (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Vindictus
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
WinSCP 5.0.6 beta
World of Warcraft
Zero Gear Demo
.
==== Event Viewer Messages From Past Week ========
.
5/14/2012 4:03:45 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/14/2012 2:57:37 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
5/14/2012 2:36:58 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
5/14/2012 2:36:58 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
5/14/2012 2:28:04 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Broni · May 14, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

Since you installed Avast please uninstall MSE.

When done....

Download Bootkit Remover to your desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

======================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Greckia · May 14, 2012

I've already uninstalled MSE through Add/Remove Programs. I have no idea why it is still showing up in the log file.. is there anywhere else I should look to unistall it? Or should I just continue with your instructions?

Broni · May 14, 2012

Go on with my other instructions.

Greckia · May 14, 2012

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-14 20:42:27
-----------------------------
20:42:27.766 OS Version: Windows x64 6.1.7601 Service Pack 1
20:42:27.766 Number of processors: 4 586 0x1E05
20:42:27.767 ComputerName: GARET-PC UserName: Garet
20:42:28.655 Initialize success
20:42:28.731 AVAST engine defs: 12051401
20:42:36.169 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port4Path0Target1Lun0
20:42:36.172 Disk 0 Vendor: WDC 100. Size: 476940MB BusType: 8
20:42:36.206 Disk 0 MBR read successfully
20:42:36.209 Disk 0 MBR scan
20:42:36.213 Disk 0 Windows 7 default MBR code
20:42:36.227 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:42:36.253 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
20:42:36.275 Disk 0 scanning C:\Windows\system32\drivers
20:42:42.861 Service scanning
20:42:54.545 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:42:58.344 Modules scanning
20:42:58.356 Disk 0 trace - called modules:
20:42:58.397 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80036bb2c0]<<spyb.sys SCSIPORT.SYS hal.dll jraid.sys
20:42:58.728 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004811060]
20:42:58.732 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port4Path0Target1Lun0[0xfffffa8004593050]
20:42:58.735 \Driver\JRAID[0xfffffa8004573e70] -> IRP_MJ_CREATE -> 0xfffffa80036bb2c0
20:42:59.122 AVAST engine scan C:\Windows
20:43:01.002 AVAST engine scan C:\Windows\system32
20:45:11.102 AVAST engine scan C:\Windows\system32\drivers
20:45:19.591 AVAST engine scan C:\Users\Garet
20:52:53.333 AVAST engine scan C:\ProgramData
20:54:03.210 Scan finished successfully
21:02:40.792 Disk 0 MBR has been saved successfully to "C:\Users\Garet\Desktop\MBR.dat"
21:02:40.797 The log file has been saved successfully to "C:\Users\Garet\Desktop\aswMBR.txt"

Broni · May 14, 2012

That looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Greckia · May 14, 2012

Do I still continue if combofix says that MSE is installed and running even though I uninstalled it?

Broni · May 14, 2012

Greckia · May 14, 2012

Here is the combofix log! Thanks a lot for your help thus far.

ComboFix 12-05-14.03 - Garet 05/14/2012 21:27:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2545 [GMT -4:00]
Running from: c:\users\Garet\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\AIKAOnline_20111209.exe
c:\users\Garet\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3F6CEEC7-0CEC-4F91-B303-7635248C2D43}.xps
c:\users\Garet\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EA3D3C96-12C7-4786-83DB-7650372D93BA}.xps
c:\users\Garet\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F40EB15D-4BA1-4033-AB84-5CC6EA608FC4}.xps
c:\users\Garet\Documents\~WRL1190.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-14 16:46 . 2012-05-14 19:21--------d-----w-c:\program files (x86)\Diablo III
2012-05-14 07:27 . 2012-03-06 23:04337240----a-w-c:\windows\system32\drivers\aswSP.sys
2012-05-14 07:27 . 2012-03-06 23:0124408----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-05-14 07:27 . 2012-03-06 23:15258520----a-w-c:\windows\system32\aswBoot.exe
2012-05-14 07:27 . 2012-03-06 23:04819032----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-05-14 07:27 . 2012-03-06 23:0253080----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-05-14 07:27 . 2012-03-06 23:0159224----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-05-14 07:27 . 2012-03-06 23:0169976----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-05-14 07:26 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
2012-05-14 07:26 . 2012-03-06 23:15201352----a-w-c:\windows\SysWow64\aswBoot.exe
2012-05-14 07:26 . 2012-05-14 07:26--------d-----w-c:\programdata\AVAST Software
2012-05-14 07:26 . 2012-05-14 07:26--------d-----w-c:\program files\AVAST Software
2012-05-14 06:20 . 2012-05-14 06:20419488----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-12 15:07 . 2012-05-12 15:07--------d-----w-c:\users\Garet\Diablo-III-8370-enUS-Installer
2012-05-10 14:41 . 2012-05-10 14:41--------d-----w-c:\users\Garet\AppData\Roaming\Malwarebytes
2012-05-10 14:41 . 2012-05-10 14:41--------d-----w-c:\programdata\Malwarebytes
2012-05-10 14:41 . 2012-05-10 14:41--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-10 14:41 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-27 01:52 . 2012-05-02 18:58--------d-----w-c:\users\Garet\AppData\Local\PMB Files
2012-04-27 01:52 . 2012-04-27 01:53--------d-----w-c:\programdata\PMB Files
2012-04-26 16:51 . 2012-04-27 01:58--------d-----w-c:\program files (x86)\Diablo-III-8370-enUS-Installer
2012-04-22 21:37 . 2012-04-22 21:37--------d-----w-c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 01:37 . 2009-12-31 00:1525640----a-w-c:\windows\gdrv.sys
2012-05-14 06:20 . 2011-05-27 19:3370304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 22:50 . 2012-03-08 22:5049016----a-w-c:\windows\SysWow64\sirenacm.dll
2012-03-01 06:46 . 2012-04-12 07:0023408----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 07:00220672----a-w-c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 07:0081408----a-w-c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 07:005120----a-w-c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 07:00172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:00159232----a-w-c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:005120----a-w-c:\windows\SysWow64\wmi.dll
2012-02-28 06:39 . 2012-04-11 07:571188864----a-w-c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-11 07:57981504----a-w-c:\windows\SysWow64\wininet.dll
2012-02-28 04:31 . 2012-04-11 07:571638912----a-w-c:\windows\system32\mshtml.tlb
2012-02-28 03:52 . 2012-04-11 07:571638912----a-w-c:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38 . 2012-03-14 09:171031680----a-w-c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 09:17826880----a-w-c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 09:17210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 09:1723552----a-w-c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6778613D-616B-4A6C-9856-65DE943CF424}"= "c:\program files (x86)\FVD Suite\addons\IE\FVDToolbar.dll" [2011-04-18 485376]
.
[HKEY_CLASSES_ROOT\clsid\{6778613d-616b-4a6c-9856-65de943cf424}]
[HKEY_CLASSES_ROOT\FVDToolbar.FVDSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{2B171655-A69C-5c18-B693-6CB5DC269D40}]
[HKEY_CLASSES_ROOT\FVDToolbar.FVDSearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-02-29 1242448]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 570600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DES2"="c:\program files (x86)\gigabyte\EnergySaver2\des2.exe" [2009-07-20 125480]
"SDBOK"="c:\program files (x86)\gigabyte\smart6\dbios\run.exe" [2009-07-06 207400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 257696]
R3 ALSysIO;ALSysIO;c:\users\Garet\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\RYL Warfare\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-15 1038088]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2009-12-31 30528]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005;c:\users\Garet\AppData\Local\Temp\005B0D.tmp [x]
R3 X6va006;X6va006;c:\users\Garet\AppData\Local\Temp\006F050.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-23 212232]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\gigabyte\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-07-13 102400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 06:20]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454221588-1873939912-3221837452-1001Core.job
- c:\users\Garet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 17:35]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454221588-1873939912-3221837452-1001UA.job
- c:\users\Garet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 17:35]
.
2012-05-15 c:\windows\Tasks\PRHJDP.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-15 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-04-02 18:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15135408----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.garena.com/portal/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search - c:\program files (x86)\FVD Suite\addons\IE\FVDToolbar.dll/IECONTEXT.DLL.HTM
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Garet\AppData\Roaming\Mozilla\Firefox\Profiles\vw1h4t73.default\
FF - prefs.js: browser.search.selectedEngine - Google Custom Search
FF - prefs.js: browser.startup.homepage - www.woot.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-ESEA Client - c:\program files (x86)\ESEA\ESEA Client\eseaclient.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Garet\AppData\Local\Temp\005B0D.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Garet\AppData\Local\Temp\006F050.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\gigabyte\smart6\dbios\SDBMSG.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-05-14 21:43:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 01:43
.
Pre-Run: 361,157,623,808 bytes free
Post-Run: 363,009,245,184 bytes free
.
- - End Of File - - 5BB6C0A8E907920353C2A39D573CE5FB

Broni · May 14, 2012

How is redirection?

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

SecCenter::
{108DAC43-C256-20B7-BB05-914135DA5160}
{ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Greckia · May 14, 2012

I've just tried a few searches and clicked on multiple links for each search, no redirects at all. Seems like everything is in working order thus far. Doing your next instruction now. Thank you so much Broni! Your help is immeasurable and I appreciate all you've done!

Broni · May 14, 2012

You're very welcome

Greckia · May 14, 2012

Here's the new combofix log!
ComboFix 12-05-14.03 - Garet 05/14/2012 22:24:36.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2574 [GMT -4:00]
Running from: c:\users\Garet\Desktop\ComboFix.exe
Command switches used :: c:\users\Garet\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 02:32 . 2012-05-15 02:32--------d-----w-c:\users\USER\AppData\Local\temp
2012-05-15 02:32 . 2012-05-15 02:32--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-05-15 02:32 . 2012-05-15 02:32--------d-----w-c:\users\UpdatusUser.Garet-PC\AppData\Local\temp
2012-05-15 02:32 . 2012-05-15 02:32--------d-----w-c:\users\Guest\AppData\Local\temp
2012-05-15 02:32 . 2012-05-15 02:32--------d-----w-c:\users\Default\AppData\Local\temp
2012-05-14 16:46 . 2012-05-14 19:21--------d-----w-c:\program files (x86)\Diablo III
2012-05-14 07:27 . 2012-03-06 23:04337240----a-w-c:\windows\system32\drivers\aswSP.sys
2012-05-14 07:27 . 2012-03-06 23:0124408----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-05-14 07:27 . 2012-03-06 23:15258520----a-w-c:\windows\system32\aswBoot.exe
2012-05-14 07:27 . 2012-03-06 23:04819032----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-05-14 07:27 . 2012-03-06 23:0253080----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-05-14 07:27 . 2012-03-06 23:0159224----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-05-14 07:27 . 2012-03-06 23:0169976----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-05-14 07:26 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
2012-05-14 07:26 . 2012-03-06 23:15201352----a-w-c:\windows\SysWow64\aswBoot.exe
2012-05-14 07:26 . 2012-05-14 07:26--------d-----w-c:\programdata\AVAST Software
2012-05-14 07:26 . 2012-05-14 07:26--------d-----w-c:\program files\AVAST Software
2012-05-14 06:20 . 2012-05-14 06:20419488----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-12 15:07 . 2012-05-12 15:07--------d-----w-c:\users\Garet\Diablo-III-8370-enUS-Installer
2012-05-10 14:41 . 2012-05-10 14:41--------d-----w-c:\users\Garet\AppData\Roaming\Malwarebytes
2012-05-10 14:41 . 2012-05-10 14:41--------d-----w-c:\programdata\Malwarebytes
2012-05-10 14:41 . 2012-05-10 14:41--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-10 14:41 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-27 01:52 . 2012-05-02 18:58--------d-----w-c:\users\Garet\AppData\Local\PMB Files
2012-04-27 01:52 . 2012-04-27 01:53--------d-----w-c:\programdata\PMB Files
2012-04-26 16:51 . 2012-04-27 01:58--------d-----w-c:\program files (x86)\Diablo-III-8370-enUS-Installer
2012-04-22 21:37 . 2012-04-22 21:37--------d-----w-c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 02:34 . 2009-12-31 00:1525640----a-w-c:\windows\gdrv.sys
2012-05-14 06:20 . 2011-05-27 19:3370304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 22:50 . 2012-03-08 22:5049016----a-w-c:\windows\SysWow64\sirenacm.dll
2012-03-01 06:46 . 2012-04-12 07:0023408----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 07:00220672----a-w-c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 07:0081408----a-w-c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 07:005120----a-w-c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 07:00172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:00159232----a-w-c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:005120----a-w-c:\windows\SysWow64\wmi.dll
2012-02-28 06:39 . 2012-04-11 07:571188864----a-w-c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-11 07:57981504----a-w-c:\windows\SysWow64\wininet.dll
2012-02-28 04:31 . 2012-04-11 07:571638912----a-w-c:\windows\system32\mshtml.tlb
2012-02-28 03:52 . 2012-04-11 07:571638912----a-w-c:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38 . 2012-03-14 09:171031680----a-w-c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 09:17826880----a-w-c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 09:17210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 09:1723552----a-w-c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-15_01.37.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-07 17:53 . 2012-05-15 02:3546182 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-15 02:3535346 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-30 22:37 . 2012-05-15 02:3512462 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-454221588-1873939912-3221837452-1001_UserData.bin
+ 2009-12-30 21:53 . 2012-05-15 01:4116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-30 21:53 . 2012-05-14 17:0316384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-30 21:53 . 2012-05-15 01:4132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-30 21:53 . 2012-05-14 17:0332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 01:4116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-14 17:0316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-30 22:16 . 2012-05-15 02:3516384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-30 22:16 . 2012-05-15 01:3816384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-30 22:16 . 2012-05-15 01:3832768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-30 22:16 . 2012-05-15 02:3532768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-30 22:16 . 2012-05-15 01:3816384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-30 22:16 . 2012-05-15 02:3516384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-30 22:07 . 2012-05-15 01:3816384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-30 22:07 . 2012-05-15 02:3516384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-30 22:07 . 2012-05-15 02:3516384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-30 22:07 . 2012-05-15 01:3816384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-15 02:33 . 2012-05-15 02:332048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-15 01:37 . 2012-05-15 01:372048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-15 02:33 . 2012-05-15 02:332048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-15 01:37 . 2012-05-15 01:372048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-14 08:21671952 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-15 01:44671952 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-15 01:44126078 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-14 08:21126078 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-15 01:35458288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-15 02:32458288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-01-08 19:19 . 2012-05-15 02:3229968278 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-454221588-1873939912-3221837452-1001-12288.dat
- 2010-01-08 19:19 . 2012-05-15 01:3529968278 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-454221588-1873939912-3221837452-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6778613D-616B-4A6C-9856-65DE943CF424}"= "c:\program files (x86)\FVD Suite\addons\IE\FVDToolbar.dll" [2011-04-18 485376]
.
[HKEY_CLASSES_ROOT\clsid\{6778613d-616b-4a6c-9856-65de943cf424}]
[HKEY_CLASSES_ROOT\FVDToolbar.FVDSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{2B171655-A69C-5c18-B693-6CB5DC269D40}]
[HKEY_CLASSES_ROOT\FVDToolbar.FVDSearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-02-29 1242448]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 570600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DES2"="c:\program files (x86)\gigabyte\EnergySaver2\des2.exe" [2009-07-20 125480]
"SDBOK"="c:\program files (x86)\gigabyte\smart6\dbios\run.exe" [2009-07-06 207400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 257696]
R3 ALSysIO;ALSysIO;c:\users\Garet\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\RYL Warfare\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-15 1038088]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2009-12-31 30528]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005;c:\users\Garet\AppData\Local\Temp\005B0D.tmp [x]
R3 X6va006;X6va006;c:\users\Garet\AppData\Local\Temp\006F050.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-23 212232]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\gigabyte\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-07-13 102400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 06:20]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454221588-1873939912-3221837452-1001Core.job
- c:\users\Garet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 17:35]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454221588-1873939912-3221837452-1001UA.job
- c:\users\Garet\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 17:35]
.
2012-05-15 c:\windows\Tasks\PRHJDP.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-15 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-04-02 18:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15135408----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.garena.com/portal/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search - c:\program files (x86)\FVD Suite\addons\IE\FVDToolbar.dll/IECONTEXT.DLL.HTM
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Garet\AppData\Roaming\Mozilla\Firefox\Profiles\vw1h4t73.default\
FF - prefs.js: browser.search.selectedEngine - Google Custom Search
FF - prefs.js: browser.startup.homepage - www.woot.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Garet\AppData\Local\Temp\005B0D.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Garet\AppData\Local\Temp\006F050.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\gigabyte\smart6\dbios\SDBMSG.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-05-14 22:40:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 02:40
ComboFix2.txt 2012-05-15 01:43
.
Pre-Run: 363,070,418,944 bytes free
Post-Run: 363,019,681,792 bytes free
.
- - End Of File - - 3569F4FBD83E2C9801CAF26AE3DF1187

Broni · May 14, 2012

Well done

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Greckia · May 14, 2012

OTL logfile created on: 5/14/2012 10:45:59 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Garet\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.89% Memory free
7.99 Gb Paging File | 6.38 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 338.15 Gb Free Space | 72.62% Space Free | Partition Type: NTFS
Drive D: | 3.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 29.83 Gb Total Space | 8.42 Gb Free Space | 28.23% Space Free | Partition Type: FAT32

Computer Name: GARET-PC | User Name: Garet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 22:43:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Garet\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/28 23:03:06 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/02/10 00:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/13 14:16:38 | 000,102,400 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\gigabyte\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/07/10 23:34:16 | 000,999,424 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\gigabyte\smart6\timelock\AlarmClock.exe
PRC - [2009/07/08 14:55:24 | 000,028,200 | ---- | M] () -- C:\Program Files (x86)\gigabyte\smart6\dbios\SDBMSG.exe
PRC - [2009/06/22 23:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/06/17 17:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\gigabyte\EnergySaver2\des2svr.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/10 03:27:59 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/10 03:27:51 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/10 03:27:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:27:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 13:57:10 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/05/09 13:57:04 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/05/09 13:57:04 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/05/09 13:57:04 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/05/09 13:57:04 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2009/07/08 14:55:24 | 000,028,200 | ---- | M] () -- C:\Program Files (x86)\gigabyte\smart6\dbios\SDBMSG.exe
MOD - [2009/06/10 17:28:56 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\gigabyte\smart6\dbios\DBIOS.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/02/03 06:40:50 | 000,094,440 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/01/15 00:00:48 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV - [2012/05/14 02:20:12 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 00:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/20 22:45:11 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 13:24:10 | 003,469,308 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/01/15 00:00:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 14:16:38 | 000,102,400 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\gigabyte\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/22 23:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/17 17:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\gigabyte\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/16 14:55:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2010/02/03 06:40:44 | 000,134,760 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/01/01 22:13:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/28 03:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/17 11:32:04 | 000,109,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 06:10:10 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012/05/14 22:34:10 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/12/30 20:17:53 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2004/12/28 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3A1405E9-6900-4da2-A6FF-859098571985}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3A1405E9-6900-4da2-A6FF-859098571985}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKLM\..\SearchScopes\{764B0EA0-5AAA-46d0-95AF-7842AE6B9CAE}: "URL" = http://www.google.com/custom?q={sea...00FF;T:000000;GFNT:0000FF;GIMP:0000FF;FORID:1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 02 09 C2 A1 90 CA 01 [binary data]
IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\..\URLSearchHook: {6778613D-616B-4A6C-9856-65DE943CF424} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-454221588-1873939912-3221837452-1008\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Custom Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.woot.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.1.14
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: wikilook@testpilot:2.6.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Garet\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Garet\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/24 20:17:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files (x86)\FVD Suite\addons\Firefox [2011/08/15 12:40:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/14 03:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/29 03:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/16 23:12:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/29 03:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/16 23:12:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/24 20:17:37 | 000,000,000 | ---D | M]

[2009/12/30 18:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Garet\AppData\Roaming\Mozilla\Extensions
[2012/05/12 05:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Garet\AppData\Roaming\Mozilla\Firefox\Profiles\vw1h4t73.default\extensions
[2012/05/12 05:35:11 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Garet\AppData\Roaming\Mozilla\Firefox\Profiles\vw1h4t73.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/01/29 01:55:31 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Garet\AppData\Roaming\Mozilla\Firefox\Profiles\vw1h4t73.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010/11/15 20:10:06 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\Garet\AppData\Roaming\Mozilla\Firefox\Profiles\vw1h4t73.default\extensions\gamebox@toolbar
[2011/03/13 10:59:10 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Garet\AppData\Roaming\Mozilla\Firefox\Profiles\vw1h4t73.default\extensions\personas@christopher.beard
[2012/04/11 23:59:05 | 000,001,687 | ---- | M] () -- C:\Users\Garet\AppData\Roaming\Mozilla\Firefox\Profiles\vw1h4t73.default\searchplugins\nutritiondata.xml
[2012/02/29 03:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/11 01:27:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/06/09 15:47:16 | 000,058,343 | ---- | M] () (No name found) -- C:\USERS\GARET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VW1H4T73.DEFAULT\EXTENSIONS\{446C03E0-2C35-11DB-A98B-0800200C9A66}.XPI
[2011/08/15 12:46:40 | 000,431,362 | ---- | M] () (No name found) -- C:\USERS\GARET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VW1H4T73.DEFAULT\EXTENSIONS\{B2CEA309-6B58-4B8C-9D0D-6E65D88F6603}.XPI
[2012/02/29 03:46:51 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\GARET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VW1H4T73.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 17:21:13 | 000,169,939 | ---- | M] () (No name found) -- C:\USERS\GARET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VW1H4T73.DEFAULT\EXTENSIONS\WIKILOOK@TESTPILOT.XPI
[2012/02/29 03:46:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 12:42:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/29 03:46:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google Video Custom Search (Enabled)
CHR - default_search_provider: search_url = http://start.flashvideodownloader.o...2176467115:h6z8ss-efx2&cof=FORID:10&sa=Search
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Garet\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Garet\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Garet\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Garet\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Garet\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Garet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: avast! WebRep = C:\Users\Garet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Garet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\

O1 HOSTS File: ([2012/05/14 22:34:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (BHO Class) - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll (DeviceVM, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-454221588-1873939912-3221837452-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-454221588-1873939912-3221837452-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-454221588-1873939912-3221837452-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-454221588-1873939912-3221837452-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DES2] C:\Program Files (x86)\gigabyte\EnergySaver2\des2.exe ()
O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files (x86)\gigabyte\smart6\dbios\Run.exe ()
O4 - HKU\S-1-5-21-454221588-1873939912-3221837452-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-454221588-1873939912-3221837452-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-454221588-1873939912-3221837452-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Search - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Search - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21143A5E-4EE3-408A-809E-2F7CDCA50F4D}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD7575F6-F816-43B4-9C45-C444EA6035B6}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 22:43:50 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Garet\Desktop\OTL.exe
[2012/05/14 22:40:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/14 22:34:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/14 21:26:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/14 21:26:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/14 21:26:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/14 21:25:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/14 21:08:15 | 004,492,858 | R--- | C] (Swearware) -- C:\Users\Garet\Desktop\ComboFix.exe
[2012/05/14 20:41:04 | 000,000,000 | ---D | C] -- C:\Users\Garet\Desktop\bootkit_remover
[2012/05/14 20:33:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Garet\Desktop\aswMBR.exe
[2012/05/14 12:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/14 12:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/14 03:27:04 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/05/14 03:27:04 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/05/14 03:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/14 03:27:03 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/05/14 03:27:03 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/05/14 03:27:03 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/05/14 03:27:03 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/05/14 03:27:03 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/05/14 03:26:47 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/05/14 03:26:46 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/05/14 03:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/14 03:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/14 02:32:17 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{BEAD7583-4F72-4597-86A0-929483BCA095}
[2012/05/14 02:31:55 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{64ED3285-F5AA-46A4-9387-BB72E3828DEB}
[2012/05/14 02:27:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/14 02:23:35 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{854D49F4-25C1-439D-84DB-E80F77504BC4}
[2012/05/14 02:23:14 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{1BEB2E48-F33B-461E-BAAC-9FFCECBD2229}
[2012/05/14 02:21:08 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{60C17DBC-7247-46C2-9670-EB008B14DC90}
[2012/05/14 02:20:46 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{E04F36D8-FC75-4424-9AF4-76F1BE1EC570}
[2012/05/12 11:07:00 | 000,000,000 | ---D | C] -- C:\Users\Garet\Diablo-III-8370-enUS-Installer
[2012/05/11 14:12:34 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{101634E4-A32B-4E8F-8EAE-1DE9DAE44841}
[2012/05/11 14:12:25 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{0ACB85C0-FA04-41ED-AD3E-C25C378E39FC}
[2012/05/10 10:41:38 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Roaming\Malwarebytes
[2012/05/10 10:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/10 10:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/10 10:41:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/10 10:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/10 10:38:26 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{441277C5-C8E7-4D93-A5EA-6246437AE1A1}
[2012/05/10 10:38:15 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{8BE33FF7-54EE-4C16-B456-7F5F9316B35D}
[2012/05/09 14:04:17 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{DE29F587-0E97-47BC-BEE8-9005232FA358}
[2012/05/09 14:04:02 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\{C6A01294-4357-455D-8B47-7D24A2803627}
[2012/05/06 23:51:36 | 000,000,000 | ---D | C] -- C:\Users\Garet\Desktop\Financial Documents
[2012/04/26 21:52:41 | 000,000,000 | ---D | C] -- C:\Users\Garet\AppData\Local\PMB Files
[2012/04/26 21:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/04/26 12:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo-III-8370-enUS-Installer
[2012/04/22 19:47:04 | 000,000,000 | ---D | C] -- C:\Users\Garet\Documents\Diablo III
[2012/04/22 17:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/04/22 17:32:50 | 046,104,904 | ---- | C] (Blizzard Entertainment) -- C:\Users\Garet\Documents\Diablo-III-Beta-enUS-Setup.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/14 22:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454221588-1873939912-3221837452-1001UA.job
[2012/05/14 22:43:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Garet\Desktop\OTL.exe
[2012/05/14 22:43:15 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 22:43:15 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 22:34:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/14 22:34:03 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2012/05/14 22:33:44 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\PRHJDP.job
[2012/05/14 22:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 22:33:29 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 22:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/14 21:44:00 | 000,796,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/14 21:44:00 | 000,671,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/14 21:44:00 | 000,126,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/14 21:08:19 | 004,492,858 | R--- | M] (Swearware) -- C:\Users\Garet\Desktop\ComboFix.exe
[2012/05/14 21:02:40 | 000,000,512 | ---- | M] () -- C:\Users\Garet\Desktop\MBR.dat
[2012/05/14 20:33:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Garet\Desktop\aswMBR.exe
[2012/05/14 20:33:28 | 000,044,607 | ---- | M] () -- C:\Users\Garet\Desktop\bootkit_remover.zip
[2012/05/14 15:46:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454221588-1873939912-3221837452-1001Core.job
[2012/05/14 13:03:27 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/14 03:37:27 | 000,302,592 | ---- | M] () -- C:\Users\Garet\Desktop\ih01qcf2.exe
[2012/05/14 03:27:04 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/14 03:27:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/05/14 03:22:21 | 074,761,776 | ---- | M] () -- C:\Users\Garet\Desktop\setup_av_free.exe
[2012/05/14 02:36:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/14 02:21:36 | 000,813,776 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/10 11:18:15 | 000,000,017 | ---- | M] () -- C:\Users\Garet\AppData\Local\resmon.resmoncfg
[2012/05/10 10:41:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 03:26:20 | 003,020,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/09 23:02:13 | 285,451,278 | ---- | M] () -- C:\Users\Garet\Desktop\RYL SCREENSHOTS.zip
[2012/05/09 16:30:25 | 000,104,575 | ---- | M] () -- C:\Users\Garet\Documents\CyberPower PC Invoice.pdf
[2012/05/01 16:46:54 | 000,002,397 | ---- | M] () -- C:\Users\Garet\Desktop\Google Chrome.lnk
[2012/04/26 22:18:16 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\DragonNest.url
[2012/04/22 17:33:23 | 046,104,904 | ---- | M] (Blizzard Entertainment) -- C:\Users\Garet\Documents\Diablo-III-Beta-enUS-Setup.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/14 21:26:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/14 21:26:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/14 21:26:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/14 21:26:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/14 21:26:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/14 21:02:40 | 000,000,512 | ---- | C] () -- C:\Users\Garet\Desktop\MBR.dat
[2012/05/14 20:33:31 | 000,044,607 | ---- | C] () -- C:\Users\Garet\Desktop\bootkit_remover.zip
[2012/05/14 12:46:42 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/14 03:37:32 | 000,302,592 | ---- | C] () -- C:\Users\Garet\Desktop\ih01qcf2.exe
[2012/05/14 03:27:04 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/14 03:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/05/14 03:18:58 | 074,761,776 | ---- | C] () -- C:\Users\Garet\Desktop\setup_av_free.exe
[2012/05/14 02:20:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/10 11:18:15 | 000,000,017 | ---- | C] () -- C:\Users\Garet\AppData\Local\resmon.resmoncfg
[2012/05/10 10:41:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/09 23:00:27 | 285,451,278 | ---- | C] () -- C:\Users\Garet\Desktop\RYL SCREENSHOTS.zip
[2012/05/09 16:30:25 | 000,104,575 | ---- | C] () -- C:\Users\Garet\Documents\CyberPower PC Invoice.pdf
[2012/04/26 22:18:16 | 000,000,175 | ---- | C] () -- C:\Users\Public\Desktop\DragonNest.url
[2012/04/02 10:48:25 | 000,147,456 | RHS- | C] () -- C:\Windows\SysWow64\iaspolcy0.dll
[2012/03/15 20:03:31 | 000,000,600 | ---- | C] () -- C:\Users\Garet\AppData\Roaming\winscp.rnd
[2012/02/16 23:33:17 | 000,000,237 | ---- | C] () -- C:\Windows\SysWow64\msexcr.ini
[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/05 00:15:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/24 20:14:38 | 000,171,900 | ---- | C] () -- C:\Windows\hpoins37.dat
[2011/04/24 20:14:38 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2011/04/13 19:50:27 | 000,147,937 | ---- | C] () -- C:\Windows\hpoins37.dat.temp
[2011/04/13 19:50:27 | 000,000,504 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2010/07/20 22:15:32 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

Greckia · May 14, 2012

========== LOP Check ==========

[2011/05/18 11:43:02 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\.minecraft
[2012/03/11 20:10:19 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\.Tribler
[2010/01/01 18:39:57 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\acccore
[2012/02/26 18:10:27 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\Babylon
[2010/04/22 19:28:45 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\Braid
[2010/01/15 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/05 16:57:05 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\DAEMON Tools Lite
[2011/08/15 12:40:23 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\FVDToolbar
[2010/07/07 10:52:34 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\Leadertech
[2011/04/09 00:29:33 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\LolClient
[2010/07/20 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\Mumble
[2012/02/07 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\Opera
[2012/02/01 20:46:02 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\PC Remote
[2010/08/31 02:52:52 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\SecondLife
[2012/04/02 13:13:10 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\SmartDraw
[2012/03/10 17:26:03 | 000,000,000 | ---D | M] -- C:\Users\Garet\AppData\Roaming\uTorrent
[2010/06/09 03:20:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Rainmeter
[2012/05/14 22:33:44 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\PRHJDP.job
[2012/03/12 22:20:13 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/14 22:34:03 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/05/14 22:40:16 | 000,023,311 | ---- | M] () -- C:\ComboFix.txt
[2009/10/29 08:47:07 | 000,000,197 | ---- | M] () -- C:\csb.log
[2010/01/16 19:01:56 | 000,000,084 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/05/14 22:33:29 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009/10/29 08:46:21 | 000,000,193 | ---- | M] () -- C:\Install.log
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/04/07 01:47:56 | 000,000,706 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/05/14 22:33:32 | 4290,240,512 | -HS- | M] () -- C:\pagefile.sys
[2009/10/29 08:44:19 | 000,001,944 | ---- | M] () -- C:\RHDSetup.log
[2012/05/10 11:24:29 | 000,126,180 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_10.05.2012_11.23.10_log.txt
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/03/19 19:55:52 | 002,073,703 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.CAB
[2010/03/19 19:58:20 | 000,551,424 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2011/03/15 17:06:18 | 000,004,298 | ---- | M] () -- C:\Program Files (x86)\uninstal.log

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/30 18:04:57 | 000,000,221 | -HS- | M] () -- C:\Users\Garet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/05/14 20:33:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Garet\Desktop\aswMBR.exe
[2012/05/14 21:08:19 | 004,492,858 | R--- | M] (Swearware) -- C:\Users\Garet\Desktop\ComboFix.exe
[2012/05/14 03:37:27 | 000,302,592 | ---- | M] () -- C:\Users\Garet\Desktop\ih01qcf2.exe
[2012/02/16 22:46:29 | 000,347,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Garet\Desktop\MicrosoftFixit.Wp7zune.Run.exe
[2011/03/19 14:26:57 | 000,270,142 | ---- | M] () -- C:\Users\Garet\Desktop\Minecraft.exe
[2012/05/14 22:43:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Garet\Desktop\OTL.exe
[2012/05/14 03:22:21 | 074,761,776 | ---- | M] () -- C:\Users\Garet\Desktop\setup_av_free.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/05/14 22:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/14 15:46:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454221588-1873939912-3221837452-1001Core.job
[2012/05/14 22:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454221588-1873939912-3221837452-1001UA.job
[2012/05/14 22:33:44 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\PRHJDP.job
[2012/05/14 22:33:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/12 22:20:13 | 000,032,590 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/05/14 22:34:03 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/02/21 22:24:56 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/02/21 22:24:57 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/10/18 01:05:52 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/10/18 01:05:52 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/02/21 22:24:57 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/15 19:36:10 | 000,000,402 | -HS- | M] () -- C:\Users\Garet\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/02/16 23:11:54 | 000,012,791 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2010/04/13 18:29:09 | 000,824,128 | ---- | M] (tzuk) -- C:\Windows\Installer\SandboxieInstall64.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Greckia · May 14, 2012

OTL Extras logfile created on: 5/14/2012 10:45:59 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Garet\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.89% Memory free
7.99 Gb Paging File | 6.38 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 338.15 Gb Free Space | 72.62% Space Free | Partition Type: NTFS
Drive D: | 3.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 29.83 Gb Total Space | 8.42 Gb Free Space | 28.23% Space Free | Partition Type: FAT32

Computer Name: GARET-PC | User Name: Garet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-454221588-1873939912-3221837452-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A3FDD3E-5FBE-4686-94CB-0093379EF0CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0CEF92E3-5C4F-409F-9126-73307A6F80E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0E5394AB-9CDE-4D56-9701-EB99E9952298}" = rport=5353 | protocol=17 | dir=out | name=bonjour printer port |
"{1025A200-D0DD-4622-8B30-8E09C23E2F7A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1216C806-F6BE-4FF2-87E8-EE331B830B3E}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{15349040-CEC9-44EE-A738-23A8127D00D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{162E9782-E086-4D02-9056-443E0481278B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B3C3378-369A-4459-A66B-3D18AC5F8BF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1DB4DC3D-B412-495F-B1AD-A7005A9B17D9}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{1FB2F086-B2CC-4B32-BF34-A9D16BCF7F3B}" = rport=139 | protocol=6 | dir=out | app=system |
"{2725922E-B402-45C6-A55E-550D55C3201D}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{2BE7851A-22A6-4324-A9B8-8438E069B0DD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2CC50AFE-8A31-46B9-9537-D5860CD87079}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DCC75E8-58A7-4A7F-986A-8C65C6DD217F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E7F4389-74ED-4B02-9E66-5DA028C84BA1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{38BF8A10-F2AD-4B1F-A817-CFF0390A01C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E572B9C-8E90-4E30-A668-B52166121F3D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{4BF75696-1031-4026-A90C-309A861ED8EA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5CDA0232-F5AC-4E59-A35D-09F9EFAD334D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5D8CEA99-A481-499F-BEE1-26A3BDCA3424}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{60E2397E-ED86-49D9-B3EB-689AE0E37DDD}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{6235E49F-F1B3-4EA4-AF0A-6DB2159D07FC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67B261AB-1583-4DFA-A373-AFDFD486241D}" = lport=137 | protocol=17 | dir=in | app=system |
"{6881C54B-B4B5-4D9B-90C4-6C408C7C355D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6F299B3D-3AA2-430E-BEA3-5220E1C4E686}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{7F71BACF-C268-4A11-9779-F227712D6B9A}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{80332B6E-14B8-4C85-ACD8-5616B4DAC852}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{805EBC81-6819-47D6-8287-7D1B0DACE878}" = lport=445 | protocol=6 | dir=in | app=system |
"{92B8612A-5559-4EA5-8305-0B6610AFAA84}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9A65325A-F947-4E5F-A4FA-D53ACC61CB76}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{9FA5675C-9097-4064-BF30-BBC726F47F86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A11B86D2-C4DF-4456-BFD6-024A5AAA3C06}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{A38D619F-390B-430B-9AC8-E490B7AE4648}" = rport=138 | protocol=17 | dir=out | app=system |
"{A6DF1276-AC5E-4CC3-9AD1-38A442000245}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF800925-7E28-4BB5-BB5D-58FE1791D508}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B45DEE15-B513-4419-96CF-875CE257DCEE}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5463DCF-4BB8-4848-8F84-5754F7021CF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5D845BE-6729-438C-A2DD-A6669CEE69D0}" = lport=6928 | protocol=6 | dir=in | name=league of legends launcher |
"{B9839485-3972-44E5-9A5E-2F12D01C3998}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BF0F5E27-1E5F-4968-B51F-8F0E429B8287}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C55C4478-EF26-403F-929B-CAC4A9AE60B3}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{CC50B9E2-7BA7-437C-B5CD-9470BBBFD31A}" = lport=6928 | protocol=17 | dir=in | name=league of legends launcher |
"{CD57A496-DF6A-42E4-84FD-C6DBEEE5C512}" = rport=137 | protocol=17 | dir=out | app=system |
"{D27314E8-C634-4644-A644-4D929E9CF2A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9E00BD2-439B-4E4B-81C8-09C1268857A8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{DB00A16F-AFE6-401B-AA2A-DA65647B3C01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E510289D-7B06-4816-A9F2-0537468BAF92}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E55ED77D-75F0-44F0-9BD9-2358B0CD678E}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{E56AE96E-2246-4615-B4AA-1221BBCA8D57}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E75C79E0-06F3-43F8-B8F3-8DA781631683}" = lport=5353 | protocol=17 | dir=in | name=bonjour printer port |
"{E9B1EA18-414C-42B0-832F-962940F6BDF7}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{E9EDE767-6F78-429B-ACE8-42CC288B3C4C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{EFE24FC5-F719-49FA-A7C9-AB0112AE4E65}" = rport=445 | protocol=6 | dir=out | app=system |
"{F794FEC5-DB99-4C6B-A05E-383D52182029}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{FE7FD520-3A42-43A1-B73E-2797A80B6D1A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FEBF1B6F-4E86-4B60-A50E-9EE45D9A944E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FEFC3B67-9E40-4541-A424-4E4320734E4B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E49487-5E94-4BB4-9211-EC23F458D0A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{018927A5-D21D-4B69-957B-FE1059EDB577}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0304C42D-352D-4B80-BA7B-DD07F74FC050}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{06FAEDC8-E7A5-4310-8077-1A8B3EC1880C}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{079AD3B4-18F0-4EEF-8967-295469A6CF63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AA3444C-306D-4A4C-B71E-D053605BF438}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{0CDB400B-611D-4E7F-926A-470AF1BAAB10}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F0CD120-F8E3-46F9-97A1-C4851305F694}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0F2BB173-187C-4482-B320-3DD9906BC02B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{0F80C0BC-DA9B-4568-9790-2F9F2C67A616}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{11F37B83-B90C-4D66-B6F7-5772EFB28F44}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{13DCA866-A6E6-4055-AE23-CB47FDE91EDA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{175B8469-E1B0-4A2E-A7FA-649F59770844}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2277872F-CAF0-480A-9F37-9461C9B34B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{26734C43-EBF6-4A4A-A2B4-FF77776D9764}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{269D2B9D-7FBD-40C5-B605-3B6C993B4FD2}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{28566013-DFBF-465A-8628-0600217E0783}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2A619B47-2DD7-4DB9-AB1E-88F97D42A679}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{30E2775F-10CB-4899-87D4-DEFA06877D51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{3158A02F-5715-455B-B05E-5C2C8F33D1F4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{3228B70E-92B5-46D7-8F81-BEE4E9780FA0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{35666570-00C5-42D8-866A-49726EA992F6}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{3B387C6F-556F-42ED-A9F4-8B3597707439}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{3CCF6C49-2175-4F15-A3AD-66A1B9ECA839}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{40D40F3D-935B-47DC-8BAC-F43988C125A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe |
"{4446CF8F-885D-455A-889A-E1CD9AEDA1CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\pirates, vikings, and knights ii\hl2.exe |
"{450AC78D-5532-433C-B3F1-0032A8400CC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4884D5F0-DB9B-46F3-8E3C-AA6B7FF00FCC}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{499F39EE-27E8-49BE-BDBE-6F4FAD41E244}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4A633ECA-27CE-4CAD-A832-74095F95C673}" = protocol=17 | dir=in | app=c:\users\garet\appdata\local\apps\2.0\qtwe4p5k.r89\l2zwzan4.r61\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{4A8A0284-1C0F-48E7-BDF5-40DD507402CC}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{4C150FE8-BC9D-4622-B47E-0E655A3AD0F6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4C7A0E2C-7BC2-4BE7-843E-FF4500DCF735}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5047F232-659E-499C-B76C-ACDD13A286F7}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{517E782C-B708-4DD8-8594-E10ADD1DBE15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{53E65A2D-4306-493A-917A-9AD5EBB72390}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5800A4D4-4006-43C6-986D-B2081DE421D5}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{58FC8969-621A-46FE-92CF-8CC1BFA51872}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{5B35FDA1-81A9-4AB3-BC46-A15872329D8B}" = protocol=17 | dir=in | app=c:\users\garet\appdata\local\apps\2.0\qtwe4p5k.r89\l2zwzan4.r61\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{5CC9AD98-883C-4821-A513-AF68555F14FE}" = protocol=6 | dir=in | app=c:\users\garet\appdata\local\apps\2.0\qtwe4p5k.r89\l2zwzan4.r61\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{61DADC33-F529-4AF0-A95A-8FD42364A69E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{62141C89-D8EB-44F3-AAE6-127CC37BBE81}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{629DD7A0-2A6A-4C0B-8EEC-9D65E1B80F59}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6309C76B-257C-4595-9F2B-AE29C809FF2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{64994C9B-3436-447E-BC47-7EAFEFFA8359}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{64C3D755-BDD1-4D5B-A64F-69A5F1947E39}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{64CA9117-C054-446B-827B-247271933A70}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{665CB1F0-D252-4C1F-A11F-D0D522C340EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{67AA6C51-017B-4F66-9C6C-DA3DBC748AF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67B2DACA-2574-4A2C-B4CC-023C77D20CF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\pirates, vikings, and knights ii\hl2.exe |
"{682ED9F9-FBF7-4155-AA75-9C57F6E5A251}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{6970FF95-63BA-46B7-AE41-A2D8956044C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6CFE0127-6CD8-4A31-B109-EEC51F22632D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6F283009-4758-43ED-8097-5DF9DBD7E2C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FE8E5D9-8BE2-4751-9DF5-F230284E0093}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{723C0635-4498-4A81-A0F3-04EB290F3A18}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{74C2F6A7-778A-4098-936A-AB444C78256C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{7561AE28-DBBD-4481-97AF-EC728632D7F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{76EE71E5-5AF1-4F78-B62C-64385AB8AA57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zero gear\zerogear.bat |
"{795CA72F-C957-4817-A52F-CC76FD3A5B9F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AFE9476-342B-42E5-9F4F-39821CA2B0A9}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{81FCA626-BDB0-47D7-A9E8-BFADF3CF550E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{837C4486-8E95-402E-B674-515BDB211629}" = protocol=17 | dir=in | app=c:\program files (x86)\tribler\tribler.exe |
"{8453DD20-F6C4-46C9-9B87-87D8064C75DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{890746E6-3B5E-4D17-872B-2212343FE000}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8AA0DA08-B30B-450C-8D4E-231EAEA15955}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\counter-strike source\hl2.exe |
"{8CA71FD7-6729-4FCD-86B7-9310F5411499}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8DE963FF-0AAB-41BF-B1DE-CC950C8D92F5}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{8EF569AA-D0CC-44BE-83BB-87DB2D2E2B0E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{8F24B400-96F4-4A14-A3DC-FA35B06D15A4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9086D093-06E5-490B-814B-E800C3D9E513}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{919A2570-577A-4EF5-866F-49189B791448}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{955FB6E6-4C7C-4950-9E89-ACA4429A7B0A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{957A7CDF-00DA-482C-A7DA-ADD74B01D767}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{969B786B-FBA6-4EE3-9A50-05952C97CD1F}" = protocol=6 | dir=out | app=system |
"{9A06189F-F9EB-418B-A636-14E65992E95B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9BAB9AE3-F3A9-46AC-BC96-4C4C7170F351}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9C1AE84E-71E1-4648-B68F-14AA140AEB1A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{9C3AFD8A-28BD-4215-AB67-BF803911153E}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{9C42CEF1-BDBB-4163-841B-18F1C73EDFC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{9C7BA705-6A40-4C74-87AF-87AEAB3F7A41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zero gear\zerogear.bat |
"{9D970E10-01F3-4B00-A94E-DCD4542D4D54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A0034F6B-AF12-42B1-8912-91513902AC89}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{A0AA44FD-217D-468E-B9A3-FF4ADF740053}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{A26480C5-AE9E-48A2-B886-00649BB405D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A3DBE38A-1F27-4F21-93CF-574F86944B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{A427E5CE-1276-41F5-B5F4-C0F7E43106D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A44572D1-ED2C-44DD-85EA-6AFAF806853A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{A6AB7085-484A-481F-9D92-40917F0ACCE6}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{AAB92E59-CB93-4330-9A9F-876AA51D721E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{AED48936-297C-4ED8-86B1-16C707B8610E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{AED70CF1-8DE3-4529-84FB-D8000FEC6ACF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{B1894E0C-3167-4BC6-AC37-A8031F7FFB15}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B5F81B43-7129-48E9-9DD4-C4E73EABCB3A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B83D392F-CD43-4645-ACC9-AB5C8EDD895A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B85EE3BB-5507-4C4C-B347-5F61550E3AB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{BDA92F15-30FB-4C26-8B60-68CE6CB40120}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{BE02D11D-E2D3-40C3-B0FC-E58F7C7C64F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFC23FA3-69D0-445D-9D4D-5E854EEA25AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe |
"{C026338A-8243-4230-B4AC-D1E77348FA8A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C318BAE4-58A5-40BF-870A-FADAEE958144}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C40C5C85-935E-4291-AD59-E0262D3DFF2C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{C4D44930-5127-4861-88ED-2F60D339F511}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{C795F060-0377-4645-A9BC-068F9FC83B6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CBA5E87F-98F4-4A4B-A976-2F069A3E370D}" = protocol=6 | dir=in | app=c:\users\garet\appdata\local\apps\2.0\qtwe4p5k.r89\l2zwzan4.r61\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{CC1FCB3F-C725-4C88-A482-B83759E8F74A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{CE7477CB-126D-4474-A809-AC95C991B51D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D0FE6F55-2E81-488C-91F6-649FCDE3C3AE}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{D599E282-B1CC-44C6-8C59-18F68342E79E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D757DFA7-F227-443D-9780-496D20E0571C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D7630275-1AB6-4AF8-A675-104CD925E217}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\pirates, vikings, and knights ii\hl2.exe |
"{D8AC2176-4B56-4F6A-AD9C-7F8650F71831}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\counter-strike\hl.exe |
"{DA58C443-7C06-4306-B84A-7023B2B592DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAA4228C-E97E-4400-9BFD-DABBEE519092}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{DD1B14DB-26F1-4C09-8629-E7C9B5924F23}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{DD4F3340-EBC0-4000-B24C-D4601F3B7F6F}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{DD5EEF61-A204-44F7-AD86-D1FEBCB5ED35}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DE0E44A7-29FA-447F-A55A-AEADA4D5891C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{DE157A1E-5195-4CAA-8528-9D38C647279A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{DF0C9CD4-AA1F-420E-B283-EF4996340DF3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E0CBA750-2348-4431-946F-3F6ECF0B35BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{E12AA1DE-3556-472B-9F45-4B96A6BB19A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\counter-strike source\hl2.exe |
"{E258DCA0-CEE8-42E2-9D0A-C21B9821A71E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E2DD4320-8F44-4C75-AE57-68F7F76A960B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E3E4A2B0-4116-4438-A479-D67C92E762AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E7B2A8F1-CF88-4E55-8E55-9EE0EB18BF76}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{E932CA22-9948-4CAA-A20B-7D77559DF8D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\counter-strike\hl.exe |
"{EB46A61E-77B1-4BE8-98A4-E547EB19AFF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2C9A077-CEE4-4E0D-B955-654F7749B933}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{F34CEBBE-1694-4A18-8FD3-A10923CD8C6D}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{F376846A-BDCF-428F-9490-51F379396E0E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F53C3D13-2C01-497C-9F05-8006797B05DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F78F80EE-4B4B-444B-818F-925EEC422810}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{F88249C0-2FE2-4C40-93D7-4C86B4DFB5F0}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{F92E9D60-C0C9-4C4E-8A8B-33AB39C9DE68}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FA9B7C64-0BDC-417B-8874-AFE1FFF8C9A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\pirates, vikings, and knights ii\hl2.exe |
"{FE789329-3D61-4E01-8307-C2D361FEAD1E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FE80870F-B983-44E0-B777-AC81701879EF}" = protocol=6 | dir=in | app=c:\program files (x86)\tribler\tribler.exe |
"TCP Query User{17AA3386-BD48-41E0-A074-B7E00195D227}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |
"TCP Query User{1BEFB942-11BD-4ADB-A4DD-57A3E8102BB0}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"TCP Query User{4D3E691A-973C-4231-9993-8AF054891419}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{741662E1-DE9F-43DA-9CC2-29F31BE0D0B3}C:\program files (x86)\gigabyte\energysaver2\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\energysaver2\updexe.exe |
"TCP Query User{9EEFC4ED-A7E1-45EF-B7D9-BA4F06715F03}C:\users\garet\appdata\roaming\macromedia\flash player\" = protocol=6 | dir=in | app=c:\users\garet\appdata\roaming\macromedia\flash player\ |
"TCP Query User{AF56F230-8402-453D-8D9A-7BB1193A0584}C:\program files (x86)\steam\steamapps\garyk@comcast.net\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\counter-strike source\hl2.exe |
"TCP Query User{B8C7BFB2-5B2D-470B-A64D-310AA3583ABF}C:\users\garet\appdata\local\temp\f269.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\garet\appdata\local\temp\f269.tmp\kmservice.exe |
"TCP Query User{C32E9726-B726-49ED-B514-9F27207F0A3D}C:\users\garet\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\garet\downloads\diablo-iii-8370-enus-installer-downloader.exe |
"TCP Query User{CFAFC12B-F6F1-4597-823B-89242994DAA4}C:\program files (x86)\ryl warfare\lsass.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ryl warfare\lsass.exe |
"TCP Query User{DFCAAE16-34B0-45A2-894A-D1DCACB4DBB5}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{4BCED910-E161-4DB5-8E2A-1BBE5309F7B6}C:\program files (x86)\gigabyte\energysaver2\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\energysaver2\updexe.exe |
"UDP Query User{511EFCCB-B944-4068-8769-8529D0217104}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"UDP Query User{74DA48FC-8BDC-45D6-ABBC-90F87BB767F1}C:\users\garet\appdata\roaming\macromedia\flash player\" = protocol=17 | dir=in | app=c:\users\garet\appdata\roaming\macromedia\flash player\ |
"UDP Query User{7AC736BE-EAD1-48A5-92EC-10ABDC1E73EC}C:\program files (x86)\steam\steamapps\garyk@comcast.net\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\garyk@comcast.net\counter-strike source\hl2.exe |
"UDP Query User{7DA70212-B7C7-4841-A396-953953199D9F}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{8C74AE08-5991-4E70-8309-F68B53BCBA1D}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |
"UDP Query User{9D5A665C-FC4F-42D0-AF2E-E10D8FB7C372}C:\users\garet\appdata\local\temp\f269.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\garet\appdata\local\temp\f269.tmp\kmservice.exe |
"UDP Query User{9F9DF6BF-BFBC-4547-864D-1500CD9A57D5}C:\program files (x86)\ryl warfare\lsass.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ryl warfare\lsass.exe |
"UDP Query User{BDB5DAEB-BB76-4306-B42F-5850A3DAFCBE}C:\users\garet\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\garet\downloads\diablo-iii-8370-enus-installer-downloader.exe |
"UDP Query User{F98D9C9E-5CF8-499B-8E8E-FA56C69B0222}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0167F157-DAB9-46b0-86C4-7C66DDA85B48}" = HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Sandboxie" = Sandboxie 3.44 (64-bit)
"Zune" = Zune

Greckia · May 14, 2012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B9.0722.3
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1" = FVD Suite 2.6.6
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Aika Online: Epic II" = Aika Online: Epic II
"AIM_7" = AIM 7
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BlueJ_is1" = BlueJ 3.0.2
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DragonNest" = DragonNest
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 8" = FL Studio 8
"Garena" = Garena
"HP Photo Creations" = HP Photo Creations
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MapleStory" = MapleStory
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Mumble" = Mumble and Murmur
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"PoiZone" = PoiZone
"SmartDraw 2012" = SmartDraw 2012
"SopCast" = SopCast 3.0.3
"Steam App 10" = Counter-Strike
"Steam App 109410" = Brawl Busters
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 18800" = Zero Gear Demo
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 630" = Alien Swarm
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Toxic Biohazard" = Toxic Biohazard
"Tribler" = Tribler (remove only)
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 5.0.6 beta
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-454221588-1873939912-3221837452-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Greckia · May 14, 2012

There are both of the logs. Everything should be there!

Broni · May 14, 2012

OTL logs are clean

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

===============================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Greckia · May 14, 2012

Here are the first two logs, more coming asap!

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
JavaFX 2.1.0
Java(TM) 6 Update 29
Java(TM) 7 Update 4
Out of date Java installed!
Adobe Flash Player11.2.202.235
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

Farbar Service Scanner Version: 11-05-2012
Ran by Garet (administrator) on 14-05-2012 at 23:13:38
Running from "C:\Users\Garet\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Greckia · May 15, 2012

ESET SCAN
C:\Program Files (x86)\RYL Warfare\warfare.exea variant of Win32/Packed.Enigma.AAA trojancleaned by deleting - quarantined
C:\Users\Garet\Downloads\coretemp_1236.exea variant of Win32/InstallIQ applicationcleaned by deleting - quarantined
C:\Users\Garet\Downloads\freefileviewer_2_1283.exea variant of Win32/InstallIQ applicationcleaned by deleting - quarantined

Broni · May 15, 2012

Uninstall:
JavaFX 2.1.0
Java(TM) 6 Update 29

=============================================

Go Start and in "Start search" type in:
services.msc
Press Enter.

Services window will open.
Scroll down to Security Center service, right click on it, click "Properties" and under "Startup type" select "Automatic" from drop-down menu.
Restart computer, post new FSS log.

Broni · May 20, 2012

Still with me?

Inactive [A] Google redirect virus mess!

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 14 +0

Posts: 14 +0

Posts: 14 +0

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 14 +0

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads